Dated June 29, 2020

Thank you for visiting our site. We appreciate the importance of your trust and have set forth this Privacy Policy to explain how Code and Theory LLC and Code and Theory London Limited (“Code and Theory” “we”, “us”, or “our”) collect, protect, share and use your information through our website, codeandtheory.com (the “Site”). Please note that this Privacy Policy applies solely to information that we collect on this Site and does not apply to any information that we collect through other methods or services, including websites owned or operated by our affiliates, vendors or partners. Please exit the Site immediately if you do not accept this Privacy Policy or are accessing the Site in a country or other territory where use of the Site is not permitted. You or your company is the data controller of any personal data you provide to us, including in relation to this Site.

The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with additional rights with respect to their personal information. Those rights are explained below in Section 7 (Your Rights Under CCPA). This Privacy Notice includes certain disclosures required under CCPA.

Code and Theory’s data protection officer is Ben Cifuentes, IT Support Technician, who can be reached at dpo@codeandtheory.com.

This Privacy Notice explains the following:

In the Definitions section of this Privacy Notice, we explain what is meant by “personal data”, “personal information” and other terms used in this notice.

1. INFORMATION WE MAY COLLECT

The type of information we collect will depend on the circumstances and the service you are using. Generally speaking, we will collect information relating to you and/or your use of our services in the following ways:

Information relating to your use of the website

We and our third-party service providers use cookies and other tracking tools to automatically collect information about how you use our website. This includes information relating to the pages you visit on our website, the services or information you search for and the links and content you choose to access on our website. We may use this information to provide you with relevant content and to inform our marketing strategy. This type of activity is known as “profiling” – using automated means to process your personal data to analyze or predict your personal preferences, interest or behaviors. You may object to profiling (see Section 5 of this Notice, below)

Technical data

We and our third-party service providers automatically collect information about the device(s) you use to access our website. This includes collecting information about the type of device you are using, as well as unique mobile device ID or the internet protocol (IP) address online identifiers, which are numbers that can uniquely identify a specific computer or other network device on the internet. This information is linked to a cookie ID, which we receive and process. You may find more information on the cookies we use and the purposes for which we use them on our Cookie Notice below. We also collect information about your internet service provider and domain name and the type of browser and operating system you are using.

Contact data

We collect contact details directly from you when you sign-up to receive email alerts, attend one of our events, download our content, subscribe to our newsletters or where you ask us to respond to a query you have. The personal data we collect may include your name, email address, employer and job title, and location.

Marketing and communications preferences

We collect information about your preferences in receiving marketing information from us and your communication preferences.

2. HOW WE USE THIS INFORMATION

Except where required by law or court order, we use your personal data for the following purposes:

  • to deliver the specific information or services you have requested;
  • to enable the download of our content;
  • to send you newsletters and advertising messages (these may contain information relating to our brands and services);
  • respond to your requests and feedback;
  • to analyze and/or improve our websites and services; and
  • to protect you or your company, our websites, customers, employees, and business partners from fraud or other malicious activity.

In the table below we set out further information about the purposes for which we use your personal data and the legal basis we rely on for its use. Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. In the second column, we also specify how such personal data is categorized under CCPA. For more information about the categories of personal information under CCPA, see Your Rights Under CCPA.

Purpose/Activity

Types of personal data that may be processed

Lawful basis for processing including basis of legitimate interest

To send you information about our services:

To send you information which you have requested e.g. newsletters or publications in accordance with your specified preferences

(a) Name

(b) Email address

(c) Company

(d) General location (Identifiers: personal information; professional or employment related information)

Where you have requested information from us, such as newsletters, publications or event invitations, we send such communications based on your consent.

You can ask us to stop such communications at any time by clicking on the unsubscribe link at the bottom of the message.

To improve and develop our website:

We conduct statistical analysis on your usage of the website e.g. to enable us to improve our website, offer new features and material etc.

(a) Technical (b) Usage

(Identifiers: internet or other similar network activity)

Necessary for our legitimate interest (to define types of clients for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).

To deliver relevant content to you, and measure or understand the effectiveness of the content we serve to you.

(a) Name (b) Email address (c) Company (d) General location (e) Usage (f) Marketing and communications (g) Technical

(Identifiers; personal information; professional or employment related information; internet or other similar network activity)

Necessary for our legitimate interests (to study how clients use our service and engage with our content. To develop our service, to grow our business and to inform our marketing strategy).

To respond to any enquiries or feedback that you send us

To update you with any changes to our terms and conditions/other policies

(a) Name (b) Email address (c) Company (d) General location

(Identifiers; personal information; professional or employment related information)

It is in our legitimate interest to respond to communications that you send to us, inform you of relevant information in relation to the services that we provide and utilize your information to improve our business.

To send you information on our products and services relevant to your needs

(a) Name (b) Email address (c) General Location (d) Usage

(Identifiers; personal information; internet or other similar network activity)

It is our legitimate interests to work out which of our products or services may interest you and tell you about them.

To protect this website, our company, our employees, and our users from malicious attacks, hacking, fraud, or other illegal or unauthorized activity

(a) Name (b) Email address (c) General Location (d) Usage (e) Technical

(Identifiers; personal information; geolocation data; internet or other similar network activity)

It is our legitimate interests to investigate and take steps to prevent potential fraud or other wrongdoing.

To share information with our service providers.

(a) Name (b) Email address (c) Usage (d) Marketing and communications (e) Technical

(Identifiers; personal information ; internet or other similar network activity)

It is our legitimate business interest to share your data with trusted third parties who provide us with services relevant to the provision of our website.

To share information within the Our group for business purposes.

(a) Name (b) Email address (c) Location (d) Usage

(Identifiers; personal information; internet or other similar network activity)

As Our group operates as a global operating company, it is our legitimate business interest to share your data within the Our group in order to manage our business effectively and provide our products and services.

To share information with other third parties, such as regulator and law enforcement agencies

(a) Name (b) Email address (c) Location (d) Usage (e) Technical

(Identifiers; personal information; internet or other similar network activity; geolocation data)

We share your data as necessary for compliance with any legal obligation to which we are subject or in order to satisfy our legitimate business interests.


3. INFORMATION SHARING AND DISCLOSURE

Information shared within the Our group

Our group is a globally operating group consisting of multiple companies. Therefore, we may from time to time disclose your personal data within our group of companies. All of the categories of personal information under CCPA (see Your Rights Under CCPA) may be shared (and have been shared within the last 12 months) within our group of companies.

Information shared with our third-party service providers

We use a number of third parties to perform business functions on our behalf, such as sending our newsletters and hosting our online services and customer relationship management. We will disclose personal data to these vendors and service providers to enable them to provide their services. These third parties have contracted with us to only use personal information for the agreed upon purpose, and not to sell your personal information to third parties, and not to disclose it to third parties except as may be required by law or as stated in this Privacy Policy. All of the categories of personal information under CCPA (see Your Rights Under CCPA) may be shared (and have been shared within the last 12 months) with our third-party service providers.

Information shared due to corporate mergers or restructuring

We may disclose personal data with any successor to all or part of our business. For example, if part of our business is sold, we may give our customer list as part of that transaction. All of the categories of personal information under CCPA (see Your Rights Under CCPA) may be shared with any successor for this purpose.

Information shared with other parties as required by law or to prevent or investigate illegal activities

Where required or permitted by law, personal data may be provided to others, such as regulator and law enforcement agencies, for example in response to a court order or a subpoena, or in response to a law enforcement agency’s request, or where we believe it is necessary to investigate, prevent or take action regarding illegal activities or to protect you or your company, our websites, customers, employees, and business partners from fraud or other malicious activity, and as otherwise required by law. All of the categories of personal information under CCPA (see Your Rights Under CCPA) may be used by us or shared with other parties for these purposes.

We may use and share personal data as otherwise disclosed to you from time to time when collecting your personal information or as otherwise permitted by law. All of the categories of personal information under CCPA (see Your Rights Under CCPA) may be used by us or shared with other parties for these purposes.

We do not sell or rent any personal data about you to any third party, and have not done so within the past 12 months.

4. INTERNATIONAL AND GROUP COMPANY TRANSFERS

Our group is a globally operating group consisting of multiple companies. Therefore, we may from time to time disclose your personal data within our group of companies. Some of our group companies are located outside the European Union (“EU”) or European Economic Area (“EEA”), but we implement and maintain policies designed to ensure the security of such disclosures and transfers in accordance with the applicable privacy and data protection laws.

If you reside in the EU or EEA, we will only transfer your personal data outside the EU or EEA where we are satisfied that adequate levels of protection are in place designed to protect the integrity and security of any information being processed in compliance with applicable privacy and data protection laws. These measures may include, as applicable, the use of standard contractual/data protection clauses adopted by the European Commission and where transfers are to the United States of America, the EU-US Privacy Shield, Swiss-US Privacy Shield or your consent. Where we transfer personal data between our group companies we have covered these transfers by entering into standard contractual clauses adopted by the European Commission.

You may request further information on the measures used for such transfers via the contact details given in this Privacy Notice.

5. YOUR CHOICES

You have certain choices about how we use your information.

You can control cookies and tracking tools. To learn more about your choices related to cookies and our Do Not Track Policy, please see our Cookie Notice.

You may choose not to receive marketing communications from us. You can ask us to stop such messages at any time by clicking on the “unsubscribe” link at the bottom of Our messages. Please note that even if you choose not to receive marketing communications from us, you still may receive non-marketing communications, such as responses to your inquiries or notices regarding your account or our relationship with you.

6. YOUR EU/EEA RIGHTS

Under EU data protection law we are required to advise you on the legal basis for processing your personal data. For the most part, the processing of your personal information is based either on a) our legitimate interests related to us providing you services you have requested or otherwise your customer relationship with us, or b) your consent, where requested.

Where provided under applicable law, you may have the following rights:

  • Object to our processing of your personal data where we are relying on legitimate interest (or those of a third-party), and you want to object to processing on this ground, as you feel it impacts on your fundamental rights and freedoms. You also have a right to object where we are processing your personal data for the purposes of direct marketing or profiling. You can object at any time and we shall stop processing the information you have objected to, unless we can show compelling legitimate grounds to continue that processing.
  • Access your personal data. If you make this kind of request and we hold personal data about you. We are required to provide you with information on it, including a description and copy of the personal data and why we are processing it. We will require you to prove your identity before granting access to your personal data. We will process your request within the timeframe required under the relevant law.
  • Request the transfer of your personal data. We will provide to you or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note, this right applies to the personal data you have provided to us; and if we use your personal data on the basis of consent or where we used the information to perform a contract with you.
  • Request erasure (deletion) of your personal data. You have a right to ask us to delete or remove your data where you have successfully exercised your right to object (see above), or where we are required to erase your personal data to comply with local law. Please note, we may be required to retain certain information by law and/or for our own legitimate business purpose. But when we do so, we will inform you
  • Request correction or updating of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected.
  • Request the restriction of our processing of your personal data in some situations. If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place.
  • Withdraw your consent. Where you have provided your consent to our processing of your personal data you can withdraw your consent at any time. If you do withdraw consent, that will not affect the lawfulness of what we have done with your personal data before you withdrew consent.
  • Make a Complaint. We will do our best to resolve any complaint. However, if you feel we have not resolved your complaint, you have a right to make a complaint to your local data protection authority. For example, in the UK, the local data protection authority is the UK Information Commissioner's Office.

If you exercise the rights above and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.

7. YOUR RIGHTS UNDER CCPA

This section describes the rights that residents of California have and in other jurisdiction as provided by local law, and how to exercise such rights.

1. Right to Know about Personal Information Collected, Disclosed or Sold

You have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:

  • The categories of personal information we collected about you.
  • The categories of sources from which the personal information is collected.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).

2. Right to Request Deletion

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records. However, we may retain personal information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.

3. Exercising Access and Deletion Rights

Please submit a request to us by emailing us at dpo@codeandtheory.com. Call Toll Free Number: 866.467.8688 and entering service code 222#

Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. You may also make a request on behalf of your minor child.

The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information (including information that reasonably enables us verify the identifying information we currently maintain about you) that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative.

We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.

4. Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including, but not limited to, by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

8. OUR RESPONSIBILITY FOR WEBSITE LINKS

This Privacy Notice is limited to the personal data collected by Code and Theory. We do provide links within this site to other websites, including social media sites such as Instagram, Twitter and LinkedIn. If you follow these links, your use of these sites will be governed by their applicable user and privacy notices since their data practices fall outside the scope of this Privacy Notice. Further, we can have no responsibility for or control over the information collected by any third-party website and we cannot be responsible for the protection and privacy of any information which you may provide on such websites.

9. UPDATES

This Privacy Notice may be updated from time to time to reflect changes in law, best practice or a change in our practices regarding the treatment of personal data. The date of the most recent revision will appear at the top of this page. If you do not agree to the changes, please do not continue to use our services and please refrain from sharing your personal data with us. You should check this notice frequently for updates.

10. CHILDREN

This website is not intended for children aged 13 or under. We do not actively seek to collect personal data about children aged 13 or under. If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child under the age of 13 may have entered personal data onto our website, please contact us at dpo@codeandtheory.com. We will delete such personal data from our records or seek verifiable parental or legal guardian consent to retain such information within a reasonable time.

11. CONTACT US

Please feel free to contact us if you have any questions about this Privacy Policy at legal@codeandtheory.com.

Definitions

In this Definitions section, we explain some of terminology used in this Privacy Notice.

“data controller” – the person or company that controls the purposes and means of processing personal data.

"personal data" – any information that relates to you (or from which you can be identified).

personal information” – information that identifies, relates to, describes, references, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. “Personal information” excludes information that is lawfully made available from federal, state or local government records as well as de-identified or aggregated information.

“processing” – means doing anything with data. For example, it includes collecting it, holding it, disclosing it and deleting it.

“profiling” - using automated means to process personal data in order to work out certain things about people, like analysing or predicting their performance at work, reliability, economic situation, personal preferences, interests, behaviour, location or movements.

"transfer" – sending personal information outside the European Economic Area (e.g. by storing it on equipment located outside the European Economic Area), or allowing someone from outside the European Economic Area to access the personal information.

COOKIE NOTICE

Please read below for more information on the cookies we use, the purposes for which we use them, and how to reject cookies.

How we deploy “cookies”

Cookies are small packets of information stored by your web browser when you visit certain websites, including our website. Cookies are generally used by websites to improve your user experience by enabling that website to ‘remember’ you, either strictly for the duration of your visit (using a “Session” cookie which is erased when you close your browser) or for repeat visits (using a “Permanent” cookie).

We do not use cookies to store any personally identifiable information about you. However, please be advised that in some countries data such as cookie IDs and IP-/MAC- addresses are considered to be personal information. To the extent we process such data that is considered personal information, this will be done in accordance with our Privacy Notice.

Our site uses the following types of cookies:

Strictly Necessary Cookies

These cookies are necessary for the Site to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences or filling in forms.

You can set your browser to block or alert you about these cookies, but some parts of the Site will not then work. These cookies do not store any personally identifiable information.

The strictly necessary cookies are listed below:

Name

Description

Hostname

OptanonConsent

OneTrust

codeandtheory.com

__cfduid

OneTrust

onetrust.com


Functional Cookies

These cookies allow our sites to remember choices you make (such as user name, or region you are in) and provide enhanced, more personal features. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.

The functionality cookies are listed below:

Name

Description

Hostname

__cfduid

CloudFlare Cookie

momentjs.com

__cfduid

HubSpot

hs-scripts.com

lfuuid

Lead Forensics

secure.perk0mean.com

vuid

Vimeo

vimeo.com

hubspotutk

HubSpot

codeandtheory.com

__cfduid

HubSpot

hs-analytics.net

lfuuid

Lead Forensics

www.codeandtheory.com


Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Site. They help us to know which pages are the most and least popular and see how visitors move around the Site.

All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our Site, and will not be able to monitor its performance.

The performance cookies are listed below:

Name

Description

Hostname

_ga

Google Analytics

codeandtheory.com

__hssc

HubSpot

codeandtheory.com

_gid

Google Analytics

codeandtheory.com

__hstc

HubSpot

codeandtheory.com

_gat_UA-91795-1

Google Analytics

codeandtheory.com

__hssrc

HubSpot

codeandtheory.com

hsfirstvisit

HubSpot

codeandtheory.com


Targeted Cookies

These cookies may be set through our Site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.

They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Name

Description

Hostname

__cfduid

HubSpot

hubspot.com


How to reject cookies

Our Do-Not-Track Policy: If you don’t want to receive cookies, you can alter your browser settings. The procedure for doing so varies from one browser application to another. If you wish to reject cookies from our site, but wish to accept those from other sites, you may choose the option in your browser settings to receive a notice before a cookie is stored on your device. If you block or reject cookies, not all of the tracking described below will stop. Please consult the “Help” section of your browser for more information.

To find out more or to opt out of having your online behavior collected for advertising purposes, please consult the following: www.youronlinechoices.com (for EU users) or http://optout.aboutads.info/?c... (for U.S. users). Choices you make are device-specific and browser-specific. By disabling cookies, you may be prevented from accessing some features of our site or certain content or functionality may not be available.

For questions on our privacy policy and to speak with our legal team, please contact legal@codeandtheory.com.