Privacy Policy

Purpose

The purpose of this document is to articulate Circlebase’s Privacy Policy for handling and protecting the privacy of information acquired, accessed, or retained for business purposes or to establish and maintain provided services

Scope

This privacy policy applies to all personal and client information and marketing and sales contacts received by Circlebase, whether in electronic, paper, or verbal format, and does not apply to the data collection practices of any third parties, Circlebase customers, or any partners or affiliates of Circlebase. Also, please note that the use of Circlebase’s website constitutes acceptance of this Privacy Policy.

Circlebase Privacy Statement

Protecting privacy is important to Circlebase. Circlebase and its wholly-owned India subsidiaries, (hereinafter collectively referred to as the “Circlebase,” “we,” “us” or “our”) comply with various laws/regulations regarding the protection of financial, Personal Information (PI), Personally Identifiable Information (PII) and Protected Health Information (PHI) data.Circlebase acts in compliance with International and GDPR, Federal and applicable state privacy laws, as well as HIPAA, HITECH, and Omnibus rules to safeguard the privacy of Protected Health Information (PHI).

This privacy policy outlines our general policy and practices, including the types of information we gather, how we use it, and the notice and choice affected individuals have regarding our use of and their ability to correct that information. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Data collected by Circlebase:

As a corporate entity we handle, store, and protect personnel and human resources data for the purposes of administering and carrying out the employment or personnel relationship for Circlebase employees and contractors. Human Resources/Personnel Data may include Personal Data/Personal Information (PI), Personal Identifiable Information (PII), and/or Protected Health Information (PHI).

We handle, store, and protect customer data, which varies according to the purposes of the business services provided to potential and current customers in support of marketing and sales activities for improving services and/or maintaining marketing/customer relationships as well as other pertinent business contact data.

Furthermore, we may acquire, store, and transmit customer communications and customer operational information, which customers may regard as confidential, private, or sensitive as part of the customer service relationship. This customer classified data may or may not include Personally Identifiable Information (PII) and/or Protected Health Information (PHI).

Personal Information Collected and Methods of Collection-Customers and Prospective Customers:

From prospective customers, we collect the following information:

  • First Name
  • Last Name
  • E-Mail
  • Phone Number
  • Company
  • Title (optional)

During the sales process, Circlebase may also collect additional information from either the individual or their employer in order to facilitate communication (e.g. additional phone numbers, addresses, etc.). This information is collected from the individual themselves either through the “Contact Us” feature of the Circlebase website, by filling out physical forms at events, or by correspondence with Circlebase such as a phone call or email. Information collected during the sales process shall be retained only if there is legitimate business use.

Visitors, may when accessing our offices have the following information collected:

  • First Name
  • Last Name
  • Address

Data collected for the scanning process will be removed after the visitor no longer actively visits our premises. Data may also be removed if customer/visitor requests or if we no longer have a business reason to continue the scan.

Children’s Information

We will not knowingly market to, collect, or store any personal information from individuals under the age of 18. Use of our website shall be limited to individuals 18 years of age or older.

Use of Cookies

Our customer portal uses “session” cookies for storing information about user activities during that browser session so the server can keep track of options the user chose, decide what page they should see next, and otherwise help make the site useful to the user. These session cookies are destroyed when the browser is closed.

The use of our public website (www.Circlebase.com) allows users to accept the placement of cookies on their device to enhance the browsing experience and support marketing automation tools and analytics. These cookies are used to measure how users interact with website content (how many are returning visitors, where they came from, how often they come back, how many pages they viewed, etc.) for marketing purposes. This information is used internally and is not shared with third parties. If users do not accept the placement of cookies, a set of cookies used only for visitor analytics is used in accordance with European Commission proposal 2017/0003 (COD), Article 8, Section 1. (d).

This information is not shared with third parties

For more information regarding the privacy of Google Analytics cookies, please go here: https://support.google.com/analytics/answer/6004245.

It is possible to install an Add-on to your browser to opt-out of all Google Analytics by going here: https://tools.google.com/dlpage/gaoptout.

Use of Audio, Video, Image, and Teleconference Recording

During business, we may create and retain digital recordings or images for specific use cases such as images for entrance to an office, video recordings of people in the offices, and

teleconference meetings. We create recordings of audio and/or visual information during these events for business purposes of quality assurance, record-keeping/documentation, protection of assets, incident prevention, and/or security/legal/contractual obligations. Recordings shall only be retained for as long as required for business use. Data subjects are notified of video surveillance and recording through signs posted at the entrances to our offices where applicable. Data subjects are notified of teleconference meeting recordings through a flashing “recording in progress” icon, audio announcements, system announcements, or meeting invite messages.

Personal information will be:

  • Used only for the purposes identified at collection or in the notice and only if the individual has provided implicit or explicit consent unless a law or regulation specifically requires otherwise.
  • Retained for no longer than necessary to fulfill the stated purposes, or for a period specifically required by law or regulation.
  • Disposed of in a manner that prevents loss, theft, misuse, or unauthorized access.

We acknowledge that individuals have the right to access the personal information that we collect and maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete data under the right to erasure, should direct his query to legal@circlebase.com. If requested to remove data, we will respond within 30 days.

Choice and Consent

Circlebase shall offer individuals the opportunity to choose (to opt-in or opt-out) whether their Personal Information is (1) retained for the purpose of a potential or existing business relationship, (2) to be disclosed to a third party, or (3) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, Circlebase will give individuals the opportunity to affirmatively or explicitly (opt-out) consent to the use of their information or the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. We shall treat Sensitive Personal Information received from an individual the same as the individual would treat it. The consequence of not providing consent is the inability of the requestor to access certain information and a lack of exchange of appropriate services between us and the requester, which is also subject to terms of any existing agreements between the parties. If there are any additional consequences for refusing to provide personal information or of denying or withdrawing consent to use personal information, individuals will be informed of this when the personal information is collected.

Onward Transfers / Disclosures to Third Parties

Personal information collected by Circlebase shall be disclosed to third parties only for the purposes described in the notice, and for which the individual has provided implicit or explicit consent, unless a law or regulation specifically requires or allows otherwise. Third parties who have legal agreements with us shall protect personal information in a manner consistent with the relevant aspects of our privacy policies or other specific instructions or requirements and are subject to law providing the same level of privacy protection as is required by law. We shall take remedial action in response to the misuse of personal information by a third-party vendor/subcontractor to whom we have disclosed such information. Prior to disclosing Personal Information to a third party for purposes other than which it was originally collected or subsequently authorized by the individual, we shall notify the individual of such disclosure and allow the individual the choice (opt-out) of such disclosure. In cases of onward transfer to third parties (vendors/sub-contractors) of data of EU, UK, and Swiss individuals received pursuant to contractual agreements. Circlebase is liable unless Circlebase proves that it is not responsible for an event giving rise to potential damage.

Law Enforcement and National Security Requests

We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. To date, we have never been requested by the U.S. government to provide access to any Personal Information under the Foreign Intelligence Surveillance Act (FISA) or otherwise.

Data Security

We shall take reasonable steps to protect the Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration, or destruction. Further, we require that employees keep customer information confidential. We caution our customers and website visitors that no medium of communication, including the Internet, is entirely secure. Accordingly, we cannot guarantee the security of information on or transmitted via the Internet and is not responsible for loss, corruption, or unauthorized acquisition and use of personal information provided to our website, or for any damages resulting from such loss, corruption, or unauthorized acquisition or unauthorized use.

Data Integrity

Individuals are responsible for providing us with accurate and complete personal information, and for contacting us if correction of such information is required. We shall only process Personal Information in a way that is compatible with and relevant to the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, we shall take reasonable steps to ensure that Personal Information is collected and maintained so that it is accurate, complete, current, and reliable for its intended use.

ACCESS TO PERSONAL INFORMATION (PI, PII, ePHI)Transparent Personal Information, Time Frame, and Cost

We shall, upon request, allow individuals access to their Personal Information for data that we have collected. Personal information will be provided to the individual in a concise, transparent, intelligible, and easily accessible form, in a reasonable timeframe, and at a reasonable cost, if any. Requests for Personal Information that is controlled by a customer will be routed to the appropriate customer privacy representative. We will assist customers with such requests pursuant to their applicable Agreement and/or SOW.

Updating, Correcting, Amending, or Deleting Personal Information

We shall, upon request, allow data subjects to update, correct, amend or delete personal information held and controlled by us, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. If practical and economically feasible to do so, Circlebase shall provide such updated or corrected information to third parties that previously were provided with the individual’s personal information.

We cannot process direct requests from data subjects to update, correct, amend, or delete personal information controlled by its customers. Such requests will be routed to the appropriate customer privacy representative. Handling such requests and communication with data subjects where personal information is controlled by our customers is the responsibility of each customer. We will assist customers with such requests pursuant to the Agreement and/or SOW.

Identity Confirmation

We shall authenticate the identity of individuals who request access to their personal information before they are given access to that information.

Denial of Access

Circlebase shall inform individuals, in writing, of the reason a request for access to their personal information was denied, the source of the entity’s legal right to deny such access, if applicable, and the individual’s right, if any, to challenge such denial, as specifically permitted or required by law or regulation.

Statement of Disagreement

We shall inform individuals, in writing, about the reason a request for correction of personal information was denied, and how they may appeal.

Enforcement / Monitoring

We use self-assessment and monitoring to assure compliance with this privacy policy and periodically verify that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible, and in conformity with the principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of Personal Information in accordance with the principles.

If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using (an independent resource mechanism) as a third-party resolution provider.

EU-U.S. and Swiss-U.S. Privacy Shield Framework

We follow the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from the European Union, the United Kingdom, and Switzerland to the United States.

DISPUTE RESOLUTION

If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using (an independent resource mechanism) as a third-party resolution provider. Complaints regarding this privacy policy should first contact Circlebase at:

Circlebase Inc.
Attn: Compliance Officer
One Towne Square, 6th
floor Southfield, MI 48076
Email: legal@circlebase.com

In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles and the GDPR, we commit to resolving complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom, and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Circlebase at:

Circlebase Inc.
Attn: Compliance Officer
One Towne Square, 6th floor
Southfield, MI 48076
Email: legal@circlebase.com