Aptima Privacy Policy (this “Privacy Policy”)
Last revised and effective as of: July 14, 2026
This Privacy Policy applies to information collected by Aptima, Inc. (“Aptima”, “we”, “us”, or “our”) through your use of the Aptima website at https://aptima.com/ and any subdomains thereof (the “Site”) and the services, features, and information available on the Site and/or any mobile applications we may offer (together with the Site, along with associated and successor websites, applications, features, information, and services, or any part thereof, the “Service”).
Please note that this Privacy Policy does not apply to you to the extent you are applying for a job via the Site.
As used herein: (a) “you” and “your” mean a user of the Service; (b) “GDPR” means the General Data Protection Regulation (EU) 2016/679; (c) “UK Data Protection Laws” means the UK GDPR and the UK’s Data Protection Act 2018 (“UK DPA 2018”); (d) “UK GDPR” means the UK equivalent of the GDPR, as defined in section 3(10) (and as supplemented by section 205(4)) of the UK DPA 2018; (e) “European Data Protection Laws“ means the GDPR and/or UK Data Protection Laws, in each case to the extent applicable; and (f) the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within Aptima or among our Corporate Affiliates within the United States or internationally.
If an organization with which you are associated (an “Organization”) signs up to use our services, we may receive information about you in connection with our provision of such services to your Organization. To the extent we process that information solely in order to provide such services to your Organization, we will act as a processor on behalf of your Organization in respect of that information, which means: we will handle that information solely at the direction of your Organization; your Organization’s privacy policy (and not this Privacy Policy) will apply to the processing of that information; and your Organization (and not us) is responsible for obtaining all necessary consents and providing you with all requisite information as required by applicable law. To the extent we process your information for any other lawful business purpose of ours, this Privacy Policy will apply to the processing of such information.
This Privacy Policy serves to notify you of the following:
- What information about me is collected?
- Where and when is information collected (including through the use of cookies and action tags)?
- Is information submitted to the Public Areas of the Service private?
- Does Aptima collect information from children under 13 years of age?
- What does Aptima do with the information it collects?
- When does Aptima disclose information to third parties?
- Does this Privacy Policy apply when I click a link to other websites or services?
- Is the information collected through the Service secure?
- Could my information be transferred to other countries?
- For how long will my information be kept?
- What choices do I have regarding my information?
- How will I know if there are any changes to this Privacy Policy?
- Who do I contact if I have any privacy questions?
- Privacy Notice for California Residents.
1. WHAT INFORMATION ABOUT ME IS COLLECTED?
In connection with your use of the Service, we may collect information about you. Such information may include your name, e-mail address, organization or branch, and any information that you choose to share through the Service.
We may also collect other information that in some cases may be identifiable, such as IP address, demographic information, general geographic information (e.g., city, state, or country), browser types, operating system, unique device identifiers, device types, requested URL, referring URL, browser language, the pages you view, session duration, the date and time of your visit, domain names, and statistical data involving the use of the Service. To the extent any such information can be used to identify you or can be tied to you in an identifiable manner, such information amounts to ‘personal data’ for the purposes of and as defined in the European Data Protection Laws (to the extent applicable).
2. WHERE AND WHEN IS INFORMATION COLLECTED (INCLUDING THROUGH THE USE OF COOKIES AND ACTION TAGS)?
General Sources
We may obtain your information in the following ways:
- We will collect information that you submit to us; and
- If you identify yourself to us by communicating with us including by sending us an e-mail with questions or comments.
Registering to Use the Service and in the Course of Using the Service.
You may be required to establish an account in order to take advantage of certain features of the Service. If so, if you wish to establish an account you may be required to provide us with certain of the information described in Section 1.
Cookies and Action Tags.
We may collect information passively using “cookies” and “action tags.”
“Cookies” are small text files that can be placed on your computer or mobile device in order to identify your web browser and the activities of your computer on the Service and other websites. Cookies can be used to personalize your experience on the Service (such as dynamically generating content on webpages specifically designed for you), to assist you in using the Service (such as saving time by not having to reenter your name each time you use the Service), to allow us to statistically monitor how you are using the Service to help us improve our offerings, and to determine the popularity of certain content.
In addition to cookies that we may place on your computer or mobile device, cookies might also be placed on your computer or mobile device by third parties that we use to provide analytics-related services. In the course of providing such analytics-related services, such third-party analytics service providers could place or recognize unique cookies on your browser.
You do not have to accept cookies to use the Service. Although most browsers are initially set to accept cookies, you may reset your browser to notify you when you receive a cookie or to reject cookies generally. Most browsers offer instructions on how to do so in the “Help” section of the toolbar. However, if you reject cookies, certain features or resources of the Service may not work properly or at all and you may experience some loss of convenience.
For the avoidance of doubt, the Service uses third-party service platforms (including to help analyze how users use the Service). These third-party service platforms may place cookies on your computer or mobile device. If you would like to disable “third party” cookies, you may be able to turn them off by going to the third party’s website.
Here are links to the main third-party platforms we may use:
- https://www.google.com/policies/privacy/
- https://www.cloudflare.com/cookie-policy/
- https://wpengine.com/legal/privacy/
“Action tags,” also known as web beacons or gif tags, are a web technology used to help track website usage information, such as how many times a specific page has been viewed. Action tags are invisible to you, and any portion of the Service, including e-mail sent on our behalf, may contain action tags.
By using cookies and action tags together, we can gain valuable information to improve the Service and measure the effectiveness of our marketing campaigns. We may also combine information collected from cookies with information that you may provide, such as information provided in a form that you complete.
Finally, you should be aware that third parties may use their own cookies or action tags when you click on a link to their websites or services on or from the Service. This Privacy Policy does not govern the use of cookies or action tags or the use of your information by such third-party websites or services.
Log Files.
We also collect information through our Internet log files, which record data such as user IP addresses, browser types, domain names, and other anonymous statistical data involving the use of the Service. This information may be used to analyze trends, to administer the Service, to monitor the use of the Service, and to gather general demographic information. We may link this information to other information about you for these and other purposes such as personalizing your experience on the Service and evaluating the Service in general.
Public Areas.
The Service may feature various community areas and other public forums (the “Public Areas”) where Service users can share information and post questions for others to answer. These Public Areas are open to the public and should not be considered private. We cannot prevent information included within a Public Area from being used in a manner inconsistent with this Privacy Policy, the law, or your personal privacy. We are not responsible for the results of such postings or for the accuracy of any information contained in those postings.
Any information you share in a Public Area is by design open to the public and is not private. You should think carefully before posting any information in any Public Area. What you post can be seen, disclosed to or collected by others and may be used by others in ways we cannot regulate or predict. As with any public forum on any website, the information you post may also show up in third-party search engines like Google, Yahoo, and Bing. If you mistakenly post information in a Public Area, you can send us an e-mail to request that we remove it by contacting us in accordance with Section 13. You should understand that in some cases, we may not be able to remove your information.
3. IS INFORMATION SUBMITTED TO THE PUBLIC AREAS OF THE SERVICE PRIVATE?
No. Any information shared in the Public Areas of the Service is available to the public, including to all users. Such information is not treated as confidential. If you wish to keep any information private or proprietary, do not submit it to the Public Areas of the Service. NOTWITHSTANDING THE FOREGOING, WE HAVE NO RESPONSIBILITY OR LIABILITY IF A USER’S INFORMATION OR IDENTITY IS MISUSED OR STOLEN, OR IF A USER SUFFERS HARM AS A RESULT OF VOLUNTARY DISCLOSURES.
4. DOES APTIMA COLLECT INFORMATION FROM CHILDREN UNDER 13 YEARS OF AGE?
We are committed to protecting the privacy of children. The Service is not designed for or directed to children under the age of 13. We do not collect information from any person we actually know is under the age of 13.
5. WHAT DOES APTIMA DO WITH THE INFORMATION IT COLLECTS?
Pursuant to the European Data Protection Laws, legal bases for our processing your information may include (without limitation):
(a) where you have given consent to the processing, which consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal;
(b) where it is necessary to perform the contract we have entered into or are about to enter into with you (whether in relation to the provision of the Service or otherwise);
(c) where it is necessary for us to comply with a legal obligation to which we are subject; and/or
(d) where it is necessary for the purposes of our legitimate interests (or those of a third party) in providing, improving, or marketing the Service and your interests or fundamental rights and freedoms do not override those legitimate interests.
In addition to the above, we may use the information collected in the following ways:
- to provide the Service to you and process your transactions;
- to help us understand who uses the Service;
- for internal operations such as operating and improving the Service;
- to contact you for customer service and billing purposes;
- to facilitate the delivery of analytics;
- when we believe it is necessary or appropriate to enforce our legal rights and to comply with applicable laws, lawful requests, and legal process (including to meet national security or law enforcement requirements), such as to respond to subpoenas or requests from government authorities;
- to communicate with you, including to send you a welcoming e-mail that may confirm your username and password;
- unless you opt out (to the extent permitted by applicable law), we and third parties acting on our behalf may send you electronic newsletters, contact you about the Service, products, services, information and news that may be of interest to you, and provide you with targeted feedback;
- to send announcements and updates regarding the Service or, if applicable, about your billing account status (please note that you will not be able to unsubscribe from these Service announcements and updates as they contain important information relevant to your use of the Service and are necessary for the performance of our contract with you or your Organization);
- to perform statistical analysis of user behavior or to evaluate and improve the Service, and to link some of this information to other information for internal purposes or to improve your experience with the Service; and
- to anonymize your information (so that it can no longer be associated with you), in which case we may use and/or disclose such anonymous information for our lawful business purposes and we will use reasonable safeguards designed to minimize the risks associated with the process of anonymizing your information.
6. WHEN DOES APTIMA DISCLOSE INFORMATION TO THIRD PARTIES?
We generally disclose information we gather from or about you to the following types of third parties and as otherwise set forth in this Privacy Policy or as specifically authorized by you.
Laws and Legal Rights.
We may disclose your information if we believe in good faith that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. We may disclose information in special circumstances when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating a contract with us, to detect fraud, for assistance with a delinquent account, or to protect the safety and/or security of our users, the Service or the general public.
Analytics Providers.
We may provide information to third parties, including where such information is combined with similar information of other users of the Service. For example, we might inform third parties regarding the number of unique users who use the Service, the demographic breakdown of our users of the Service, or the products and/or services purchased using the Service and the vendors of such products and services. In addition to the above, when users use our Service, third parties (including without limitation third-party analytics service providers and commercial partners) may directly collect information about our users’ online activities over time and across different websites. The third parties to which we may provide or who may independently directly collect information may include vendors, analytics services providers, and website tracking services, affiliates and other actual or potential commercial partners, and other similar parties. Please note in particular that the Service uses Google Analytics, including its data reporting features. Information collected by Google Analytics includes but is not limited to web metrics. For information on how Google Analytics collects and processes data, please see the site “How Google uses data when you use our partners’ sites or apps”, currently located at www.google.com/policies/privacy/partners/. For information on opting out of Google Analytics, we encourage you to visit Google’s website, including its list of currently available opt-out options presently located at https://tools.google.com/dlpage/gaoptout.
Professional Advisors.
We may provide your information to professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.
Outside Contractors.
We may employ independent contractors, vendors and suppliers (collectively, “Outside Contractors”) to provide specific services and products related to the Service, such as hosting and maintaining the Service, and developing applications for the Service. In the course of providing products or services to us, these Outside Contractors may have access to information collected through the Service, including your information. We use reasonable efforts to ensure that these Outside Contractors are capable of protecting the security of your information.
Sale of Business.
We reserve the right to transfer information to a third party in connection with a sale, merger, general corporate reorganization, or other transfer of all or substantially all of the assets of Aptima or any of its Corporate Affiliates (as defined below), or that portion of Aptima or any of its Corporate Affiliates to which the Service relates, or in connection with a strategic investment by a third party in Aptima, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding.
Affiliates.
We may disclose information about you to our Corporate Affiliates. For purposes of this Privacy Policy: “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with Aptima, whether by ownership or otherwise; and “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of fifty percent (50%) or more of the voting securities, by contract or otherwise.
7. DOES THIS PRIVACY POLICY APPLY WHEN I CLICK A LINK TO OTHER WEBSITES OR SERVICES?
Our Service may provide you with access to other websites and services. Please be aware that we are not responsible for the privacy practices of any websites or services other than the Service. A link to a third-party website does not constitute or imply endorsement by us. Additionally, we cannot guarantee the quality or accuracy of information presented on those websites. We encourage you to read the privacy policies or statements of each and every such website and service. This Privacy Policy applies solely to information collected by us or on our behalf, including through the Service.
8. IS THE INFORMATION COLLECTED THROUGH THE SERVICE SECURE?
We want your information to remain secure. We strive to provide transmission of your information from your computer or mobile device to our servers through techniques that are consistent with commercially reasonable standards and to employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.
Notwithstanding the above, you should be aware that there is always some risk involved in transmitting information over the Internet. There is also some risk that others could find a way to thwart our security systems. As a result, while we strive to protect your information, we cannot ensure or warrant the security or privacy of any information you transmit to us, and you do so at your own risk.
9. COULD MY INFORMATION BE TRANSFERRED TO OTHER COUNTRIES?
Information collected on the Service may be transferred from time to time to our offices or personnel, or to third parties, located throughout the world, and the Service may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such information. To the extent required by applicable law: whenever we transfer your information to third parties (as described in this Privacy Policy) located in countries that do not ensure adequate protection for your information (as determined by the European Commission or the UK Information Commissioner’s Office, as applicable, each, an “Inadequate Jurisdiction”), we ensure a similar degree of protection is afforded to it; we may use specific contracts approved by the European Commission (accessible at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj) or the UK Information Commissioner’s Office (accessible at https://ico.org.uk/media2/migrated/4019539/international-data-transfer-addendum.pdf), as applicable, which give your information the same protection it has in the European Economic Area or the United Kingdom, as applicable, under the European Data Protection Laws; and if we rely on another basis to transfer your information to an Inadequate Jurisdiction, we will keep you updated or contact you if required. Please contact us if you want further information on the specific mechanisms used by us when transferring your information to an Inadequate Jurisdiction.
10. FOR HOW LONG WILL MY INFORMATION BE KEPT?
We will only retain your information for as long as necessary to fulfill the purposes for which we collected it or as otherwise permitted by applicable law.
To determine the appropriate retention period for information, we consider the amount, nature, and sensitivity of that information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements.
11. WHAT CHOICES DO I HAVE REGARDING MY INFORMATION?
We generally use your information as described in this Privacy Policy or as authorized by you or as otherwise disclosed at the time we request such information from you. You generally must “opt in” and give us permission to use your information for any other purpose. You may also change your preference and “opt out” of receiving certain marketing communications from us by following the directions provided in each applicable communication or such other directions we may provide or by contacting us in accordance with Section 13.
Under certain circumstances and in compliance with the European Data Protection Laws, you may have the right to:
- Request access to your information (commonly known as a ‘subject access request’). This enables you to receive a copy of the information we hold about you and to check that we are lawfully processing it;
- Request correction of the information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your information. This enables you to ask us to delete or remove your information where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove all of your information in certain circumstances;
- Object to processing of your information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
- Request the restriction of processing of your information. This enables you to ask us to suspend the processing of your information, for example, if you want us to establish its accuracy or the reason for processing it;
- Request the transfer of your information to another party; and
- Lodge a complaint with the relevant supervisory authority (as defined in the European Data Protection Laws). If you have any complaints about the way we process your information, please do contact us. Alternatively, you may lodge a complaint with the supervisory authority which is established in your country.
If you want to review, verify, correct or request erasure of your information, object to the processing of your information, or request that we transfer a copy of your information to another party, please contact us in accordance with Section 13.
To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.
You should be aware that it may not be technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, your information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.
Do Not Track.
The term “Do Not Track” refers to a HTTP header offered by certain web browsers to request that websites refrain from tracking the user. We take no action in response to automated Do Not Track requests. However, if you wish to stop such tracking, please contact us with your request, using our contact details provided below.
12. HOW WILL I KNOW IF THERE ARE ANY CHANGES TO THIS PRIVACY POLICY?
We may revise this Privacy Policy from time to time. We will not make changes that result in significant additional uses or disclosures of your information without allowing you to “opt in” to such changes. We may also make non-significant changes to this Privacy Policy that generally will not significantly affect our use of your information, for which your opt-in is not required. We encourage you to check this page periodically for any changes. If any non-significant changes to this Privacy Policy are unacceptable to you, you must immediately contact us and, until the issue is resolved, stop using the Service.
13. WHO DO I CONTACT IF I HAVE ANY PRIVACY QUESTIONS?
If you have any questions or comments about this Privacy Policy, please contact us in any of the following ways:
By e-mail:
privacy@aptima.com
By postal mail or courier:
Attn: Privacy
Aptima, Inc.
8 Cabot Rd, STE 4000 Woburn, MA 01801
14. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
This Section 14 shall apply only to the extent that we are regulated as a business (as defined in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively with any regulations promulgated thereunder, the “CCPA”)) under the CCPA. This Section 14 shall apply to you only if you are a California resident. Upon request, alternative formats of this Privacy Policy are available to individuals with a disability.
As used in this Section 14, “sell” (including any grammatically inflected forms thereof) means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, consumer information (as defined below) to a third party for monetary or other valuable consideration.
As used in this Section 14, “share” (including any grammatically inflected forms thereof) means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, consumer information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions with a third party for cross-context behavioral advertising for our benefit in which no money is exchanged.
The terms “selling” and “sharing” do not include (i) disclosing consumer information to a third party at your direction, (ii) where you intentionally interact with one or more third parties, or (iii) transfers of your consumer information to a third party as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of Aptima, provided that information is used or shared consistently with the CCPA.
14.1 Consumer Information Collected
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with particular California residents or households (“consumer information”). Consumer information does not include deidentified or aggregated information, publicly available information or lawfully obtained, truthful information that is a matter of public concern, or any other information that is excepted from the definition of “personal information” under the CCPA, or any information that is otherwise not regulated by the CCPA. For purposes of this Section 14.1, “publicly available information” means information that is lawfully made available from federal, state, or local government records, or information that we have a reasonable basis to believe is lawfully made available to the general public by you or from widely distributed media, or information made available by a person to whom you have disclosed the information if you have not restricted the information to a specific audience.
For purposes hereof, “sensitive consumer information” means: (1) consumer information that reveals (A) your social security, driver’s license, state identification card, or passport number; (B) your account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (C) your precise geolocation; (D) your racial or ethnic origin, religious or philosophical beliefs, or union membership; (E) the contents of your mail, email, and text messages, unless we are the intended recipient of the communication; (F) your genetic data; (G) your neural data; and (2)(A) consumer information consisting of biometric information processed for the purpose of uniquely identifying you; (B) consumer information collected and analyzed concerning your health; or (C) consumer information collected and analyzed concerning your sex life or sexual orientation. We do not use or disclose your sensitive consumer information.
To the extent we consider Deidentified Data outside the scope of the CCPA because it is not identifiable, then, to the extent required by the CCPA, Aptima hereby publicly commits to process Deidentified Data in its possession only in a de-identified fashion and not attempt to re-identify such Deidentified Data. “Deidentified Data” means data that cannot reasonably be used to infer information about, and that cannot reasonably be linked to, an identified or identifiable California resident.
In particular, with respect to the Service, we have collected the following categories of consumer information from California residents or households within the last twelve (12) months and, in connection therewith, we may collect the following categories of consumer information from California residents or households:
| Category | Consumer information collected | Purposes (including business or commercial purposes) for which we collect or use consumer information | Categories of third parties to whom we have disclosed consumer information for a business purpose and the business or commercial purposes for disclosing consumer information | Categories of sources from which consumer information is collected |
|---|---|---|---|---|
| A. Identifiers. | Name, e-mail address, and any information that you choose to share through the Service. | For the business or commercial purposes set out in Sections 2 and 5 of this Privacy Policy. | In each case for the business or commercial purposes set out in column 3 of this table: Outside Contractors |
Submitted to us by you. |
| B. Personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Name. | For the business or commercial purposes set out in Section 5 of this Privacy Policy. | In each case for the business or commercial purposes set out in column 3 of this table: Outside Contractors |
Submitted to us by you. |
| C. Protected classification characteristics under California or federal law. | Military or veteran status. | For the business or commercial purposes set out in Section 5 of this Privacy Policy. | In each case for the business or commercial purposes set out in column 3 of this table: Outside Contractors |
Submitted to us by you. |
| D. Internet or other electronic network activity information. | IP address, demographic information, general geographic information (e.g., city, state, or country), browser types, operating system, unique device identifiers, device types, requested URL, referring URL, browser language, the pages you view, session duration, the date and time of your visit, domain names, and statistical data involving the use of the Service. | For the business or commercial purposes set out in Sections 2 and 5 of this Privacy Policy. | In each case for the business or commercial purposes set out in column 3 of this table: Outside Contractors Analytics Providers |
Automatically collected by us or on our behalf. |
| E. Professional or employment-related information. | Organization or branch. | For the business or commercial purposes set out in Section 5 of this Privacy Policy. | In each case for the business or commercial purposes set out in column 3 of this table: Outside Contractors |
Submitted to us by you. |
For the avoidance of doubt, with respect to the Service, we have not collected sensitive consumer information from California residents or households within the last twelve (12) months.
14.2 Purposes for Collection of Consumer Information; Categories of Sources
We collect consumer information for the business or commercial purposes described in the tables above and in the manner described in Sections 2 and 5 of this Privacy Policy with respect to your information. Regarding the categories of sources from which consumer information is collected, we collect consumer information from the categories of sources described in the tables above and in the manner described in Section 2 of this Privacy Policy with respect to your information.
14.3 Disclosures of Consumer Information for a Business or Commercial Purpose
Aptima may disclose your consumer information described in the tables above to a third party for a business or commercial purpose, as described in the tables above and in Sections 2 and 6 of this Privacy Policy with respect to your information.
14.4 Sharing and Sales of Consumer Information
In the preceding twelve (12) months, Aptima has not shared or sold, nor does it or will it share or sell consumer information.
14.5 California Residents’ Rights and Choices
The CCPA provides California residents with specific rights regarding their consumer information. This Section describes your CCPA rights (to the extent applicable to you) and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You may have the right to request that Aptima disclose certain information to you about our collection and use of your consumer information over the past twelve (12) months or such other period required by the CCPA. Once we receive and confirm your verifiable consumer request (in the manner described in Section 14.6 below), to the extent required by the CCPA, we will disclose to you:
- The categories of consumer information we collected about you.
- The categories of sources for the consumer information we collected about you.
- Our business or commercial purpose for collecting that consumer information.
- The categories of third parties to whom we disclose that consumer information.
- The specific pieces of consumer information we collected about you (also called a data portability request).
- If we disclosed your consumer information for a business or commercial purpose, a list disclosing disclosures for a business or commercial purpose, identifying the categories of recipients to whom such consumer information was disclosed and the consumer information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that Aptima delete any of your consumer information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable request from you or your authorized agent (in each case if you are a California resident) in the manner described in Section 14.6 below (“verifiable consumer request”), we will delete (and notify our service providers and/or contractors to delete, unless this proves impossible or involves disproportionate effort) your consumer information from our records, unless an exception applies or retention of your consumer information is otherwise permitted by the CCPA. We may deny your deletion request if retaining the information is reasonably necessary for us or our service provider(s) and/or contractor(s) to:
- Complete the transaction for which we collected the consumer information, provide a product or service that you requested, take actions reasonably anticipated by you within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Help to ensure security and integrity to the extent the use of your consumer information is reasonably necessary and proportionate for those purposes.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise that consumer’s free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete the research, if you have provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and compatible with the context in which you provided the information.
- Comply with a legal obligation.
Correction Request Rights
You have the right to request that we correct inaccurate consumer information about you that we maintain, taking into account the nature of the consumer information and the purposes of the processing of the consumer information. If we receive a verifiable consumer request from you to correct inaccurate consumer information, we will use commercially reasonable efforts to correct such inaccurate consumer information as directed by you, pursuant to Section 1798.130 of the CCPA and regulations adopted pursuant to the CCPA.
14.6 Exercising Access, Data Portability, Correction, and Deletion Rights
To exercise the access, data portability, correction, and deletion rights described in Section 14.5 above, please submit a verifiable consumer request to us by either: (1) calling us at 1-866-317-8288; (2) visiting https://aptima.com/contact/; or (3) contacting us in accordance with Section 13. Only you, or someone legally authorized to act on your behalf (such as an authorized agent), may make a verifiable consumer request related to your consumer information. Someone legally authorized to act on your behalf (such as an authorized agent) may make a verifiable consumer request on your behalf, provided that you have duly authorized that person or entity to make such a verifiable consumer request on your behalf and provided that that person or entity can provide verification of their authority to make such a request on your behalf where required. You may also make a verifiable consumer request on behalf of your minor child. You may make a verifiable consumer request for access or data portability no more than twice within a twelve (12) month period.
The verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected consumer information or an authorized agent; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with consumer information if we cannot verify your identity or authority to make the request and confirm the consumer information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use consumer information provided for the purposes of verification of a consumer request to verify the requestor’s identity or authority to make the request. We use the following process to verify consumer requests: In the event you make a request under this Section, we may take various approaches to verify your identity depending on the nature of your request. These approaches may include initiating video conferencing or telephone calls with you or reaching out to you by email or otherwise to ask you questions pertaining to the information we have about you.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your consumer information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. If your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request and notify you of the reason for refusing the request.
14.7 Non-Discrimination
- We will not discriminate against you for exercising any of your CCPA rights, including, unless permitted by the CCPA, by:
- Denying you goods or services;
- Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Providing you a different level or quality of goods or services;
- Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services; or
- Retaliating against an employee, applicant for employment, or independent contractor, as defined in subparagraph (A) of paragraph (2) of subdivision (m) of Section 1798.145 of the CCPA for exercising their rights under the CCPA.
14.8 Consumer Information Retention
We will only retain your consumer information for as long as necessary to fulfill the purposes for which we collected it or as otherwise permitted by applicable law. To determine the appropriate retention period for consumer information, we consider the amount, nature, and sensitivity of that consumer information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your consumer information and whether we can achieve those purposes through other means, and the applicable legal requirements.
14.9 Contact
If you have any questions or concerns relating to this Privacy Policy and/or our consumer information practices, please contact us in accordance with Section 13.