Privacy notice - Optimizely

Privacy notice

V 2024-02. Published 12 February 2024

This Privacy Notice explains how information about you, that directly identifies you, or that makes you identifiable (“personal information” (also referred to as “personal data” in some jurisdictions)) is collected, used, disclosed, and otherwise processed by Optimizely. This Privacy Notice replaced Optimizely’s former Privacy Policy. 

SUMMARY

Who Collects And Processes Your Personal Information? Optimizely does, in the form of the respective legal entity, entity of the global group of the Optimizely group of companies. The Optimizely Privacy Notice describes in detail which processing activities of which Optimizely group entity apply.

What Personal Information Does Optimizely Collect? Optimizely may collect various types of personal information about you when conducting its business, including (but not limited to):

  • personal contact information,
  • personal information related to your or your employer’s business relationship with Optimizely,
  • personal information Optimizely must collect due to legal- and compliance-related purposes,
  • personal usage, registration, and participation data which Optimizely may generate through your use of its web and online offerings,
  • special categories of personal information,
  • application-related personal information,
  • personal information which Optimizely may receive from third parties,
  • personal information Optimizely requires to ensure your or your employer’s satisfaction with our products, services and offerings.

The purposes Optimizely collects Your Personal Information? Optimizely processes your personal information to:

  • pursue its business relationships with you, your employer, or your employer’s customers, including ensuring your satisfaction with and keeping you up to date on the latest news about our products and services,
  • develop and offer you its software products, cloud and other services,
  • protect the quality and safety of its premises, facilities, products or services,
  • secure and, if necessary, defend its protected legal assets against unlawful attacks, assert our rights or defend Optimizely against legal claims,
  • ensure compliance with statutory laws and regulations applicable to Optimizely,
  • operate Optimizely’s Internet pages, web offerings, or other online events including analyzing the behaviour of the users, enabling you to create a user profile, benefit from an identity service and to promote and continuously improve your user experience,
  • search you as a potential talent for Optimizely,
  • transfer it to recipients like other entities of the Optimizely Group, third-party service providers, Optimizely partners and others.

Rights of Access, Correction & Return. You have the right to request from Optimizely access to, correction of, and/or the return or the deletion of your personal information. You may request from Optimizely to restrict the access to your personal information or to exclude it from further processing. You may revoke a once given consent or object to processing activities which Optimizely may intend to pursue in a given case. When you believe that Optimizely was processing your personal information not in accordance with this Privacy Notice or under breach of applicable personal information protection laws, you have the right to lodge a complaint with a relevant supervisory authority. The Privacy Notice describes each of these rights in detail, including how you can reach us to exercise any of these rights against Optimizely and how to identify, if necessary, the relevant personal information protection authority.

Country Specific Disclosures. In Schedule I, Optimizely addresses several country specific aspects that must be explained in a privacy Notice under relevant country laws. The country-specific requirements include, but is not limited to those, from the EU and EEA, the United States of America (and specifically, the State of California) and the United Kingdom.

Intranet Sites. This Privacy Notice does not apply to Optimizely internet-pages or web-services which present their own privacy Notice – (for example, at Optimizely Careers).

Learn More. This summary does not replace or supersede the detailed explanations in the Optimizely Privacy Notice. In case of any doubt, please always refer to the relevant passage in the actual full Notice below. If you want to learn more about each of these purposes for which Optimizely may collect, transfer, and use your personal information, including for how long your personal information is being retained, please refer to the full Privacy Notice below.

______________________________

Definitions. When we use -

  • “Optimizely”, “Optimizely Group”, “we”, “us”, or “our” in this Privacy Notice - we are referring to Optimizely North America Inc. and Optimizely AB and their respective affiliates. And “Local Optimizely’ means an applicable Optimizely Group company. 
  • “Service” - we are referring to any of the services and product offerings that we offer as a controller, our websites https://www.optimizely.com and https://world.optimizely.com, or any other Optimizely Group product or service that posts or links to this Privacy Notice. Servicesmay include any of Optimizely’s on-prem and cloud software products, web services, apps, online-forums, webinars and events, non-marketing related newsletters, white papers, tutorials, trainings, as well as other offerings like contests or sweepstakes.
  • “personal information”, we are also referring to personal information and personally identifiable information

Optimizely as a Data Controller: This Privacy Notice applies only where Optimizely is the “data controller” (or similar term under applicable laws) and is responsible for and controls the processing of your personal information collected by Optimizely for Optimizely through your use of our Services.

Optimizely as a Data Processor: In providing our Services, our customers may collect and process data in their utilisation of Services (“Customer Data”), or we may collect such data on their behalf, which may in either case include the personal information of our customers’ authorized users. Here, Optimizely is a “data processor” (or similar term under applicable laws), and we have contractually committed ourselves to our customers (typically in the form of our Software Subscription Agreement, and data processing agreement) to process that Customer Data (and personal information) under the instruction of the respective client, who is the data controller in these cases. As such, this Privacy Notice does not apply to the processing of Customer Data (including personal information), and we recommend you read the privacy notice of the respective client if their processing concerns your personal information.

Table of Contents

  1. For What Purposes Does Optimizely Use Your Personal Information
  2. What Personal Information Does Optimizely Collect And Use, And How To We Collect It
  3. How Long Will Your Personal Information Be Stored & Used by Optimizely
  4. Who May Optimizely Share Your Personal Information
  5. Your Control of Your Personal Information
  6. Your Control of Our Marketing Messages
  7. How Can You Exercise Your Rights of Control?
  8. Children
  9. Region-specific Disclosures
  10. Third Party Websites And Services
  11. EU-US Data Privacy Framework 
  12. Changes To This Privacy Notice
  13. Contact Us
  14. Region and Country Specific Disclosures
1. For What Purposes Does Optimizely Use Your Personal Information.

When conducting business and operating our various web presences and other communication channels, Optimizely collects limited personal information of the people it interacts with, including customers, partners, suppliers, vendors, candidates, and any other people with whom we interact. In any of these cases, Optimizely may use this personal information for one or more of the following business purposes:

To pursue business relationships with customers, partners, and others. Optimizely may use personal information to pursue its business relationships with customers, partners, and other users to fulfill pre-contractual and contractual business relations. This may include satisfying requests, processing orders, delivering an ordered product or service, or engaging in any other relevant action to establish, fulfill and maintain our business relationships. When you purchase or intend to purchase Services from Optimizely on behalf of a corporate customer or are otherwise associated as contact person for the business relationship between Optimizely and a corporate customer or partner, Optimizely will use your personal information for this purpose. More specifically, Optimizely may use your personal information to confirm your opening of an account, manage the contract execution, send you disclosures as may be required by law, notice of payments, and other information about our products and services. Optimizely may respond to related inquiries, provide you with necessary support and process your feedback. In the context of your or your employers use of our Services, Optimizely may communicate with you by post, email, live chat, contact forms, phone or any other medium to resolve your, a user’s, or a customer’s question or complaint or to investigate suspicious transactions. In case of telephone calls or chat sessions, Optimizely may record such calls or chat sessions to improve the quality of Optimizely’s services after informing you accordingly during that call and, subject to applicable law, receiving your prior consent before the recording begins.

Customer Satisfaction - Within an existing business relationship between you or your employer and Optimizely, Optimizely may use your personal information to help us understand how satisfied you are with the functionality and quality of our Services, to provide you with relevant information on our latest product announcements, software updates or upgrades, events, special offers, and other information about Optimizely’s Services that is relevant and useful to you.

To develop our Services. To the extent permitted by applicable law, Optimizely may process your personal information for internal research, technological demonstration and development, and to help Optimizely create, develop, operate, deliver, improve, upgrade or enhance Optimizely’s products and services. Optimizely may process personal information to create anonymized data sets which may then be used to improve Optimizely’s Services.

To ensure legal compliance. Optimizely processes personal information to comply with statutory obligations. This includes Optimizely’s compliance with applicable export laws, trade sanctions and embargoes of various countries including, without limitation, those of the European Union and its member states, and of the United States of America. Optimizely may use personal information to the extent necessary to comply with these legal requirements. Specifically, Optimizely may use personal information to conduct automated checks against applicable sanctioned-party lists, to regularly repeat such checks whenever a sanctioned-party list is updated or when a user updates his or her information. In case of a potential match, Optimizely will block access to Optimizely’s services and systems and contact the user to confirm his or her identity. If necessary, Optimizely uses personal information to prevent or prosecute criminal activities such as any form of cybercrime, the illegal use of our products and services or fraud, to assert our rights or defend Optimizely against legal claims. To comply with data protection and unfair competition law related requirements. Depending on the country in which the relevant Optimizely Group company operates, and whether you have expressly consented to or opted out of receiving commercial information, Optimizely may process personal information necessary to accommodate your data protection and privacy choices for the receipt of such information and, when necessary to ensure compliance, exchange such information with the other entities of the Optimizely Group.

Technical and Organizational Security. Optimizely may use your personal information for the purpose of ensuring an adequate level of technical and organizational security of Optimizely's products, services, online events, facilities, and premises. Optimizely may take the measures necessary to verify or maintain the quality and safety of a product or service which is owned, manufactured by or for, or controlled by Optimizely. This may comprise the use of personal information for sufficient identification and authorization of designated users, internal quality control through auditing, analysis, and research, debugging to identify and repair errors that impair existing or intended functionality, account and network security, replication for loss prevention, detecting security incidents, protection against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for such kind of activity. We may further process your name, likeness, and other contact or compliance related data when you visit an Optimizely Group office in the context of access management and video surveillance to protect the security and safety of our locations and assets.

To operate Optimizely internet pages, web-offerings, or other online events. Optimizely may use your personal information for the purpose of operating, providing to you and administering your use of Optimizely’s internet pages, web offerings, or other online events. This includes the following -

Creating user profiles. Certain web offerings linked to Optimizely’s websites, including forums, blogs, and networks (for example @ https://world.optimizely.com), require you to register and create a user profile. Through the user profile you can share personal information about you with other users, such as your name, photo, social media accounts, postal or email address, telephone number, personal interests, skills, and basic information about your company. The user profiles serve to personalize the interactions between the users (for example, by way of messaging or follow functionality) and to allow Optimizely to foster the collaboration and quality of communication through such offerings. The profile settings of the relevant web offering allow you to determine which information you want to share.

Identity service. The user profile may be specific to a single web offering of Optimizely, but it also allows you to access other web offerings of Optimizely or of other entities of the Optimizely Group. It is your choice whether or not to use any of these additional web offerings. If you do, Optimizely will make your personal information available to such other web offerings to provide you with initial access. Kindly note that without your consent for Optimizely to create such user profiles, Optimizely will not be able to offer such services to you where your consent is a statutory requirement that Optimizely can provide these services to you.

Event profiling. If you register for an event, seminar, or webinar of Optimizely, Optimizely may share basic participant information (your name, company, and email address) with other participants of the same event, seminar, or webinar to promote the interaction between the participants and to stimulate the communication and the exchange of ideas.

User experience improvement. Optimizely processes information that relates to your visit to our web offerings to improve your user experience, identify your individual demand and to personalize the way we provide you with the information you are looking for. For this purpose, we collect information regardless of whether you register with a user profile or not.

Cookies and similar tools. We and our third-party providers may use (i) cookies or small data files that are stored on an individual’s computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”) to automatically collect this personal information. For more information about these practices and your choices regarding cookies, please see our Cookie Notice.

To Recruit. Optimizely is collecting and using personal information of qualified individuals and people interested in our career opportunities from various sources. Job applicants and candidates are asked to apply via Optimizely’s Careers Portal, regardless of whether this is done initiatively or in response to an advertised posting. Optimizely collects personal information by means of the Careers Portal for the purposes of carrying out the application procedures and selecting applicants. You may find further information about how Optimizely collects and uses applicant’s personal information in the privacy notice specific to the Optimizely careers websites and portals.

To offer Optimizely’ Services. Optimizely collects and processes personal information for sales and marketing purposes. We aim to keep you updated on upcoming events and Optimizely’s latest products and services. If possible, we may contact you to discuss further your interest in Optimizely services and offerings. This sales and marketing purposes includes the following -

Request feedback, questionnaires and surveys. To the extent allowed by applicable law, Optimizely may contact you for feedback regarding the improvement of the relevant material, product, or service. Optimizely may also invite you to participate in questionnaires and surveys. These will generally be designed so you can participate without having to provide information that identifies you as a participant. If you nonetheless provide your personal information, Optimizely will use it for the purpose stated in the questionnaire or survey or to improve its products and services.

To keep you up to date. Within an existing business relationship between you or your employer and Optimizely, Optimizely may use your personal information to inform you about Optimizely products or services which are similar or relate to products and services you or your employer have already purchased or used. Optimizely will inform you by email or phone about such news only as far as it is allowed by law, or if Optimizely has collected such information in the context of the business relationship. You are entitled to object to Optimizely’s use for this purpose at any time by selecting the opt-out option at the bottom of each marketing related approach.

Personalized Content. Optimizely processes information about your interactions with Optimizely across its various business areas and its offerings (your or your employers prior and current use of Optimizely products or services, your participation in and use of Optimizely’s web offerings, events, white papers, free trials or newsletters) to provide you with the requested products and services and to improve our personal communications with you. This data may also be used to efficiently operate Optimizely’s business, which also includes: the automation and aggregation of data to support various analytic and statistical efforts, performance and predictive analytics and data science to support your customer journey and to fulfill such requests. To the extent permitted by law, Optimizely may combine and use such information in an aggregated manner to help us understand your interests and business demands, develop our business insight and marketing strategies, and to create, develop, deliver, and improve our personalized communications with you. It may also be used by Optimizely to display relevant content on Optimizely owned or third-party websites.

Advertising ID’s. If you consent or as permitted by applicable law, Optimizely may create a hashed user ID to provide to third party operated social networks or other web offerings (such as Twitter, LinkedIn, Facebook, Instagram or Google). This information is then matched against the third party’s own user database to display to you more relevant Optimizely content.

2. What Personal Information Does Optimizely Collect And Use, And How Do We Collect It 

Optimizely processes various types of personal information about the people we interact with when conducting our business or operating our various web presences and other communication channels. When you interact with us, we are collecting personal information about you. Sometimes we collect personal information automatically when you interact with our Services and sometimes we collect the personal information directly from you. At times, we may collect personal information about you from third parties with a legitimate right to share it.

Depending on the individual case, this may comprise the following types of personal information:

Contact Information. Optimizely processes the following categories of personal information as contact information: first name, last name, email addresses, postal address/location (country, state/province, city), telephone numbers, and your relationship history with Optimizely.

Personal information related to the business relationship with Optimizely. In the context of established business relationships, Optimizely processes the business partner’s company name, industry, your job title and role, department and function and your company’s relationship history to Optimizely. If you provide a credit card number or bank details to order products or services, Optimizely will collect this information to process your payment for the requested products or services.

Compliance related personal information. If required by statutory law or regulation, Optimizely may process data categories like date of birth, academic credentials, identity cards or other ID numbers, geolocation, business partner relevant information about e.g., significant litigation or other legal proceedings, and other export control or custom compliance relevant information.

Information generated through your use of, or participation in, Optimizely’s internet pages, web, or online offerings

Usage information. Optimizely processes certain user-related information, e.g., info regarding your browser, operating system, or your IP address when you visit Optimizely’s web properties. We also process information regarding your use of our web-offerings, like the pages you visit, the amount of time you spend on a page, the page which has referred you to our page and the links on our sites you select.

Without limiting Usage Data collection, we and our third-party providers and partners collect certain personal information automatically when you visit, interact with, or use our Service: (A) Log Data (including your internet protocol (IP) address, operating system, browser details such as type, ID, and configuration, unique identifiers, device type and version, the referring URL, date/time of your visit, the time you spent on our services and any errors that may occur during your visit to our Services; (B) Analytics Data (including the electronic path you take to our services, through our services and when exiting our services, UTM source, as well as your usage and activity on our services, such as the time zone, activity information (first and last active date and time), usage history (flows created, campaigns scheduled, emails opened, total log-ins) as well as the pages, links, objects, products and benefits you view, click or otherwise interact with. We may also analyse the interaction between you and your customer using our Services, (C) Location Data (including your general geographic location based on the IP address we collect, and (D) Platform data (if you have an account to use the services we offer as a processor, we may in addition also collect your name, phone number, email address, company information, status in the sales cycle, lead and commercial details (like platform specifics, initial marketing channel), and user and account ID and other identifiers (such as Salesforce ID and Optimizely ID), NPS/account sentiments, Optimizely Academy user profile/history data, account health status, event attendance, status as lead/account, integrations. We and our third-party providers may use (i) cookies or small data files that are stored on an individual’s computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies automatically collect this personal information. For more information about these practices and your choices regarding cookies, please see our Cookie Notice.

Registration information. Optimizely may process your contact data as set out above and other information which you may provide directly to Optimizely if you register for any of Optimizely 's events or other web services.

Participation information. When you participate in webinars, virtual seminars, events, or other Optimizely web services, Optimizely may process your interactions with the relevant webservice to organize the event including its sessions, polls, surveys, or other interactions between Optimizely and/or its participants. Depending on the event and subject to a respective notification of the participants, Optimizely may collect audio and video recordings of the event or session.

Special categories of personal information. In connection with the registration for an event, Optimizely may ask for your dietary preferences or information about potential disabilities for purposes of consideration for the health and well-being of our guests. Any collection of such information is always based on the consent of the participants. Kindly note that if you do not provide such information about dietary preferences, Optimizely may not have the opportunity to respond to such requests at the time of the event.

Personal information received during an application for a job at Optimizely. Optimizely processes personal information of individuals applying for a job at Optimizely as set out in the privacy notice at Optimizely’s career websites and portals.

Personal information received from our partners. In some circumstances, we also collect, or our partners provide us with, publicly available information which may contain Personal Data that you have published or that has been made available online. The way in which our partners collect this is detailed in their own privacy policies, available on their websites.

Personal information received from other third-parties, including publicly available sources. Optimizely aims to collect personal information directly from the data subjects. If you or applicable law allows Optimizely to do so, Optimizely may obtain personal information also from third party sources. These third-party sources may include: (i) your employer in the context of its business dealings with Optimizely and/or the Optimizely Group, (ii) third parties you directed to share your personal information with Optimizely, and (iii) third party sources and publicly available sources like business oriented social networks or information broker. When we collect personal information from third party sources, established internal controls aim to ensure that the third-party source was permitted to provide this information to Optimizely and that we may use it for this purpose. Optimizely will treat this personal information according to this Privacy Notice, plus any additional restrictions imposed by the third party that provided the personal information to Optimizely or by applicable national law.

Personal information necessary for customer satisfaction. To the extent permitted by law or based on your consent, Optimizely may combine the information we collect either directly or indirectly about specific users to ensure the completeness and correctness of the data and to help us better tailor our interactions with you and determine the information which best serves your respective interest or demand.

Our collection of your personal information can also include the following: (i) personal information you provide in connection with our Service – for example, account creation and profile information for any Optimizely account or Optimizely ID, and this information includes your email and password, company name, company URL, office phone number and office address, and you may also add or confirm your name, company industry, tax ID, billing address, time zone and source of contact/lead; (ii) Contract Information - if your company enters into a contractual relationship with us, we may collect your name, job title, email address, signature (if wet signed or a copy of their autograph is used), customer name and address, and information how you heard about us; (iii) payment and transaction Information - if you sign up for one of our Services requiring payment, we collect the information provided in connection with such payment using a third party payment processor to process your payments and as such, all such information is provided directly by you to our third-party processor and that payment processor’s use of your personal information is governed by their privacy notice, although we will only receive the last 4 digits of the credit card number along with transaction-related information (i.e., payment date, amount, device type, IP address and card type), and if any custom billing is arranged, then the account contact’s name, email, job title, company and address may be collected as well; (iv) communications - when you contact us through any method of communications, including through one of our website “Contact Us”, “Chat” or “Support” functions or you request information about, or a demonstration of, our Services, we may collect your name, email address, mailing address, phone number, company/company URL, account ID, type of inquiry, or any other personal information you choose to provide to us, such as how many contacts you have/your company has, which products interest you, what platform is currently being used, and meeting dates and times; (v) Newsletter, Marketing Emails, and Blog - if you sign up to receive news or alerts from us, or subscribe to our blog, we may collect your email and applicable interests and communication preferences; (vi) Optimizely educational resources if you sign up for courses or training at the Optimizely Academy (powered by Intellum) - you will be asked for your user’s name, email, and password, and you may be able to add a profile picture, and when using that platform, a user’s history on registrations, courses taken, scores, and product certifications, survey responses and lead status as well as unique identifier are captured; (vii) Optimizely World Communities. if you wish to participate in the Optimizely network with other account holders and developers, and find resources, insights and further support from other used, you may participate in various Optimizely communities. In this case we may collect the following information: your account credentials, your Optimizely account ID, email address and partner ID, and your account will also show classifications based on your involvement in the relevant Community and badges showing your based on your involvement/accomplishment (both of which can be manages in the profile settings to be visible or not visible to other users of the applicable Community) as well as all content you share via the Community function, and you may be able to add your name, username, job title, city, country, profile picture, social media (Instagram and Twitter), and bio/signature details that may be visible to the other users of the relevant Community; and (viii) Events, Surveys, Feedback and Promotions (including Contests, Sweepstakes, Webinars, and Training Sessions) - if you fill out any forms or otherwise provide your information to us in connection with Optimizely events, surveys, or other promotional events (including contests, sweepstakes, webinars, and trainings), as well as when you provide feedback to us, we may collect your contact information (such as your name, email, and phone number), your organization company, your job title, the office address and any other information you provide to us. 

We may also collect your personal information from: (A) within the Optimizely Group - we may receive your personal information from within Optimizely Group; (B) Optimizely Business and Marketing Partners - we may also disclose personal information with other business and marketing partners with whom we jointly offer products or services, co-market or host events, or who are part of our partner ecosystem, and the information we disclose may include your name, phone number, email address, company name and address, opportunity/interest details of your company, and information on whether your company is a current client of our partner; (C)Social Media – when an individual interacts with us through various social media networks, such as when someone “Likes” us on Facebook or follows us or shares our content on Facebook, Twitter, Instagram or other social networks through, for example, the social media buttons embedded into our website, we may receive some information about individuals that they permit the social network to share with third parties, and this information we receive is dependent upon an individual’s privacy settings with the social network. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services, and (iv) Service Providers - our service providers that perform services solely on our behalf, such as chat services, payout processing, and marketing providers, collect personal information and often share some or all of this information with us.

3. How Long Will Your Personal Information Be Stored & Used by Optimizely 

Optimizely will only process your personal information only for as long as it is required:

  • to make Services requested by you or your employer available to you;
  • for Optimizely Group to comply with statutory obligations to retain personal information, resulting inter alia e.g. from applicable export, finance, tax or commercial laws;
  • to fulfill Optimizely’s legitimate business purposes as further described in this Privacy Notice, unless you object to Optimizely’s use of your personal information for these purposes;
  • until you revoke a consent you previously granted to Optimizely to process your personal information.
  • Optimizely may process your personal information for Service development until this no longer necessary or Optimizely is informed that your relationship with the Optimizely customer has changed.
  • Optimizely may retain your personal information for additional periods if necessary for compliance with legal obligations to process your personal information or if the personal information is needed by Optimizely to assert or defend itself against legal claims. Optimizely will retain your personal information until the end of the relevant retention period or until the claims in question have been settled.

To learn more about how you may revoke consent, please refer to Your Control of Your Personal Information sections below, How Can You Exercise Your Rights of Control, and Contact Us sections below.

 

4. Who May Optimizely Share Your Personal Information 

We may also share, transmit, disclose, grant access to, make available, and provide your personal information as described below. 

  • Optimizely Group: As Optimizely is making available its Services to its customers only via local business relationships, Optimizely may transfer your personal information to the locally relevant Optimizely Group entity for the purpose and to the extent necessary to conduct a business relationship. Other entities of the Optimizely Group may also receive or gain access to personal information either when rendering group internal services centrally and on behalf of the Optimizely Group or when personal information is transferred to them on a respective legal basis. These companies will use your personal information in the same way as we can under this Privacy Notice. If you would like to find out which Optimizely Group entity is responsible for the business relationship with you or your employer, please contact us at privacy@optimizely.com
  • Service Providers: We may share your personal information with third party contractors and service providers, that are subject to reasonable confidentiality terms, and which may include processing payments, providing web hosting and maintenance services, technology support providers, email and messaging communications providers, analytics providers, data storage providers, and web and video hosting providers and developers. Any such service providers will be subject to confidentiality provisions, and be bound to only process the information on our behalf and under our instructions, unless such service providers act as their own controllers (e.g., in the case we seek advice from consultants).
  • Business and Marketing Partners: We may also disclose personal information with other business and marketing partners with whom we jointly offer products or services, co-market or host events, or who are part of our partner ecosystem. We may obtain your consent where required by applicable law. Our business and marketing partners will use your information in accordance with their own privacy notices. 
  • Advertising Partners: We may share certain personal information (including information collected through cookies) with our advertising service providers and vendors in order to advertise our Services to you. For more information on how we collect and share this information, please see the Online Advertising section below.
  • Corporate Transaction: We may transfer any information we collect in the event we sell or transfer all or a portion of our business or assets (including any shares in the company) or any portion or combination of our products, services, businesses and/or assets. Should such a transaction occur (whether a divestiture, merger, acquisition, bankruptcy, dissolution, reorganization, liquidation, change of control or similar transaction or proceeding), we will use reasonable efforts to ensure that any transferred information is treated in a manner consistent with this Privacy Notice.
  • Legal Obligations and Rights: We may disclose personal information to third parties, such as legal advisors and law enforcement agencies, regulators, other authorities and other third parties for legal reasons if we reasonably believe that such action is necessary:
    • in connection with the establishment, exercise, or defense of legal claims; 
    • to comply with laws or to respond to lawful requests and legal process; 
    • to protect our rights and property and the rights, personal safety and property of others, including to enforce our agreements and policies;
    • to detect, suppress, or prevent fraud; or
    • as otherwise required by applicable law.
  • The Public/Other Optimizely World Community users: when you post content on any Optimizely World Community portion of the website: Remember, our websites allow you to connect and interact with others. In that case, your personal information may be visible to others as set out above under “Optimizely World Community”.
  • With Your Consent: We may disclose personal information about an individual to certain other third parties or publicly with their consent or direction. For example, with an individual’s consent or direction we may post their testimonial on our website or service-related publications. 
5. Your Control of Your Personal Information 

You can manage and control our use of your personal information as outlined in this Privacy Notice.

In addition, If you have a Optimizely account with us, you have the ability to modify certain information in your account (e.g., your contact information and profile picture) through the “Settings” tab in your Optimizely log-in account. Not all personal information is maintained in a format that you can access or change. If you would like to request access to, or correction or deletion of personal information, you may send your request to us by messaging support in the support portal through your Optimizely account. We will review your request and may require you to provide additional information to identify yourself, but we do not promise that we will be able to satisfy your request.

Please direct any requests to exercise your rights to privacy@optimizely.com.

6. Your Control of Marketing Messages 

You can manage our marketing messages to you.

Email Communications. From time to time, we may send you emails regarding updates to our Services, products or services, notices about our organization, or information about products/services we offer that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the “unsubscribe link” provided at the bottom of the email communication.

Note that you cannot unsubscribe from certain services-related communications (e.g., account verification, confirmations of transactions, technical or legal notices).

Messaging Platforms. We may use personal information we collect to communicate with individuals via messaging platforms (such as WhatsApp), including to market to you or offer you information and updates on products or services we think you may be interested in. You can unsubscribe from these messages at any time by replying STOP in one of our messages.

SMS Text Messaging. We may use personal information we collect to communicate with individuals via text message, including (with your consent) to market to you or offer you information and updates on products or services we think you may be interested in. You can unsubscribe from marketing text messages at any time by replying STOP or clicking the unsubscribe link (where available) in one of our messages.

If you do not want to receive any marketing communications from us, you can also at any time go to our ‘unsubscribe’ page @ https://pages.optimizely.com/UnsubscribePage.html

Our customers are solely responsible for their own marketing emails and other communications and we cannot unsubscribe you from their communications. If you believe any of our customers or partners has engaged in unsolicited sending of mass email (or SPAM) and that they are using our Products and Services to do so, please contact our Data Protection Officer at DPO@optimizely.com, and the Privacy Office at privacy@optimizely.com.

7. How Can You Exercise Your Rights of Control? 

Please direct any requests to exercise your rights to privacy@optimizely.com

Optimizely will take steps to ensure it verifies your identity to a reasonable degree of certainty before it will process the information protection right you want to exercise. When practical and commercially reasonable, Optimizely will match personal information provided by you in submitting a request to exercise your rights with information already maintained by Optimizely. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by Optimizely. Optimizely will not process requests that are manifestly unfounded, excessive, fraudulent, represented by third parties without duly representing respective authority or are otherwise not required by local law.

8. Children

Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 16. If an individual is under the age of 16, they should not use our Services or otherwise provide us with any personal information either directly or by other means. If a child under the age of 16 has provided personal information to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. If we learn that any personal information we collect has been provided by a child under the age of 16, we will promptly delete that personal information.

9. Region-Specific Disclosures

This Privacy Notice is designed to apply to our website visitors, users of our Service, and other companies and users on a global basis. Please refer to Schedule I for additional disclosures that may be applicable to you:

10. Third Party Websites And Services

The Services may contain integrations or links to third party websites or services, including those of our business partners. By interacting with these third parties, you are providing information directly to the third party and not Optimizely. Please note that Optimizely is not responsible for the privacy practices of these third parties or any entity that it does not own or control. We encourage you to review the privacy notices and online terms of those third parties to learn more about how they handle your personal information.

11. EU-US, US-UK and Swiss-US Data Privacy Framework 

Optimizely complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Frameworks” or “DPFs”) as set forth by the U.S. Department of Commerce (https://www.dataprivacyframework.gov/) regarding the collection, use, and retention of personal information transferred to the U.S. from the European Union (EU), United Kingdom (UK) and /or Switzerland respectively. Optimizely has certified to the U.S. Department of Commerce that will adhere to the DPF Principles with respect to such information (“DPF Principles”), and accordingly, Optimizely is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission with respect to personal information received or transferred pursuant to those Data Privacy Frameworks and the DPF Principles. Furthermore, Optimizely shall be liable to you for any third-party agent to which Optimizely transfers your personal information and that processes such personal information in a manner that violates the DPF Principles, unless Optimizely can demonstrate that it is not responsible for the resulting damages. If there is any conflict between the terms in this Privacy Notice and the DPF Principles, the DPF Principles shall prevail and govern. To learn more about any Data Privacy Framework program, and to view our certifications, please visit https://www.dataprivacyframework.gov/.

In compliance with the Data Privacy Frameworks, Optimizely commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Optimizely at privacy@optimizely.com.

Optimizely has further committed to refer unresolved Data Privacy Framework complaints to (i) the American Arbitration Association at the International Centre for Dispute Resolution (‘ICDR AAA’) or to (ii) JAMS (formerly known as, Judicial Arbitration and Mediation Services), as alternative dispute resolution providers. The ICDR AAA and JAMS are both located in the United States. Either is available to you, at your choice. If you do not receive timely acknowledgment of your complaint from us, or if we have not reasonably addressed your complaint to your satisfaction, please visit ICDR AAA at https://go.adr.org/dpf_irm.html or JAMS at https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. Those services are made available to you at no cost to you.

Alternatively, for European residents, the EU Data Protection Authorities (EU DPAs), and for United Kingdom residents, the Information Commissioner’s Office , are also available to serve as an independent recourse mechanism for the dispute resolution arising from our collection, use, and retention of your personal data transferred to the United States. You may contact your UK ICO here, local EU DPA here and for Swiss individuals, the Swiss Federal Data Protection office here for more information. Those services are also made available at no cost to you.

Optimizely also commits to cooperate and comply with advice of the panel established by the EU data protection authorities (DPAs), and the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human personal data received in reliance on Data Privacy Frameworks.

In certain circumstances, the Data Privacy Frameworks provide you with the right to invoke binding arbitration by the Data Privacy Framework Panel. For more information on this option, please see refer to the DPF Principles.

12. Changes To This Privacy Notice

We reserve the right to change this Privacy Notice from time to time in our sole discretion. We will notify you about material changes in the way we treat personal information by adequately informing you via your account, by placing a prominent notice on our website, or through other appropriate communication channels. It is your responsibility to review this Privacy Notice periodically. All changes shall be effective from the date of publication unless otherwise provided.

13. Contact Us

If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please send an email to privacy@optimizely.com.

Region Specific Disclosures

________________________________________________

Where Optimizely is subject to privacy requirements in the EU, EEA and other GDPR relevant countries, and the United Kingdom and Switzerland.

Optimizely Group maintains operations in Europe and may direct our services to individuals located in the EEA, UK and Switzerland. In these instances, the following additional disclosures apply to our processing of personal information. When we use the term “personal data”, we mean personal information – that is, information relating to an identified or identifiable natural person.

Controllers. Subject to your location, either Optimizely North America Inc or Optimizely AB. is the controller of your personal data. In addition, the Optimizely Group entities are each jointly responsible with Optimizely North America Inc and Optimizely AB to process your personal data for the following reasons: to perform our contractual services, as further described below. 

Legal Bases For The Processing. Regularly, we use your personal data based on the following legal grounds according to the Regulation (EU) 2016/679 (the “EU GDPR”) or, where applicable, the “UK GDPR” as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 GDPR:

  • Perform our contractual services, including prior to entering into a contract with you: If you order Services from us or if you contact us to request our Services, we use your personal data to provide you with these Services, including for account and contract management, to facilitate user benefits and services, including customer support, and evaluate your candidacy for employment and to facilitate the onboarding process.
  • Justified by our legitimate interests: The usage of your personal data may also be necessary for our own business interests. For example, we may use some of your personal data to send gifts to you; market our Services to individuals; administer, improve and personalize our Services, including by recognizing an individual and remembering their information when they return to our Services and analyzing our client-base; Process payment for our Services; conduct market research; opportunity tracking, conversion and lead generation; test, enhance, update and monitor the Services, or diagnose or fix technology problems; help maintain the safety, security and integrity of our property and Services, technology assets and business; enforce ourWebsite Terms of Use and other online terms for our Services resolve disputes, carry out our obligations and enforce our rights, and protect our business interests and the interests and rights of third parties; and prevent, investigate or provide notice of fraud or unlawful or criminal activity. 
  • Consent: In some cases, we may ask you to grant us separate consent to use your personal data. 
  • Compliance with legal obligations. We are obligated to retain certain personal data because of legal requirements, for example, tax or commercial laws, or we may be required by law enforcement to provide personal data on request. We do not use your personal data for automated individual decision-making.
How Long Will We Store Your Personal Data. We will usually store the personal data we collect about you for no longer than necessary for the purposes as set above, and in accordance with our legal obligations and legitimate business interests. The criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:
  • Contract.Where we are processing personal data is based on contract, we generally will retain your personal data for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from our contractual relationship.
  • Legitimate Interests.Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account your fundamental interests and your rights and freedoms.
  • Consent.Where we are processing personal data based on your consent, we generally will retain your personal data until you withdraw your consent, or otherwise for the period of time necessary to fulfil the underlying agreement with you or provide you with the applicable service for which we process that personal data.
  • Legal Obligation.Where we are processing personal data based on a legal obligation, we generally will retain your personal data for the period of time necessary to fulfil the legal obligation.
  • Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim or intent to establish a claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.

Marketing And Advertising. From time to time we may contact you with information about our services, including sending you marketing messages and asking for your feedback on our Services. Most marketing messages we send will be by email or via messaging platform. For some marketing messages, we may use personal data we collect about you to help us determine the most relevant marketing information to share with you. We may send you marketing messages if you have given us your consent to do so or where we have relied on the soft opt-in rule (where applicable). If you wish to unsubscribe from such communication, please see the details set out under “Your Rights In Respect Of Your Personal Data”. 
Storing And Transferring Your Personal Data
  • Security. We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. All personal data we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information.
  • International Transfers of your Personal data. The personal data we collect may be transferred to and stored in countries outside the EEA, UK and Switzerland in countries where we and our third-party service providers have operations, including in the United States, where Optimizely North America Inc. is located. In the event of a transfer by Optimizely, we ensure that: (i) the personal data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard contractual clauses adopted by the European Commission. If you wish to enquire further about these safeguards used, please contact us using the details set out under the Contact Us section of the main Privacy Notice. 
Your Rights In Respect Of Your Personal Data. In accordance with applicable privacy law, you may have the following rights in respect of your personal data that we hold:
  • Right of access. You have the right to obtain certain information about our processing of your personal data which includes:
    • confirmation of whether, and where, we are processing your personal data;
    • information about the categories of personal data we are processing, the purposes for which we process your personal data and information as to how we determine applicable retention periods;
    • information about the categories of recipients with whom we may share your personal data; and
    • a copy of the personal data we hold about you.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay. 
  • Right to erasure. You have the right, in some circumstances, to require us to erase your personal data without undue delay, such as if the continued processing of that personal data is not justified. 
  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data, such as where the accuracy of the personal data is contested by you.
  • Right to withdraw consent. There are certain circumstances where we require your consent to process your personal data. In these instances, and if you have provided consent, you have the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal. 
  • Right to Object. You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason at any time.

You also have the right to lodge a complaint to your local data protection authority. If you are based in the EU, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner’s Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html).

If you wish to exercise one of these rights, please submit a request by completing our Privacy Rights Request Form. You can also always contact our Data Protection Officer at DPO@optimizely.com, and the Privacy Office at privacy@optimizely.com..

Due to the confidential nature of data processing, we may ask you to provide proof of identity when exercising the above rights.

Cookies And Similar Technologies. Our European Services and emails use cookies and similar technologies such as pixels and Local Storage Objects (LSOs) like HTML5 (together “cookies”) to distinguish you from other users of our Services. This helps us to provide you with a good experience when you use our Services and also allows us to monitor and analyse how you use and interact with our Services so that we can continue to improve our Services. It also helps us and our partners to determine products and services that may be of interest to you. Please see our Cookie Notice for more information about these practices and your choices regarding cookies. You can also always contact the Privacy Office at privacy@optimizely.com for more information.

________________________________________________

Where Optimizely is subject to privacy requirements in the United States, the following also applies.

U.S. Children’s Privacy. Optimizely does not knowingly collect the personal information of children under the age of 13. If you are a parent or guardian and believe Optimizely collected information about a child, please contact Optimizely as described in “Contact Us” section of the main Privacy Notice. Optimizely will take steps to delete the information as soon as possible. Given that Optimizely websites and online services are not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, Optimizely does not sell the personal information of any minors under 16 years of age.

California residents. These California disclosure provide additional information about how we collect, use, disclose and otherwise process personal information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “CCPA”) – (“CA Disclosures”). Unless otherwise expressly stated, all terms in these CA Disclosures have the same meaning as defined in our Privacy Notice or as otherwise defined in the CCPA. When we use the term “personal information” in this CA Disclosure, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. 

Collection and Use of Your Personal Information. Optimizely collects personal information from and about you for a variety of purposes, as described in previous sections of this Privacy Notice.

Categories of Personal Information Collected. In the last 12 months, we have collected the following categories of personal information: (i) identifiers, such as your first, middle and last name, email address, username, or other similar identifiers; (ii) CA customer categories, such as your name, phone number, and postal address; (iii) commercial information, such as records of services purchased, obtained or considered; (iv) internet/network Information, such as device information, logs and analytics data; (v) geolocation data, such as approximate location data generated based on your IP address or other information; (vi) sensory information, such as recordings of any phone calls or video calls (with your permission, as applicable) between you and Optimizely; (vii) professional/employment information, such as the business or organization you represent, your title with that business or organization and information relating to your role with the business or organization, job application information and other details contained in your resume; (viii) inferences about your interests and preferences, generated from your use of our sites; and (ix) other personal information, including information you submit into the feedback form and any communications between you and Optimizely, as well as information we receive from social networking sites. We collect this information from the following sources: (i) directly from you, (ii) from our business partners and affiliates, (iii) from your browser or device when you visit and / access and use any of our Services, or (iv) from third parties that you permit to share information with us. Please see the What Personal Information Does Optimizely Collect And Use, And How Do We Collect It section above for more information about the sources of personal information we collect.

Disclosure of Personal Information. Optimizely may share your personal information with third parties for business purposes. The categories of third parties to whom we disclose your personal information for a business purpose include: (i) within the Optimizely Group; (ii) our service providers and advisors; (iii) analytics providers; (iv) marketing and strategic partners; and (v) social networks. In the previous 12 months, we have disclosed all of the categories of personal information we collect, explained in the Collection and Use of Personal Information section above, to third parties for a business purpose, as described in the What Purposes Does Optimizely Use Your Personal Information, What Personal Information Does Optimizely Collect, Use and How we Collect It, and Who May We Share your Personal Information sections in this Privacy Notice.

Sale Of Personal Information. As further described in the What Purposes Does Optimizely Use Your Personal Information, What Personal Information Does Optimizely Collect, Use and How we Collect, and Who May We Share your Personal Information sections of the Privacy Notice, we may “sell” or “share” your personal information (as those terms are defined by the CCPA) to third parties, subject to your right to opt out of those sales or sharing (see the Exercise Your Right To Opt Out section below). In the last 12 months, we have sold or shared the following categories of personal information for the purposes described in our Privacy Notice, subject to your settings and preferences and your Right to Opt-Out: (i) identifiers, such as your name and email address, (ii) CA customer categories, such as your name and phone number, and (iii) commercial information, such as records of services purchased, obtained or considered. The categories of third parties to whom we may sell or share the personal information include: (A) business and marketing partners, (B) online advertising networks and analytics providers, and (C) Social Networks. We may also disclose personal information to third parties at your direction or upon your request, in connection with a corporate business transaction, or to comply with legal or contractual obligations, as described in our Privacy Notice.

Your California Privacy Rights. As a California resident, you may be able to exercise the following rights in relation to the personal information that we have collected about you (subject to certain limitations at law): (A) The Right to Access/Know, (B) The Right to Request Deletion, (C) The Right to Correction, (D) The Right to Opt-Out of Sales or Sharing of Personal Information, (E) The Right to Limit Use and Disclosure of Personal Information, (F) The Right to Control Over Automated Decision-Making / Profiling, (G) The Right to Non-Retaliation, and (H) to “Shine the Light”. 

Your Right to Access/Know means that you have the right to request any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity: (i) the specific pieces of personal information we have collected about you; (ii) the categories of personal information we have collected about you; (iii) the categories of sources of the personal information; (iv) the categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed; (v) the categories of personal information we have sold about you (if any), and the categories of third parties to whom the information was sold; and (vi) the business or commercial purposes for collecting or, if applicable, selling the personal information.

Your Right to Request Deletion means you have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.

Your Right to Correction means you have the right to request that any inaccuracies in your personal information be corrected, taking into account the nature of the personal information and the purposes of the processing of your personal information.

Your Right to Opt-Out of Sales or Sharing of Personal Information means you have the right to direct us not to “sell” your personal information to third parties for monetary or other valuable consideration, or “share” your personal information to third parties for cross-context behavioural advertising purposes. If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales.
Your Right to Limit Use and Disclosure of Personal Information means you have the right to direct us to limit the use of your sensitive personal information to certain purposes, subject to certain exceptions.

Your Right to Control Over Automated Decision-Making / Profiling means you have the right to direct us not to use automated decision-making or profiling for certain purposes.

Your Right to Non-Retaliation means you have the right not to receive retaliatory or discriminatory treatment for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.

Your “Shine the Light” right means that California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law, or the right to opt out of such practices (Civ. Code §1798.83).

 

How To Exercise Your California Privacy Rights. To exercise your Right to Access, Right to Know, Right to Correction, or your Right to Deletion: please submit a request by completing our Privacy Rights Request Form. You can also always contact our Data Protection Officer at DPO@optimizely.com, and the Privacy Office at privacy@optimizely.com.

Before processing your request, we will need to verify your identity and confirm you are a resident of the State of California. In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us to the information we maintain about you in our systems. This process may require us to request additional personal information from you, including, but not limited to, your email address, phone number, and/or date of last transaction on our Services.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

Exercise Your Right to Opt-Out of Personal Information Sales or Sharing for Targeted Advertising. Unless you have exercised your Right to Opt-Out, we may disclose or “sell” your personal information to third parties for monetary or other valuable consideration, or “share” your personal information to third parties for cross-context behavioural advertising purposes. The third parties to whom we sell or share personal information may use such information for their own purposes in accordance with their own privacy policies. You do not need to create an account with us to exercise your Right to Opt-Out. However, we may ask you to provide additional personal information so that we can properly identify you to track compliance with your opt-out request. We will only use personal information provided in an opt-out request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems. To exercise the Right to Opt-Out of personal information “sales,” you may submit a request as outlined below Additionally, as is common practice among companies that operate online, we permit third party advertising networks, social media companies and other third party businesses to collect and disclose your personal information (including preferences, geolocation, commercial information and internet, network and device information) directly from your browser or device through cookies or tracking technologies when you visit or interact with our websites, use our apps or otherwise engage with us. These third parties use this information for the purposes of serving ads that are more relevant, for ad campaign measurement and analytics, and for fraud detection and reporting and may sell or share that information to other businesses for advertising and other purposes. To learn more about how third parties collect information through tracking technologies and what other choices you may have in relation to those activities, please see our Cookie Notice

To exercise the Right to Opt-Out of the sharing of your personal information for cross-context behavioural advertising purposes (targeted advertising). You may submit a request by completing our Privacy Rights Request Form, and you can also always contact our Data Protection Officer at DPO@optimizely.com, and the Privacy Office at privacy@optimizely.com.

Authorized Agents. In certain circumstances, you may permit an authorized agent to submit requests to exercise your California Privacy Rights on your behalf. The authorized agent must provide a letter signed by you confirming the agent has permission to submit a request on your behalf or must provide sufficient evidence to show that the authorized agent has been lawfully vested with power of attorney. For security purposes, we may need to verify your identity and confirm directly with you that you have provided the authorized agent permission to submit the request, and it may take additional time to fulfil agent-submitted requests. We may deny a request in the event we are not able to verify the authorized agent’s authority to act on your behalf. Please note that for privacy and security reasons, we will direct future communications to the data subject on whose behalf the request was made.

“Shine the Light” Disclosures. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. To opt out of this type of sharing, please submit a request by completing our Privacy Rights Request Form, and you can also always contact our Data Protection Officer at DPO@optimizely.com, and the Privacy Office at privacy@optimizely.com.

Notice of Financial Incentives. In addition, we may offer you financial incentives for the collection, sale, retention, and use of your personal information as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. Please note that participating in incentive programs is entirely optional, you will have to affirmatively opt-in to the program and you can opt-out of each program (i.e., terminate participation and forgo the ongoing incentives) prospectively by following the instructions in the applicable program description and terms. We may add or change incentive programs, and/or their terms by posting notice on the program descriptions and terms linked to above, so check them regularly. Each financial incentive or price or service difference related to the collection and use of personal information is based upon our reasonable, good-faith determination of the estimated value of such information to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized by rewarding brand loyalty. We calculate the value of the offer and financial incentive by using the expense related to the offer.

Minors. We do not sell the personal information and do not have actual knowledge that we sell the personal information of minors under 16 years of age. Please contact us at privacy@optimizely.com, to inform us if you, or your minor child, are under the age of 16. If you are under the age of 18 and you want to remove your name or comments from our website or publicly displayed content, please contact us directly at privacy@optimizely.com. We may not be able to modify or delete your information in all circumstances.

Nevada residents. This Nevada disclosure provide additional information about how we collect, use, disclose and otherwise process personal information of individual residents of the State of Nevada, either online or offline, within the scope of the Chapter 603A of the Nevada Revised Statutes – (“NV Disclosures”). Unless otherwise expressly stated, all terms in these NV Disclosures have the same meaning as defined in our Privacy Notice or as otherwise defined in the Chapter 603A. Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. To opt out of this kind of future sales, please submit a request by completing our, Privacy Rights Request Form, and you can also always contact our Data Protection Officer at DPO@optimizely.com, and the Privacy Office at privacy@optimizely.com.

Colorado, Connecticut, Utah and Virginia residents. In accordance with applicable privacy law and the jurisdiction in Colorado, Connecticut, Utah and Virginia, residents of those states may be able to exercise some or all of the rights as detailed under the CA Disclosures in respect of your personal information that we have collected (subject to certain limitations at law).

________________________________________________

Where Optimizely may be subject to privacy requirements in Australia, the following also applies.

Australian residents. These additional disclosures for Australian residents (“Australian Disclosures”) supplement the information contained in our Privacy Notice and applies solely to individuals lawfully resident in Australia (“you”). These Australian Disclosures provide additional information about how we collect, use, disclose and otherwise process personal information of individuals in Australia, either online or offline, within the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”) found in Schedule 1 of the Privacy Act. Unless otherwise expressly stated, all terms in these Australian Disclosures have the same meaning as defined in our Privacy Notice or as otherwise defined in the Privacy Act. When we use the term “personal information” in this Australian Disclosures notice, we mean information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information or opinion: (i) is true or not; and (ii) is recorded in a material form or not. 

How We Collect Your Australian Personal Information. The various ways in which your personal information is collected are described in the main Privacy Notice. We may also collect your personal information if we record any phone calls or video calls (with your permission) between you and Optimizely. 

Overseas Transfers From Australian Of Your Personal Information. Your personal information may be transferred to and stored in locations outside Australia where we and our third-party service providers have operations, including in the United States, where Optimizely North America Inc. is located, United Kingdom, where Optimizely Ltd is located, and Sweden, where Optimizely AB is located. In the event of a transfer by Optimizely to a location outside Australia, we ensure that: (i) personal information is transferred to countries recognised as having an equivalent level of privacy protection to Australia; or (ii) the transfer is made pursuant to appropriate safeguards, such as contractual obligations. 

Storing Your Australian Personal Information. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information.

YOUR AUSTRALIAN PRIVACY RIGHTS. You have various rights under the APPs.

You have the right to request access to and/or the correction of your personal information held by Optimizely. You can exercise these rights by contacting our Privacy Office at privacy@optimizely.com. We will respond to your request within a reasonable time. If your request is refused, you will be provided with written reasons for the refusal and information about the mechanisms you can use to complain about the refusal. 

To exercise your right to access, right to know, right to correction, or your right to deletion: please submit a request by completing our Privacy Rights Request Form.

You have the right to make a privacy complaint to our Privacy Office at privacy@optimizely.com. Our Privacy Office will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. Our Privacy Office will endeavour to complete the investigation into your complaint promptly. You may be asked to provide further information about your complaint and the outcome you are seeking. Our Privacy Office will then typically gather relevant facts, locate and review relevant documents, and speak with individuals involved. In most cases, our Privacy Office will investigate and provide a written response to your complaint within 30 days of receipt of the complaint. If the matter is more complex or the investigation may take longer, our Privacy Office will let you know.If you are not satisfied with Optimizely’s response to your complaint, a complaint may be made to the Office of the Australian Information Commissioner (“OAIC”). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au.