Clearbit Privacy Shield Policy

Welcome to the Clearbit Privacy Shield Policy! This Privacy Shield Policy is incorporated by reference into the Clearbit Privacy Policy, found here. Any capitalized terms not defined in this Privacy Shield Policy have the same meaning given to them in our Privacy Policy.

Clearbit has certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (“Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred by Clearbit customers and end users from the European Union (“EU”) or Switzerland to Clearbit in the U.S. (“Personal Data”). (For these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway). Clearbit has certified that it adheres to the Privacy Shield Principles, which include the Supplemental Principles (collectively, “Privacy Shield Principles”), with respect to Personal Data. If there is any conflict between the policies in this Privacy Shield Policy (“Policy”) and the Privacy Shield Principles, the Privacy Shield Principles shall govern with respect to Personal Data transferred pursuant to the Frameworks. To learn more about the Frameworks and to view our certification page, please visit https://www.privacyshield.gov.

When Clearbit receives Personal Data from enterprise customers in the EU or Switzerland and processes that Personal Data on the customer’s behalf, Clearbit acts as a processor (“Processor”). When Clearbit collects and uses Personal Data on its own behalf or otherwise makes independent decisions about how the Personal Data will be used, Clearbit acts as a controller (“Controller”).

We reserve the right to amend this Policy from time to time consistent with the Privacy Shield’s requirements.

When we act as a Processor on behalf of an enterprise customer, we process the Personal Data we receive from that customer for the purposes set forth in the applicable customer contract. When we act as a Controller, we process Personal Data in a variety of ways depending on the data subjects’ relationships with Clearbit and how end users use our Site and Services. Please see our Privacy Policy for more detailed information.

We may share Personal Data with third parties as described in our Privacy Policy. Where we do, with respect to Personal Data transferred pursuant to the Frameworks, we will only do so in compliance with the Privacy Shield Principles, and we will obligate those third parties to provide the same level of protection as required by the Privacy Shield Principles. Clearbit is accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third parties, unless we prove that we are not responsible for an event giving rise to the harm.

We maintain reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration or destruction, taking into account the nature of the Personal Data and the risks inherent in processing that Personal Data. We will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete and current for as long as we retain it. We will not use the Personal Data for a purpose that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will also retain Personal Data about you in a form identifying or making you identifiable only for as long as it serves a purpose of the data processing.

If you are a data subject whose data is transferred pursuant to the Frameworks, you have the right to request to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. We provide you with choices in your Personal Data, specifically to limit certain uses or disclosures. To exercise these rights or review these choices, please claim your profile or address your requests to the following email address: privacy@clearbit.com. We will make good faith efforts to accommodate these requests within a reasonable time frame. When we are acting as a Processor on behalf of an enterprise customer, we will assist that customer in responding to individuals who contact that customer in exercising their rights under the Privacy Shield Principles.

In compliance with the Privacy Shield Principles, Clearbit commits to resolve complaints about our processing of your Personal Data. Individuals in the EU or Switzerland with inquiries or complaints regarding this Policy should first contact Clearbit at: privacy@clearbit.com or by mail at: APIHub Inc., dba Clearbit, 90 Sheridan Street, San Francisco, CA 94103.

We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to TRUSTe, an alternative dispute resolution provider located in the U.S., at no cost to you. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit TRUSTe's online dispute resolution form for more information or to file a complaint.

In addition, if your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Frameworks. Please note that we may share Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.