Privacy Shield Policy

Clearbit (“we”, “us” or “our”) has certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (“Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred by Clearbit customers and end users from the European Union (“EU”) or Switzerland to Clearbit in the U.S. (“Personal Data”). (For these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway). Clearbit has certified that it adheres to the Privacy Shield Principles, which include the Supplemental Principles (collectively, “Privacy Shield Principles”), with respect to Personal Data. If there is any conflict between the policies in this Privacy Shield Policy (“Policy”) and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Frameworks and to view our certification page, please visit https://www.privacyshield.gov.

When Clearbit receives Personal Data from enterprise customers in the EU or Switzerland and processes that Personal Data on the customer’s behalf, Clearbit acts as a processor (“Processor”). When Clearbit collects and uses Personal Data on its own behalf or otherwise makes independent decisions about how the Personal Data will be used, Clearbit acts as a controller (“Controller”). This Policy explains how Clearbit complies with the Privacy Shield Principles as a processor and as a controller.

Types of Personal Data Collected

Personal Data we may collect includes your name, email address, general location (such as city or country), telephone number, employer name and job title, and social media handles.

We also collect information about use of our Website and Services by visitors and registered users (“Usage Information”), including through cookies and other technologies. Such information may include IP address or any other unique device identifier of the device used to access our Website or Services; the date and time of visits; the pages viewed; links to/from any page; time spent at our Website or Services. We treat this information as Personal Data if it relates to an identified or identifiable individual and is transferred to us by a Clearbit customer or end user in the EU or Switzerland.

Purposes of Data Processing

When we act as a Processor on behalf of an enterprise customer, we process the Personal Data we receive from that customer for the purposes set forth in the applicable customer contract.

When we act as a Controller, we use Personal Data for the purpose of creating and maintaining your account; providing our services to you or your company; responding to and communicating with you about your inquiries and requests; notifying you about offers, new services or other promotions. We may also use Personal Data to operate, evaluate and improve our business (including improving our services; developing new services; performing accounting, auditing, financial and economic analysis, and other internal functions). We use Usage Information to remember your account information for future visits and to provide personalized and streamlined information across related pages on our Website or Services, to measure web traffic and usage activity on our Website and Services for purposes of improving and enhancing their functionality, to look for possible fraudulent activity, and to better understand the sources of traffic and transactions on our Website or Services. In order to understand and improve the effectiveness of our advertising, we may also use web beacons, cookies, and other technology to identify the fact that you have visited our Website or seen one of our advertisements.

Notice and Choice

When we act as a Processor on behalf of an enterprise customer, we rely on the customer to provide appropriate notice and choice to the individual, as the customer controls the Personal Data it has provided. Clearbit typically does not have a direct relationship with such individuals.

When we act as a Controller, we provide notice through this Policy of the Personal Data collected and transferred under the Privacy Shield, including its use, and handling, and how you may exercise your Privacy Shield rights. If we intend to (i) disclose your Personal Data to third parties, except to a third party that is acting as an agent to perform tasks on our behalf and under our instructions, or as you have authorized; or (ii) use your Personal Data for a purpose that is materially different from the purpose for which it was originally collected or that you authorized, we will notify you and give you an opportunity to opt out of such disclosures and/or uses where they involve non-sensitive Personal Data or opt in where sensitive Personal Data is concerned.

Accountability for Onward Transfers

When we act as a Processor on behalf of an enterprise customer, we will only disclose the Personal Data supplied by that customer to third parties where permitted or required by the customer, and then in accordance with the Privacy Shield Principles.

When we act as a Controller, we may disclose Personal Data to third-party contractors, service providers and other businesses involved in the normal operations of our business, for example, providers of hosting services or email communication and customer support services, to assist us in meeting business operations needs and to perform certain services and functions on our behalf and under our instructions. These parties may access, process or store Personal Data in the course of performing their duties to us.

In addition, we offer customers, businesses and third-party platform providers who use our business intelligence tools access to information that we obtain in connection with certain Services, which may include non-sensitive information such as names, contact details, and job titles. We take measures to require the parties supplying this information to obtain appropriate permission from individuals to such use and disclosure of this information about them.

We maintain contracts with these service providers and other third parties described above, which restrict their use and disclosure of Personal Data. Clearbit is accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third parties, unless we prove that we are not responsible for an event giving rise to the harm.

In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements and applicable law, rule, order, or regulation.

We may also disclose Personal Data to other corporate entities in case of a corporate sale (including sale of assets), merger, reorganization, financing due diligence, dissolution or similar event.

Security

We maintain reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration or destruction, taking into account the nature of the Personal Data and the risks inherent in processing that Personal Data.

Data Integrity and Purpose Limitation

We will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete and current for as long as long as we retain it. We will not use the Personal Data for a purpose that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will also retain Personal Data about you in a form identifying or making you identifiable only for as long as it serves a purpose of the data processing.

Access

You have certain rights to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. Please claim your profile or address your requests to the following email address: support@clearbit.com. We will make good faith efforts to accommodate these requests within a reasonable time frame.

When we are acting as a Processor on behalf of an enterprise customer, we will assist the customer in responding to individuals exercising their rights under the Privacy Shield Principles.

Recourse, Enforcement, Liability

In compliance with the Privacy Shield Principles, Clearbit commits to resolve complaints about our processing your Personal Data. Individuals in the EU or Switzerland with inquiries or complaints regarding this Policy should first contact Clearbit at: support@clearbit.com or by mail at: APIHub Inc., dba Clearbit, 3030A 16th Street, San Francisco, CA 94103.

We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to TRUSTe, an alternative dispute resolution provider located in the U.S., at no cost to you. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit TRUSTe's online dispute resolution form for more information or to file a complaint.

In addition, if your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Frameworks.

Changes to the Policy

We reserve the right to amend this Policy from time to time consistent with the Privacy Shield’s requirements.