Privacy Policy

Introduction

C3Compliant, LLC is pleased to welcome you to our websites. By accessing any area of C3Compliant.com or websites operated by C3Compliant, LLC and using the C3 Services (“Services”) provided, the user acknowledges this notice, and agrees with and acknowledges the terms, conditions, and responsibilities as set out below.

Trademarks

Certain trademarks, service marks, trade names, images, logos, design, text, graphics, and pictures on C3Compliant.com and websites operated by C3Compliant, LLC are proprietary to C3Compliant, LLC. They may NOT be copied, reproduced, republished, posted, transmitted, or distributed in any way. The user may print, in hard copy, portions of the website only in connection with placing or having placed an order with C3Compliant, LLC. The use of any such material for any other reason, on any other websites, or the modification, distribution or republication of this material without prior written permission from C3Compliant, LLC is strictly prohibited. Except as may be expressly provided, nothing contained herein shall be construed as conferring any license, software or rights under copyright or other intellectual property rights. C3Compliant, LLC (“C3”) owns and operates C3Compliant.com and websites operated by C3Compliant, LLC.

Information Collected and Stored Automatically

Your privacy is important to us. When you visit C3Compliant.com or websites operated by C3Compliant, LLC to browse, you do so anonymously. C3 does not collect personally identifying information about you.

We collect and store for an indefinite period certain information for system administration and in order to create reports. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. This information includes:

The only cookies in use on our websites are for Google Analytics. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so that they can improve it.

Google Analytics uses first-party cookies to track visitor interactions which are used to collect information about how visitors use our websites. We then use the information to compile reports and to help us improve our websites.

Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the website before and what website referred the visitor to the web page.

Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our websites – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page.

Disclosure Regarding Google Display Advertising and Google Analytics Features

We use Google AdWords Remarketing to display relevant ads tailored to you based on what parts of C3Compliant.com or websites operated by C3Compliant, LLC you have viewed by placing a cookie on your machine that show specific pages you have visited. The cookies do not identify you or provide access to your computer. Google AdWords Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.

We have implemented Google Analytics features based on Display Advertising (Google Display Network Impression Reporting and Google Analytics Demographics and Interest Reporting). We use first-party cookies (such as the Google Analytics cookies) to identify trends in the usage of our websites, assess what information is of most and least interest, determine technical design specifications, and identify system performance or problem areas, which may be published in reports for internal use. This information is NOT shared with anyone beyond the support staff to our websites, except when required by Law Enforcement investigation. You can learn how Google Analytics collects and processes information here.

Visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.

Information Collected from E-mail

You may voluntarily provide us with personally identifying information, for example your mailing address, in an electronic message or web-based form. Information collected in this manner is used solely for responding to your request unless noted in the specific web page where your request is made. We do not share this information with government agencies, commercial and non-commercial entities, or the public unless noted on a particular web page. Any information that you provide to us in an e-mail may be subject to disclosure under a Freedom of Information Act request. We also retain an e-mail log of the time each message is received, the time each message is forwarded, the delivery status of each message, and a unique e-mail identifier number. The e-mail log may be retained indefinitely.

Client Information

Where client access is required, the use of a User ID and password will be used to authenticate to C3 Services. You are responsible for keeping your User ID and password confidential. The use of your User ID and password by you or any other person with or without your knowledge or consent, in connection with any C3 Services, binds you legally and makes you responsible for any such online transaction. You should promptly notify C3 if you become aware or suspicious of unauthorized use of your User ID and password.

Clients are authenticated to a secure website, using industry standard SSL encryption. Software tags called "cookies" are used to identify and verify clients when they access the client side of our websites and to store return client information so that repetitive keystrokes are minimized. Cookies are used to remember client preferences and maximize performance of our services.

Attempts to authenticate to the client side of our websites using user IDs and passwords are logged and audited. Client information and logs are maintained for purposes of security and accuracy. C3 and its Services will not sell client information to any other person, organization, or entity, however certain third-party support services may have access to this information for the purposes of maintaining or improving our websites or Services.

Law & Order

We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of C3 Services or our users; or (d) protect C3 and its Services’ property rights.

Stewardship of your data is critical to us and is a responsibility that we embrace. We believe that our users' data should receive the same legal protection regardless of whether it's stored on our services or on their home computer's hard drive. We will require that any information request be accompanied by the appropriate legal documents and supported by a valid legal basis. We will carefully review each request; we will only provide the minimum information compelled by legal process unless the inquest involves the potential abuse of the privileges of using our services. We'll abide by the following Government Request Principles when receiving, scrutinizing, and responding to government requests for our users' data. We will require that any information request be accompanied by the appropriate legal documents and supported by a valid legal basis. We will be transparent regarding the process to our users and carefully review each request, ultimately providing only data that is legally required to be disclosed for the particular investigation:

C3 Services Business Admins

If you are a C3 Services Business user, your administrator may have the ability to access and control your C3 Services Business account. Please refer to your employer's internal policies if you have questions about this. If you are not a C3 Services Business user but interact with C3 Services Business user, members of that organization may be able to view the name, email address, and IP address that were associated with your account at the time of that interaction.

Data Security

C3 Services will rarely, if ever, have any access to, or control, or in any way handle data stored, uploaded, downloaded, or transferred while using these Services, including any cardholder data, protected health Information (“PHI”), personally identifiable information ("PII") or other Confidential Information that may be included in your use of these Services, and that all access to and control of such data will, except under extraordinary circumstances, remain under your exclusive administrative domain and control. C3 Services has no duty or obligation to supervise or advise you on the manner in which you administer access to and control of such data. C3 will sign a Business Associate Agreement with business accounts that may contain specific requirements for Business Account customers.

Retention

File information stored on our Services is retained only for the duration specified by you. Account information will be retained for as long as required to provide Services. If you delete your account, we'll also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.

Security, Intrusion, and Detection

For site security purposes and to ensure that this service remains available to all users, all network traffic is monitored in order to identify unauthorized attempts to upload or change information, or otherwise cause damage or conduct criminal activity. Unauthorized attempts to defeat or circumvent security features, to use the system for other than intended purposes, to deny service to authorized users, to access, obtain, alter, damage, or destroy information, or otherwise to interfere with the system or its operation are prohibited. Evidence of such acts may be disclosed to law enforcement authorities and result in criminal prosecution under the Computer Fraud and Abuse Act of 1986 (Pub. L. 99-474) and the National Information Infrastructure Protection Act of 1996 (Pub. L. 104-294), (18 U.S.C. 1030), or other applicable criminal laws. Anyone using or accessing this system expressly consents to such monitoring.

Disclaimer for Hypertext Links

Neither C3Compliant.com or websites operated by C3Compliant, LLC, C3Compliant, LLC, nor its contributors are responsible for the content of any off-site websites that are referenced by or that references C3Compliant.com or websites operated by C3Compliant, LLC . The user acknowledges that neither C3 nor its contributors are responsible for any defamatory, offensive, misleading, or illegal conduct of other users, links, or third parties and that the risk of injury from the foregoing rests entirely with the user.

Links from C3Compliant.com and websites operated by C3Compliant, LLC web pages on the WWW to other websites or from other websites to the C3Compliant.com and websites operated by C3Compliant, LLC do not constitute an endorsement by C3. These links are for convenience only. It is the responsibility of the user to evaluate the content and usefulness of information obtained from other sites.

C3 disclaims responsibility for the privacy policies and customer information practices of third-party Internet sites linked to our websites.

U.S.-EU Privacy Shield Compliance

C3Compliant, LLC complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. C3Compliant has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

C3Compliant provides security services solutions to business customers. We may receive business-related information and contact information related to individual representatives of customers, resellers, and other business partners. For example, C3Compliant may collect names, job titles, addresses, work phone numbers, work email addresses in connection with business transactions and other business relationships. Some of our customers may not be incorporated and may provide their home address when requesting information for our services.

C3Compliant collects and uses personal data for purposes of providing services to our customers, communicating with business partners about business matters, providing information on our services and conducting related tasks for legitimate business purposes and corporate development opportunities.

C3Compliant may share personal data to service providers and other contractors, who may process such data on our behalf and subject to confidentiality restrictions. We also may disclose personal data with other third parties for the purposes for which we receive the data (e.g., performance of contractual obligations) and as required or permitted by law. C3Compliant may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Recipients of marketing e-mails may opt-out of receiving further e-mail marketing communications from C3Compliant by following opt-out instructions that are contained in each marketing e-mail. Residents of the EU whose personal data C3Compliant has directly collected may request access to, and the opportunity to correct, amend, or delete such personal data. To submit such requests or raise any other questions, please contact us at Legal@C3Compliant.com. C3Compliant reserves the right to take appropriate steps to authenticate an applicant’s identity, charge a reasonable fee before providing access and deny requests, except as required by the Privacy Shield principles.

C3Compliant remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless C3Compliant proves that it is not responsible for the event giving rise to the damage. C3Compliant is subject to the investigatory and enforcement policies of the Federal Trade Commission.

In compliance with the Privacy Shield Principles, C3Compliant commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union (EU) with inquiries or complaints regarding our Privacy Shield policy should first contact C3Compliant at Legal@C3Compliant.com.

C3Compliant has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.

Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

Modifications/Enforcement

C3 reserves the right to modify this Privacy Policy from time to time without notice and at C3’s sole discretion. Such modifications shall be effective when posted. If you have any inquiries or concerns regarding C3 privacy policy or its compliance with this privacy policy, please contact C3 via email at Legal@C3Compliant.com or via mail at 5080 N. 40th Street, Suite 300, Phoenix, AZ 85018 Attn: Legal. If you believe that C3 has operated in a manner inconsistent with or in violation of this Privacy Policy, please contact us immediately via email at Legal@C3Compliant.com or via mail at 5080 N. 40th Street, Suite 300, Phoenix, AZ 85018 Attn: Legal to remedy the inconsistency or problem. If the inconsistency or problem is not remedied by C3 to your satisfaction, please contact the American Arbitration Association at www.adr.org for an independent review and resolution of the issue.

Disclaimer of C3 Information

All information provided by C3 on C3Compliant.com or websites operated by C3Compliant, LLC is made available to provide immediate access for the convenience of interested persons. While C3 believes the information to be reliable, human or mechanical error remains a possibility. Therefore, C3 does not guarantee the accuracy, completeness, timeliness, or correct sequencing of the information. Neither C3, nor any of the sources of the information, shall be responsible for any error or omission, or for the use of, or the results obtained from the use of, this information.

Disclaimer of Endorsement

Reference herein to any specific commercial products, processes, or services by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by C3.

Last updated: August 22, 2017