When you visit our various websites (each a “Site” and collectively, the “Sites”), and more generally, use any of our products (the “Products”) or services (the “Services”), which may include the Sites, we appreciate that you are trusting us with your Personal Data. We take your privacy very seriously. In this Policy, we seek to explain to you, in the clearest way possible, what information we collect, how we use it, and what rights you have in relation to it. We hope you take the time to read through it carefully. If there are any terms of this Policy that you disagree with, please discontinue the use of our Products and Services immediately.
This Policy applies to all information collected through our Sites, Products and Services, as well as any related services, sales, marketing or events, regardless of your access (e.g., via browser, email), or (b) whether you are a user or a visitor to our Sites.
Please read this Policy carefully as it will help you understand what we do with the information we collect.
This Policy does not apply to information collected by any third party, including through any third-party application or content that links to, or is accessible from, our Sites. This Policy applies with respect to your use of any EX1 Site, Product or Service, regardless of (a) your method of access, or (b) whether you are a user or a visitor.
Presently, CORASCloud, Inc. (“CORAS”) and Plasticity Inc. (“Plasticity”) are the only entities in the EX1 family of companies that have or may have customers in the European Economic Area (“EEA”) and Switzerland. Consequently, at this time, the sections of this Policy related to processing of Personal Data for EEA and Switzerland residents in accordance with the General Data Protection Regulation (GDPR) apply to CORAS/Plasticity only. If/when our other affiliated entities gain EEA customers, those entities will process information in accordance with this Policy.
We may revise this Policy at any time by updating this posting. Use of the Sites, Products or Services after such revisions are posted will signify your agreement with this Policy. You should visit this page periodically to review this Policy and any revisions.
Table of Contents:
We collect Personal Data that you voluntarily provide to us when you use our Sites, register for our Products and/or Services, express an interest in obtaining information about our Products or Services, when you participate in activities regarding our Products or Services, or when you otherwise contact us.
The Personal Data that we collect depends on the context of your interactions with us and the Sites, Products and Services, the choices you make, and the features that you use.
We do not sell, share, or rent any content, data, or other such materials you may otherwise actively provide to us through use of our Sites, Products and Services, we promise.
When you visit our Sites, you are not required to actively provide any information, but the analytics software we use may collect some Personal Data. When you contact us via the chat function, sign up to download or receive information, or sign up to receive and use Products and Services, you are required to provide some Personal Data.
Personal Data Collected Directly.We may collect—directly from you—Personal Data such as:
|Professional or Employment-Related Information|
|Sensitive, Special Treatment or Protected Characteristics|
Profiles reflecting a person's preferences, characteristics, trends, predispositions, behavior, etc.
We do not typically seek to collect the below sensitive Personal Data through our Sites or from users. We will obtain your explicit consent before we collect, use or otherwise process the below sensitive Personal Data in accordance with applicable data protection, GDPR and ePrivacy regulatory requirements.
Personal Data Collected Automatically.We automatically collect certain information when you visit, use or navigate the Products or Services. This information does not reveal your specific identity (e.g., name or contact information) and is primarily needed to maintain the security and operation of our Sites, Products and Services, and for our internal analytics and reporting purposes.
|Log and Usage Data|
Log and usage data is service-related, diagnostic, usage and performance information that our servers automatically collect when you access our Products and Services, and which we record in our log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings, settings and information about your activity on our Sites, (e.g., date/time stamps associated with your usage, pages and files viewed, searches and features you use/resources you access or download, referring/exit URLs, clickstream data, and device event information (e.g., system activity, error reports, and hardware settings.
We collect device data such as information about your computer, phone, tablet or other device you use to access the Products and Services. Depending on the device used, this data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system and system configuration information.
We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Products and Services. E.g., we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to this information or by disabling the Location setting on your device.
Cookies (small text files stored in a user's browser, referred to as “Cookies”), beacons (electronic images that allow us to count users who have accessed particular content and to access certain Cookies, referred to as “Beacons”), and tags through the Sites and through Cookies and other tracking technology to provide you with a personalized online experience.
To enhance our ability to provide relevant marketing, offers and services to you and to update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and other third parties. This information includes mailing addresses, phone numbers, intent data (or user behavior), IP addresses, social media profiles, social media URLs and custom profiles, for purposes of targeted advertising and event promotion.
Except for certain information that is required by law, your decision to provide Personal Data to us is voluntary. Therefore, you may decline to provide us with your Personal Data. Note, however, that if you opt out, you may not be able to use certain aspects of our Products and Services.
Personal Data may be collected from you either directly or indirectly when you: (a) order our Products using a Site, (b) use our Products from a Site, (c) access our Services, (c) participate in surveys or submit reviews, (d) submit our online forms or communicate with us on email, (e) upload or post any comments/content to our Sites, on social media, or blogs, (f) interact with us on social media, or (g) sign up for our mailing lists, register for events we host or sponsor, submit information as part of certain online services, or otherwise provide us information through the Sites.
We may use the Personal Data we collect and receive where one (1) or more of the following justifications exist:
To obtain your documented consent to our processing of your Personal Data.
|Managing Our Relationship With You.|
To fulfill your request for Product orders, support or Services under an existing or potential contract with you; to facilitate your conducting business with us; or to perform a transaction with you. Where a transaction involves our suppliers or strategic alliances, this may include sharing information with other parts of EX1, EX1's business partners or alliances, clients, financial institutions and postal or government authorities involved in fulfillment (subject to confidentiality obligations that may exist).
To provide information or Services requested by you.
|Business Management/ Operations|
To ensure the proper functioning of our business operations and administration of our general business, accounting, record-keeping and legal functions.
|Monitoring Your Use of Our Systems|
To monitor user activities on our systems to ensure users are complying with applicable laws and regulations and aren't performing activities that would negatively affect our reputation.
|Social Media Environment|
To enable online sharing and collaboration among members who have registered to use them; to protect our assets and the assets of our clients; to protect our brand on social media; to understand sentiment, intent, mood and market trends and our stakeholders' needs to improve our Products and Services through key-word searches, conversation stream monitoring and analysis; and to gain insights in conversation trends over a specified period, but not to identifying an individual.
|Protecting or Improving the Security and Functioning of Our Sites, Networks and Information|
To ensure that you receive an excellent user experience and/or to maintain the safety, security, and integrity of our Sites (e.g., fraud monitoring and prevention), Products, Services, information, tools, systems, databases and other technology assets and business.
|Audit the Downloading of Information From Our Sites|
To get to know our Site visitors' preferences and improve services accordingly.
|Analytics and Improving Our Sites|
To better understand how you access and use our Sites, Products and Services, and for analytical purposes to evaluate our Products and Services; to ensure the proper functioning our business operations; to improve our Products, Services, and business operations; to develop services and features; and to provide a better user experience.
To assess, improve and develop our business, Products and Services, and for research and analytics purposes.
|Historical, Statistical or Research and Development|
To analyze Personal Data to better understand historical or statistical trends subject to appropriate data protection safeguards.
|Online Account Registration or Administration|
To administer online accounts as part of a contract; to enable account features; to customize your view of our Sites or to personalize information you receive from us; to register you for a service or program; and to send you Product, Service and new feature information or information about changes to our terms, conditions and policies.
To develop and display personalized content and advertising (and work with 3rd parties to do so) tailored to your interests and/or location and to measure its effectiveness.
To keep you informed about our Products, Services, updates, offers, events, programs, products, tools, and solutions by post, email, SMS, phone and fax; to develop aggregate analysis and business intelligence and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us at email@example.com.
|Event, Conference or Similar Communications|
To facilitate your participation in a private or public forum, event or conference.
|Contest or Prize Administration|
To fulfill your participation in prize promotions, contests and other promotional offers that we may administrate.
|Content Creation/Production Activities|
To use your Personal Data for video, TV, film, marketing, advertising or other related content creation, production and distribution activities where you are involved based on prior consent and releases.
To ensure that we recruit appropriate employees, send relevant information about careers and opportunities, and to analyze the effectiveness of our recruitment efforts and resources in connection with a job application or inquiry.
|Managing Our Employment Relationship With You|
To assess performance or to terminate an employment contract to which our employees are a party.
|Protection of Vital Interests|
To prevent or act regarding Policy violation, suspected fraud, situations involving potential threats to the safety of any person, and illegal activities.
|Complying with Legal Obligations|
To comply or fulfill our legal proceedings, employment, labor, tax or similar legal requirements.
|Law Enforcement Requests and Harm Prevention|
To comply with a law, regulation, legal process, court order or by any rule of law or governmental request; to protect the safety of any person; to protect the rights of those who use our Sites, Products and Services; to prevent or detect crime; to apprehend or prosecute offenders. Nothing in this Policy is intended to limit any legal defenses or objections that you may have to a third party, including a governmental request, to disclose your Personal Data.
|Protection of Legal Rights and Prevention of Misuse|
To protect our Sites and business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse; to establish, exercise or defend legal claims; where we believe necessary to investigate, to prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party; or to violations of this Policy.
|Affiliates and Change of Ownership|
To facilitate merger, acquisition, reorganization, sale of assets or similar function.
To post testimonials that may contain Personal Data. Prior to posting any testimonial, we will obtain your consent to use your name and content of the testimonial. Should you wish to update or delete a testimonial, please contact us at firstname.lastname@example.org.
To enable user-to-user communications with each user's consent.
To obtain feedback and to contact you about the use of our Products and Services.
To respond to your inquiries and solve any potential issues you might have with the use of our Products or Services.
We will process your Personal Data for the above referenced purposes based on your prior consent, to the extent such consent is mandatory under applicable laws.
If you are asked to click on/check “I accept,” “I agree” or similar buttons/checkboxes/functionalities, we will consider this step as providing your consent for us to process your Personal Data, only in the countries where such consent is required by regulations. In all other countries, such action will be considered as a mere acknowledgement.
We will not collect Personal Data for materially different, unrelated, or incompatible purposes without providing you with notice or, as applicable, obtaining your consent, unless it is in your own or another person's vital interest (e.g. medical emergency) to do so.
To ensure that your Personal Data is processed, used, stored, and transferred securely and, in connection with EU law, we use third parties that provide sufficient guarantees to implement appropriate technical and organizational measures to protect your Personal Data.
Please note, the terms and privacy policies of the third parties we use may apply to you as well, in particular: Google Analytics, Webflow, SEMrush, Square and Stripe (in the case of Plasticity only). Your acceptance of applicable third party terms is required to access our Sites, Products and Services. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. Their standards may differ from ours. We do not endorse such third parties unless expressly stated otherwise.
DISCLAIMER: This overview of third parties is a snapshot. We strive to keep this list as up-to-date as reasonably possible. However, it is possible that not all current third party providers are listed.
We will not intentionally disclose (and will take reasonable steps to prevent the unauthorized or accidental disclosure of) your Personal Data to any third parties for their own direct marketing use. We may use your Personal Data for our business purposes, e.g. internal research, technical development and demonstration. This is not considered “selling” of your Personal Data. EX1 has never disclosed or sold any Personal Data to third parties for a business or commercial purpose, and EX1 will not sell Personal Data in the future belonging to Site visitors, users and other consumers.
We do not store any credit card information; we have partnered with Square Capital, LLC (“Square”) and Stripe (in the case of Plasticity only) to collect payments, with each being a “Payment Provider”). Payment information is stored on each Payment Providers' secure site and not available to us, other than name, email and referential transaction information. If we have issues processing an order, this information will be used to contact you. Your credit card information collected via each Payment Provider's secure online payment system is governed by each Payment Provider's Privacy Notice.
Please see Square's Privacy Notice for more information, available here, and for CA residents, please see Square's additional privacy disclosure here. Square's Commercial Entity Agreement (or bank agreement) can be found here.
We retain Personal Data for as long as we reasonably consider it to be necessary for the purposes for which it was collected (unless a longer retention period is required by law), after which time we will securely delete or anonymize the information. You can also request deletion of your Personal Data by contacting email@example.com.
Some of our disclosures may involve the transfer of Personal Data to countries or regions where the local law may grant you fewer rights than you have in your own country. We have designed this Policy to provide a globally consistent level of protection for Personal Data all over the world. This means that before we transfer Personal Data to those areas, we will take the necessary steps to ensure that your Personal Data will be given adequate protection as required by applicable data protection.
Yes, you can opt out of direct marketing or promotional emails.
We may send periodic promotional emails to you, and where required by law, we will obtain your consent to do so. You may opt out of such communications at any time by following the opt-out instructions contained in any email, by emailing firstname.lastname@example.org or by postal mail using the contact information provided at the end of this Policy. For CORAS and Plasticity, users can withdraw consent by adjusting their account profile settings in the Products.
If you opt out of receiving emails containing information that we think may interest you, we may still send you emails about your account or any Products or Services you have requested or received from us.
Our Sites, Products and Services may contain links to other websites run by third parties for your convenience and informational purposes only.
Our provision of third party links do not amount to our endorsement of these other websites, nor their content, owners, or practices. We do not control or assume responsibility for the content, accuracy or practices of these other websites or third parties. The inclusion of third party links does not suggest that the opinions expressed on the third-party site are representative of the views or opinions of EX1. This Policy does not apply to those other websites, which are governed by their own terms and policies.
We intend to maintain Personal Data accuracy, completeness, current status, and security. In the event of changes in your Personal Data, you may inform us at email@example.com to make sure that our information is up-to-date. CORAS/Plasticity users may view and access their profile and make changes to the Personal Data stored on the CORAS/Plasticity Sites, Products and Services. Please note that CORAS/Plasticity users cannot opt out of receiving Product and transactional emails related to their CORAS/Plasticity account.
We will not accommodate a request to change your Personal Data if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the user about the legal obligations that prevent us from fulfilling the request.
We will maintain an audit history of any requests to access, correct or delete Personal Data to maintain a record of compliance with regulatory requirements.
We implement commercially reasonable physical, administrative and technical safeguards to help us protect the confidentiality, security, and integrity of your Personal Data and prevent the loss, misuse, unauthorized access, unauthorized interception, or information alteration. For example, EX1 takes appropriate measures to make sure that the Personal Data you provide is stored on computer servers in controlled, secure environments.
All of our partners, employees, consultants, workers and data processors (i.e., those who process your Personal Data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of Personal Data, are obliged to respect the confidentiality of such Personal Data.
We have implemented strong technical and organizational security measures designed to protect the security of Personal Data that we process, e.g., use of firewalls with intrusion detection, 24/7 monitoring, physical security through our hosting providers, encryption via SSL when using our SSL-based services, payment processing providers, and processing and authentication standards for password and username.
Your choice to disclose Personal Data in an email submission or online form is voluntary. Despite our safeguards and efforts to secure your Personal Data, no data transmission over the Internet is 100% secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized 3rd parties will not be able to defeat our security and improperly collect, access, steal or modify your information. Although we do our best to protect your Personal Data, transmission of Personal Data to and from our Sites, Products and Services is at your own risk. You should only access our Sites, Products and Services from a secure environment.
EX1 is committed to protecting children's privacy online. Our Sites are not intentionally designed for or directed at children under the age of 13 in the U.S and 16 in California or in the EEA. We will not knowingly or intentionally collect, store, use, or share, Personal Data of children under the age of 13 in the U.S and 16 in California or in the EEA without prior documented parental or guardian consent.
If you are under the age of 13 in the U.S and 16 in California or EEA, please do not provide any Personal Data, even if prompted by the Sites to do so. If you are under the age of 13 in the U.S and 16 in California or EEA and you believe you have provided Personal Data to us, please ask your parent(s) or guardian(s) to notify us and we will delete all such Personal Data.
If we become aware that we have inadvertently received Personal Data from a user under the age of 13 in the U.S, 16 in California or in the EEA, we will delete that data from our records.
Yes, if you are a CA resident, you are granted specific rights regarding access to your Personal Data.
CA Civil Code Section 1798.83, also “Shine The Light” law, permits our users who are CA residents to request and obtain from us, once a year, free of charge, information about categories of Personal Data (if any) that we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared Personal Data in the immediately preceding calendar year. If you are a CA resident and would like to make such a request, please submit your request to us in writing at firstname.lastname@example.org.
If you are under 18, reside in CA, and have a registered account with a Product or Service, you have the right to request removal of unwanted data that you publicly post on the Products or Services. To request removal of such data, please contact us at email@example.com and include a statement that you reside in CA. We will make sure that the data is not publicly displayed on the Products and Services, but please be aware that the data may not be completely or comprehensively removed from all of our systems (backups, etc.).
A “resident” of CA is defined under the CA Code of Regulations as someone who is in the State of CA for other than temporary or transitionary purposes, or someone who is domiciled in CA but is outside CA for temporary or transitionary purposes. All other individuals are defined as “non-residents.”
If the definition of “resident” applies to you, then we must adhere to certain rights and obligations regarding your Personal Data.
In the preceding twelve (12) months, we have collected the following categories of Personal Data:
|A. Identifiers (includes contact details such as name, alias, address, telephone or mobile number, unique personal identifier, online identifier, IP address, email address and account name).||YES|
|B. Personal Data Categories as Listed in the CA Customer Records Statute (includes name, contact information, education, employment status, employment history and financial information).||YES|
|C. Protected Classification Characteristics under CA or Federal Law (includes gender and date of birth).||NO|
|D. Commercial Information (includes transaction information, purchase history, financial details and payment information).||YES|
|E. Biometric Information (fingerprints and voiceprints).||NO|
|F. Internet or Other Similar Network Activity (includes browsing history, online behavior, and interactions with our and other websites, systems, and advertisements).||YES|
|G. Geolocation Data (device location).||YES|
|H. Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information (includes images and audio, video or call recordings created in connection with our business activities).||NO|
|I. Employment Information (business contact details in order to provide you your Products or Services at a business level, job title, work history and professional qualifications if you apply for a job with us).||YES|
|J. Education Information (student records and directory information).||YES|
|K. Inferences Drawn From Other Personal Data (e.g., using Cookies to create a profile or summary about an individual's preferences and characteristics).||YES|
We may also collect Personal Data outside these categories where you interact with us in-person, online or by phone or mail in the context of: (1) receiving help through our customer support channels, (2) participation in surveys or contests, or (3) delivery of our Products and Services and to respond to your inquiries.
Yes, CA residents also have the below additional specific rights regarding their Personal Data under the CA Consumer Privacy Act (“CCPA”):
|Right to be Informed:|
Depending on the circumstances, you have a right to know:
|Request to Delete:|
You have the right to request that we delete any of your Personal Data. If you ask us to delete your Personal Data, we will respect your request and delete your Personal Data, subject to certain exceptions, e.g., our legal obligation to protect against illegal activities.
|Right to Non-Discrimination for the Exercise of Privacy Rights:|
We will not discriminate against you if you exercise your privacy rights under the CCPA.
Please note that some of the above rights may be limited where we have an overriding legitimate interest or legal obligation to continue to process the Personal Data, or where the Personal Data may be exempt from disclosure due to applicable law.
To exercise any of the above rights, please contact us a firstname.lastname@example.org and include a statement that you are a CA resident.
Yes, residents in the EEA or Switzerland may have rights that allow you greater access to, and control over, your Personal Data.
In the EEA and Switzerland, you have certain rights under applicable data protection laws. These may include the right to: (a) request access to and obtain a copy of your Personal Data; (b) request correction or erasure (or “right to be forgotten”) of Personal Data; (c) restrict the processing of your Personal Data; (d) in certain circumstances, data portability (receipt of Personal Data we have collected about you in a structured, machine readable format); (e) processing of Personal Data for a legitimate business purpose only; and (f) notification of a security breach incident without undue delay after we become aware of the incident. In certain circumstances, you may have the right to object to the processing of your Personal Data. To make such a request, please email us at email@example.com and include a statement that you are an EEA or Switzerland resident. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your Personal Data, you have the right to withdraw your consent at any time. Please note, however, that this will not reflect the lawfulness of the processing before the withdrawal, nor will it affect the processing of your Personal Data in reliance on lawful processing grounds other than consent.
If you are a resident of the EEA and you believe we are unlawfully processing your Personal Data, you have the right to complain to your local data protection supervisory authority. You can find their contact details here.
If you are a resident of Switzerland, the contact details for the data protection authorities are available here.
If you are a resident of the EEA or Switzerland and you have questions about or would like to exercise your privacy rights, please email us at firstname.lastname@example.org and include a statement that you are an EEA or Switzerland resident.
Please note that some of the above rights may be limited where we have an overriding legitimate interest or legal obligation to continue to process the Personal Data, or where the Personal Data may be exempt from disclosure due to applicable law
Yes, upon receiving a request to enforce specific rights of consumers in CA, the EEA or Switzerland, we will need to verify your identity to determine that you are the same person about whom we have the information in our system. These verification efforts require that you provide us with information so that we can match it with information that you have previously provided to us.
We will only use Personal Data provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may ask that you provide us with additional information for the purposes of verifying your identity and for security/fraud prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.
We do not charge individuals located in CA, the EEA or Switzerland a fee to process or respond to verifiable Personal Data requests unless it is excessive or manifestly unfounded to warrant a “reasonable fee” to cover our administrative costs of complying with the request.
For verified CA and EEA/Switzerland requests for Personal Data, we will respond no later than 30 days and 45 days, respectively. If we require more time to respond, we will inform you of the reason and extension period in writing before required response time. If you have an account with us, we will deliver our written response to the registered email associated with the account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. If applicable, we will explain the reasons we cannot comply with a request. For data portability requests, we will select a method of providing your Personal Data in a readily useable format.
If you have questions or comments about this Policy, you may email us at email@example.com or reach out to our Data Protection Officer at firstname.lastname@example.org, by phone at (703) 910-5090 or by mail to:
ATTN: LegalExecutive 1 Holding Company, LLC7918 Jones Branch Drive, Suite 800McLean, VA 22102E-mail: email@example.com
Please note that no permission is granted for you to use EX1's logos, icons, or content. You must obtain our prior written permission to post additional graphic or textual material along with your link to our Sites.