Privacy Policy
Last Update: July, 2024
INTRODUCTION
Archipelo, Inc. and our affiliates (together, “Archipelo”, “we”, “our” or “us”)
provides software supply chain security services (the “Services”). As part of its Services, Archipelo
provides its customers with a dedicated source code control, vulnerability detection and response platform (the “Platform”).
Archipelo respects the privacy of its customers, partners, vendors, service providers, Platform users, website visitors,
and employment candidates, and is committed to protecting the personal information that is shared with us (these and
any others with respect to whom we collect personal data, shall collectively be referred to as “you” or “Data Subjects”).
In order to ensure transparency and give you more control over your Personal Data, this privacy policy (“Privacy Policy”) describes how we process, use, collect and store Personal Data (defined below) that we receive from or about
you in different scenarios.
For instance, when you browse or visit our website, www.archipelo.com
(“Website”) and use its various offerings (like booking a demo, requesting a free trial, downloading
resources, and subscribing to newsletters), create an account and log in to our Platform, and any other software
application that we license, show interest in our Services, take part in our marketing activities, interact with
us on our social media profiles, or apply for a job with us, as well as when we acquire your Personal Data from
third-party sources for marketing, process your Personal Data, all as detailed below.
Please read this Privacy Policy carefully, so you can fully understand our practices in relation to Personal Data.
Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including
your rights to a remedy or means of enforcement.
“Personal Data” means any information that can be used, alone or together with other data, to uniquely identify any
living human being and any information deemed as Personally Identifiable Information by applicable privacy laws.
Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions.
For example, the legal basis discussed below is only relevant to individuals protected by the European Union General
Data Protection Regulation (also, as it forms part of the laws of England and Wales, Scotland and Northern Ireland,
the “GDPR”)). For the purposes of the GDPR and other applicable privacy laws, Archipelo is a data
controller (“Controller”) in relation to the Personal Data of the representatives of our customers and
prospective customers, partners, vendors, website visitors, and employment candidates.
For the purposes of the GDPR and other applicable privacy laws, Archipelo is a data processor (“Processor”)
in relation to the processing of the Personal Data of our customers’ Platform users, or any other Personal Data
processed on behalf of our customers as part of the provision of the Services through our Platform. If you are a
registered user of the Platform, or if we may otherwise process your Personal Data on behalf of our customers as
part of our Services, please contact our applicable customer in order to receive additional information regarding
the processing of your Personal Data on the Platform as part of our Services.
We may update this Privacy Policy from time to time and therefore we ask you to check back periodically for the latest
version. If we implement any significant changes to the use of your Personal Data in a manner different from that stated
at the time of collection, we will notify you by posting a notice on our website or by other means.
This Privacy Policy forms part of our Website Terms of Service. Any capitalized
but undefined term in this Privacy Policy shall have the meaning given to it in the Terms.
WHAT INFORMATION WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED
We collect and use the following information:
(i) When you browse or visit our website
- Personal Data we may collect: We may use analytics tools, cookies and log files on our Website which may
collect Personal Data such as IP address, pages clicked, search and browser history, and device information.
- For what purposes: We use such information to analyze usage trends of the Website, maintain and improve
the Website’s functionality and our marketing and promotional efforts. We may
- Legal basis (GDPR only, if applicable): Legitimate interest (e.g., essential cookies required for the
operation of the Website) or Consent (e.g., non-essential cookies, such as marketing or analytics cookies, to
the extent required under applicable law).
- Consequences of not providing the Personal Data: Certain Website features may not be available, and we
may not be able to use the Personal Data for the purposes described above (e.g. analytics or marketing).
(ii) When you book a demo
- Personal Data we may collect: Full name, business email address, as well as any other Personal Data that
you decide to provide us with.
- For what purposes: To receive and respond to your request, to provide you with a product demo, and to
send you marketing communications via email. We may also record the demo and/or follow-up sessions, if you
agree, for the purposes of business intelligence and improving our Services.
- Legal basis (GDPR only, if applicable): Performance of a contract to which the data subject is a party or
to take steps at the request of the data subject prior to entering a contract and/or legitimate interest (to
provide you with a demo, marketing) or consent (for marketing, if required under applicable law).
- Consequences of not providing the Personal Data: We will not be able to provide a demo and/or send you
marketing communications.
(iii)When you request a free trial and during the trial period
- Personal Data we may collect: Full name, job title, business email address, and any other Personal Data
that you decide to provide us with.
- For what purposes: To provide you with a free trial period and to send you marketing communications
- Legal basis (GDPR only, if applicable): Processing is necessary for the performance of a contract to
which the data subject is party or to take steps at the request of the data subject prior to entering a
contract, legitimate interest or consent (for marketing, if required by applicable law).
- Consequences of not providing the Personal Data: We will not be able to provide you with a free trial
and/or send you marketing communications.
(iv)When you download our online resources
- Personal Data we may collect: Full name, business email address.
- For what purposes: To provide our Services and to send you marketing communications.
- Legal basis (GDPR only, if applicable): Legitimate interest (provide your requested materials) or consent
(for marketing, if required under applicable law).
- Consequences of not providing the Personal Data: We will not be able to provide you with the requested
online resources and/or send you marketing communications.
(v) When you subscribe to our blog, newsletter(s), or distribution list(s)
- Personal Data we may collect: Full name, business email address.
- For what purposes: To subscribe you to our blog or newsletter and send you updates about Archipelo,
including marketing communications.
- Legal basis (GDPR only, if applicable): Legitimate interest (in the context of B2B marketing) or consent
(for marketing, if required under applicable law).
- Consequences of not providing Personal Data: We cannot provide you with updates or send you marketing
communications.
(vi)When you contact us regarding our Services (e.g. via submitting a request or similar forms):
- Personal Data we may Collect: Full name, business email address, job title, work telephone number, as
well as any other Personal Data that you decide to provide us with.
- For what purposes: To process and answer questions and to contact you upon your request, to provide
support and to send you marketing communications.
- Legal basis (GDPR only, if applicable): Performance of a contract to which the data subject is party or
in order to take steps at the request of the data subject prior to entering a contract (i.e., the subscription
agreement) and/or legitimate interest (e.g. respond to a query sent by you, marketing) or consent (for
marketing, if required under applicable law).
- Consequences of not providing the Personal Data: We cannot answer your questions or send you marketing.
(vii) When you attend a marketing event or webinar, exchange business cards with us or otherwise provide us with
your Personal Data for marketing purposes:
- Personal Data we may collect: Full name, business email address, job title, business address and phone
number, as well as any other Personal Data you decide to provide us with.
- For what purposes: To establish a business relationship with you, contact you about our Services and send
you marketing communications.
- Legal basis (GDPR only, if applicable): Legitimate interest (in the context of B2B marketing) or consent
(for marketing, if required under applicable law).
- Consequences of not providing the Personal Data: We cannot establish a business relationship or send you
marketing communications.
(viii) When we use Personal Data of our customers/end-users (e.g. when you create an account, log-in to and use
our online products and Services):
- Personal Data we may collect directly from you or from your employer who provides us with your contact
details: Full name, business email address, phone number, company, country, data relating to your use of our Services,
Archipelo password (if you have a Archipelo account), job title, role, company, business address, country,
payment information (if applicable and only to the extent that includes Personal Data), Personal Data received
from third party software applications, products or services you (or your employer) choose to integrate with, or
engage via, our Services, as well as any other Personal Data you decide to provide us with (e.g. any feedback
you provide). Personal Data we collect automatically when you use our services: When you access or use the
Services we automatically collect information about you, including data relating to you use of our Platform and
services (e.g. pages visited, IP address, access times).
- For what purposes: (i) To allow you to register for and log-in to our Platform, (ii) to provide our
Services and perform our agreements with our customers (iii) for monitoring and security purposes, including for
user authentication, logging and debugging and to prevent Platform abuse, (iv) to provide support (e.g.
ticketing and chat functions), (vi) to maintain and improve our Services, (vii) to communicate with you and
allow you to provide feedback on our Services (viii) for billing (if applicable) and account management, (ix) to
send you marketing communications via email; (x) to collect analytics information on use of the Services.
- Legal basis (GDPR only, if applicable, regarding data processing as Controller): Performance of a
contract to which the customer is party, compliance with legal obligations (e.g. tax laws, bookkeeping laws,
etc.), legitimate interest (to provide our Services, send you contract-related communication, marketing or
updates about our Services) or consent (for marketing, if required under applicable law). Data processed on the
Platform on behalf of customers (such as Platform user data and other data provided on behalf of customers) is
processed by Archipelo as a Processor and is governed by a Data Protection Agreement with our customers.
- Consequences of not providing the Personal Data: We cannot provide the Services, grant you access to the
Platform, perform our obligations, or communicate with you.
(ix)When we acquire your Personal Data from third-party sources for marketing:
- Personal Data we may collect: Full name, business email address, job title, business address, business
telephone number, country.
- For what purposes: To establish a first business connection and to send marketing communications.
- Legal basis (GDPR only, if applicable): Depending on the context, legitimate interest (in the context of
B2B marketing), consent (for marketing, if required under applicable law) or pre-contractual discussions.
- Consequences of not providing the Personal Data: We cannot contact you regarding our Services and
establish a business relationship.
(x) When we use the Personal Data of our service providers or distributors:
- Personal Data we may collect: Full name, business email address, business phone number, job title,
business address, country, payment information, and any other Personal Data that you provide us.
- For what purposes: (i) to perform our agreements with our service providers and distributors and
communicate with them, and to comply with our legal obligations and record-keeping requirements.
- Legal basis (GDPR only, if applicable): Performance of a contract to which the service provider or
distributor is a party, compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.), and/or
legitimate interest (e.g. send you contract-related communications. to perform our agreement with your
employer).
- Consequences of not providing the Personal Data: We cannot perform our agreement with you or communicate
with you.
(xi)When you interact with us on our social media profiles (e.g. Facebook, Instagram, Twitter, LinkedIn):
- Personal Data we may collect: Full name, business email address, any other Personal Data that you decide
to share with us.
- For what purposes: To respond to your questions or request, establish a business relationship and send
you marketing communications.
- Legal basis (GDPR only, if applicable): Legitimate interest (e.g. responding to your request, marketing,
and business development) or consent (for marketing, if required under applicable law).
- Consequences of not providing the Personal Data: We can’t respond to your requests, establish and
business relationship and send you marketing communications.
(xii) When we undertake social media marketing, including via the use of audiences or list-based advertising:
- Personal Data we may collect or receive: Full name, business email address, job title, telephone number,
IP address, pages clicked, search and browser history, device information and any other Personal Data you or
third parties provide us
- For what purposes: We may use your Personal Data to contact you via social media platforms in order to
establish a business relationship with you and contact you about the Services. If you’re outside the EU, we may
also use your Personal Data in order to create lists of individuals that we would like our advertising about our
Services to target via social media channels, including via direct messaging marketing solutions. You may be
included in such a list (in which case you will see advertising related to Archipelo when you visit those social
media platforms) or we may use your Personal Data to ask social media platforms to compile a list of other
individuals who we think will be interested in our products so that those individuals can be presented with
advertising about Archipelo.
- Legal basis (GDPR only, if applicable): Legitimate interest (marketing, advertising, and business
development) or Consent (if required by applicable law)
- Consequences of not providing the Personal Data: We can’t establish a business relationship with you via
social media platforms; you will be excluded from advertising and marketing campaigns on social medial
platforms.
(xiii) When you apply for a job with us:
- Personal Data we may collect: Full name, email address, any Personal Data contained in your resume
(c.v.), your responses to any assessment, background check results (in accordance with applicable law), any
other Personal Data that you decide to provide us with. Please note that, in most cases, we receive the
information directly from you, but we may also receive information from recruitment companies, references or
background check companies
- For what purposes: To assess you as a candidate, review and examine your job application and communicate
with you.
- Legal basis (GDPR only, if applicable): In order to take steps at the request of the data subject prior
to entering a contract (employment contract) and legitimate interest (e.g. to assess you as a candidate,
recruitment).
- Consequences of not providing Personal Data: We cannot process your application or communicate with you.
Finally, please note that some of the abovementioned Personal Data will be used for detecting, taking steps to
prevent, and prosecuting fraud or other illegal activity, identifying and repairing errors, conducting audits, and
for security purposes. Personal Data may also be used to comply with applicable laws, with investigations
performed by the relevant authorities, for law enforcement purposes, and/or to exercise or defend legal claims. In
certain cases, we may anonymize or de-identify your Personal Data. “Anonymous Information” means information that
does not enable identification of an individual user, such as aggregated information about the use of our
Services. We may use Anonymous Information and/or disclose it to third parties for our business purposes and
further use such anonymized data for internal business purposes, including, without limitation, to improve our
Services and for research and development purposes.
HOW WE PROTECT YOUR PERSONAL DATA
We have implemented appropriate technical, organizational, and security measures designed to protect your Personal
Data. Archipelo implements, enforces, and maintains security measures, technologies, and policies to prevent
unauthorized or accidental access to or destruction, loss, modification, use, or disclosure of Personal Data. We
also take steps to monitor compliance with such policies on an ongoing basis. Where we deem it necessary in light
of the nature of the data in question and the risks to data subjects, we encrypt data in transit and at rest.
Likewise, we take industry-standard steps to ensure our Website and Services are safe and to prevent unauthorized
access to our databases. Other security safeguards include but are not limited to, firewalls, s, access logs,
breach detection systems and physical access controls to buildings, systems, and files.
However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized
penetration to our servers. As the security of information depends in part on the security of the computer, device,
or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make
sure to take appropriate measures to protect this information.
Within Archipelo, we endeavor to limit access to Personal Data to those of our personnel who: (i) require access in
order for Archipelo to fulfill its obligations, including also under its agreements, and as described in this Privacy
Policy, and (ii) have been appropriately and periodically trained with respect to the requirements applicable to the
processing and security of the Personal Data, and (iii) are under confidentiality obligations as may be required under
applicable law.
Archipelo shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities
and data subjects in the event that any Personal Data processed by Archipelo is lost, stolen, or where there has been
any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority.
Archipelo shall promptly take reasonable remedial measures.
HOW WE RETAIN YOUR PERSONAL DATA
We may store your Personal Data for as long as such Personal Data is necessary for accordance with the purpose for
which we collected it, and as long as necessary to fulfill your requests or inquiries or provide services or until
we proactively delete it or you send a valid deletion request. In certain circumstances, we may store your
Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal,
regulatory, tax, or accounting requirements, and to meet any audit, compliance, and business best-practices, or
(ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or
(iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. We
maintain a data retention policy that we apply to Personal Data in our care. Regarding the retention of cookies,
you can read more in our cookies policy. Data that is no longer retained will be anonymized or deleted. Likewise,
some metadata and statistical information concerning the use of our Website and Services are not subject to the
deletion procedures in this policy and will be retained by Archipelo. We will not be able to identify you from
this data. Some data may also be retained on our third-party service providers’ servers until deleted in
accordance with their privacy policy and their retention policy, and in our backups until overwritten.
HOW WE SHARE YOUR PERSONAL DATA
Depending on the context described in Section 2 above, we may share your Personal Data with the following
categories of third parties:
- Third-party service providers. Archipelo has partnered with a number of selected service providers, whose
services and solutions complement, facilitate, and enhance our own (“Third Party Service Providers”). These may
include service providers of the following services: hosting / storage, email distribution and monitoring,
authentication, support and ticketing, logging and monitoring, CRM, data enrichment, sales and marketing
engagement and automation, analytics and business intelligence, in-app notification and feedback, data and cyber
security services, billing and payment processing services (only if applicable), fraud detection and prevention
services, session recording and remote access services, and our legal and financial advisors, document
management, only in case you are applying for a job with us- automation/management of HR and job application,
and only in case of jobs in certain jurisdictions, and only with your consentbackground checks. Depending on the
context, we may share the following categories of Personal Data with such Third Party Service Providers for
business purposes: identifiers, including name, alias, unique personal identifiers, online identifiers, IP
addresses, business email addresses, or other similar identifiers, as well as information regarding services
purchased, obtained, or considered.
- Archipelo-affiliated companies. We may share your Personal Data internally within our affiliated
companies, to the extent necessary to fulfill the purposes listed above. Sharing Personal Data between of data
subjects from the European Union, the United Kingdom, and Switzerland between Archipelo’s subsidiaries located
outside these regions will always take place under an approved transfer mechanism, such as the relevant Standard
Contractual Clauses (if required).
- Law enforcement, legal requests, and duties. To the extent necessary and subject to applicable law,
Archipelo may disclose or otherwise allow access to any categories of Personal Data described in this Privacy
Policy, with or without notice to you, to regulators, courts, or competent authorities, pursuant to valid legal
requests (such as a subpoenas, legal proceedings, search warrants or court orders), to comply with applicable
laws, regulations, and rules (including, without limitation, federal, state or local laws), and requests of law
enforcement, regulatory and other governmental agencies or if required to do so by court order.
- In connection with a change in corporate control. Should Archipelo or any of its affiliates undergo any
change of control, including by means of merger, acquisition, or purchase of substantially all of its assets, or
in the event of bankruptcy or a comparable event, your Personal Data (to the minimum extent required) may be
shared with the parties involved in such event.
- Social media platforms. For the purposes mentioned above.
- With your consent or upon your further direction. Our Services enable you, through different techniques,
to engage and procure different optional third-party services, products, and tools (for instance, log in using
an account you maintain with a third-party platform). If you choose to use such third-party services, they may
have access to and process your Personal Data. In addition, we may share your Personal Data where you have
provided your consent to us sharing or transferring your Personal Data, or where you directed us to do so (e.g.,
where you opt-in to optional additional services or functionalities or applicable third-party services available
on our Services). Please note that in such instances Archipelo merely acts as an intermediary at your direction,
allowing you to procure such third-party services with which you are interacting directly, at your discretion
and risk.
WHERE WE STORE YOUR PERSONAL DATA AND ADDITIONAL INFORMATION ABOUT TRANSFERS OF GDPR-PROTECTED PERSONAL DATA
- Generally, and unless you are an end user of a customer with which we’ve agreed otherwise in a separate customer
agreement, your Personal Data is stored in data centers of our cloud-hosting third-party service providers that
are located in the United States of America and the European Economic Area (EEA).
- Personal Data collected in the EU and UK is transferred to, stored, and processed at destinations outside the
EEA and the UK. This includes transfers to our headquarters, located in Israel, a jurisdiction deemed adequate
by the EU Commission and the UK, and transfers to our staff and certain third-party service providers in the
USA, not currently deemed adequate. We transfer Personal Data to such locations in order to:
- store or backup the information;
- enable us to provide you with the Services and fulfill our contract with you;
- fulfill any legal, audit, ethical, or compliance obligations that require us to make that transfer
- facilitate the operation of our group businesses, where it is in our legitimate interests and we have
concluded these are not overridden by your rights;
- to serve our customers across multiple jurisdictions; and
- to operate our affiliates in an efficient and optimal manner.
- Where your Personal Data is transferred outside of the EEA or UK, we will take all steps reasonably necessary to
ensure that your Data is subject to appropriate safeguards, including entering into contracts that require the
recipients to adhere to data protection standards that are considered satisfactory under the GDPR and other
applicable laws, and that it is treated securely and in accordance with this Privacy Policy.
- Transfers from the EEA to Israel are made based on an adequacy ruling by the EU Commission. Transfers from the
EEA to the USA are made based on the Standard Contractual Clauses published by the EU Commission. Transfers from
the UK to the EEA and to Israel and made based on UK’s Adequacy Regulations. Transfers from the UK to the USA
are made based on the UK’s International Data Transfer Addendum to the EU Commission Standard Contractual
Clauses.
YOUR PRIVACY RIGHTS; HOW TO DELETE YOUR DATA
1. Rights: The following rights (which may be subject to certain exemptions or derogations) may apply to certain
individuals (some of which only apply to individuals protected by the GDPR or other applicable data protection
laws):
- .You have a right to access Personal Data held about you. Your right of access may normally be exercised free of
charge, however, we reserve the right to charge an appropriate administrative fee where permitted by applicable
law;
- You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
- You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note
that there may be circumstances in which we are required to retain your Personal Data, for example for the
establishment, exercise, or defense of legal claims;
- You have the right to object, to or to request restriction, of the processing;
- You have the right to data portability. This means that you may have the right to receive your Personal Data in
a structured, commonly used, and machine-readable format and that you have the right to transmit that data to
another controller;
- You have the right to object to profiling;
- Where you have consented to the processing of your Personal Data, you have the right to withdraw your consent at
any time and prevent further processing by contacting us as described in this Privacy Policy. Please note that
there may be circumstances in which we are entitled to continue processing your data, in particular, if the
processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of
consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- You also have a right to request certain details of the basis on which your Personal Data is transferred outside
the European Economic Area, but data transfer agreements and/or other details may need to be partially redacted
for reasons of commercial confidentiality;
- You have a right to lodge a complaint with your local data protection supervisory authority
- (i.e., your place of habitual residence, place of work, or place of alleged infringement) at any time or before
the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with
us before you contact your local supervisory authority and/or relevant institution.
- .If you may have certain additional rights under local privacy laws applicable in your jurisdiction. To the
extent such privacy laws apply to you, we will respect your rights and comply with such laws.
You can exercise your rights by contacting us at
[email protected] Subject to legal and other permissible considerations,
we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you
if we require further information in order to fulfill your request. When processing your request, we may ask you for
additional information to confirm or verify your identity and for security purposes, before processing and/or honoring
your request. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly
unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for
example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your
request in a different way than initially requested, we will address your request to the maximum extent possible, all
in accordance with applicable law.
Deleting your Platform user account and Personal Data: Please note that if you are a registered user of the
Platform (as an employee or agent operating on behalf of a customer of Archipelo), or if we may otherwise process
any of your Personal Data on behalf of a customer as part of the provision of the Services through our Platform,
please contact our applicable customer with any deletion or other data subject rights requests. You can also
contact us by emailing [email protected], and we, as a Processor of
such customers, will do our best to assist, in accordance with our agreement with the customer and per the
customer’s instructions.
Deleting other (non-platform user) Personal Data: Should you ever wish to delete your Personal Data that Archipelo
processes as a Controller (e.g. Personal Data of the representatives of our customers and prospective customers,
partners, vendors, website visitors, and employment candidates), you may submit your request by emailing [email protected].
USE BY CHILDREN
Our Services and Website are not intended for children under the age of eighteen (18), so we do not knowingly
collect Personal Data from, of, or about children under the age of eighteen (18). If you are under the age of
eighteen (18), do not use our Services or Website and do not provide any Personal Data to us without the
involvement of a parent or a guardian. If you believe that we have such information, please contact us at
[email protected].
LINKS TO AND INTERACTION WITH THIRD PARTY SERVICES
Our Services may enable you to interact with, contain links to, or allow integration with your, or your
employer’s, third-party accounts and other third-party websites, software applications, and products or services
that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy
practices or the content of such Third Party Services. Please be aware that Third Party Services may collect
Personal Data from you. Accordingly, we encourage you to read the terms of service and privacy policies of each
Third Party Service that you choose to use or interact with.
USE OF COOKIES, LOG FILES, ANALYTICAL TOOLS AND SIMILAR TECHNOLOGIES
Cookies. We and our Third Party Service Providers use cookies and other similar technologies (“Cookies”) to
provide our Services and ensure that they perform properly, analyze our performance and marketing activities, and
to track your use of the Website, and personalize your experience. Please note that we do not change our practices
in response to a “Do Not Track” signal in the HTTP header from browsers; however, most browsers allow you to
control cookies, including whether or not to accept them and how to remove them. You may set most browsers to
notify you if you receive a Cookie, or you may choose to block Cookies with your browser.
Please also note that social media platforms may set cookies and other tracking technologies on your device when you
visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually
for statistical purposes to see how users interact with our content on social media platforms). The social media platforms
are responsible for how they handle your Personal Data. Information about how they collect and use Personal Data (and
how they use cookies and similar technologies, including instructions on how you can disable these) can usually be
found in their respective privacy policies and cookies policies on their websites.
Log files. Our Services collect and stores information that your browser automatically transmits to us in
"server log files", which may include (but are not limited to): IP addresses, browser type, and version, operating
system used, referring/exit pages URL, clicked pages, date/time stamp of the server request. We use such
information to analyze trends, administer our Services, and track the use of our Website.
Analytic tools. We use the analytical tools listed below in order to improve our Services.
- Google Analytics. The Website uses “Google Analytics” to collect information about the use of the
Website. Google Analytics collects information such as how often users visit this Website, what pages they
visit, and what other websites they used prior to visiting our Website. We use this Google Analytics information
to maintain and improve our Services. e do not combine information we receive through Google Analytics with
Personal Data we collect. Google’s ability to use and share information collected by Google Analytics about your
visits to this Website is restricted by the Google Analytics Terms of Service, available at
https://marketingplatform.google.com/about/analytics/terms/us/,and the Google Privacy Policy, available at
http://www.google.com/policies/privacy/. You may learn
more about how Google collects and processes data specifically in connection with Google Analytics at
http://www.google.com/policies/privacy/partners/.
You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics
Opt-out Browser Add-on, available at
https://tools.google.com/dlpage/gaoptout/.
- Google reCaptcha. Our Platform uses “Google reCaptcha” (“reCAPTCHA”) solely for protection against
unauthorized access to, and abusive automated crawling and spam of, our Platform by bots and other automated
means. reCAPTCHA analyzes the behavior of visitors to the Platform’s log-in page based on various
characteristics. This analysis starts automatically as soon as a Platform user reaches the log-in page, and it
involves the evaluation of various information (e.g., device and application data, mouse movements and time
spent on the log-in page, and the results of integrity checks). Such information is also share with Google. We
do not combine reCaptcha data with Personal Data we collect. For more information about Google’s use of
information processed by reCaptcha and Google’s privacy practices, please visit:
https://www.google.com/recaptcha/about/ and
https://policies.google.com/privacy
SPECIFIC PROVISIONS APPLICABLE UNDER CALIFORNIA PRIVACY LAW
Do Not Track Signals. Do Not Track (“DNT”) is a privacy preference that users can set in certain web
browsers to inform websites that they do not want to be tracked. We do not respond to or honor DNT signals.
California Consumer Privacy Rights (CPRA). Archipelo does not meet the threshold of the California Privacy
Rights Act of 2020 (“CPRA”), and therefore its data processing activities as a Business (such as regarding Website
visitor data) are not governed by the CPRA. Archipelo acts as a Service Provider (as defined in the CPRA) on
behalf of its customers and, where the CPRA is applicable to its customers, Archipelo is committed to processing
Personal Information on their behalf in accordance with the CPRA.
CONTACT US; EU REPRESENTATIVE
If you have any questions, concerns, or complaints regarding our compliance with this notice and the data
protection laws, or if you wish to exercise your rights, we encourage you to first contact us at
[email protected].