Privacy Policy

At Conectiv, its subsidiaries, and affiliates (collectively, the “Company” or “we”), we take your privacy very seriously. Please read this privacy policy for the Company (the “Policy”) carefully as it contains important information on who we are, how and why we collect, store, use, and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.

Your Privacy Is Important to Us!

The Company values your trust and confidence. This Policy is applicable to the information we collect on all our websites. We created this Policy to inform you of our global commitment to you.

The Company is committed to safeguarding privacy worldwide. An internal Data Control Organization of employees trained in personal data protection, is in place at the Company. The Company is bound to comply with the EU Regulation 2016/679 (General Data Protection Regulation – “GDPR”) and local regulations where relevant.

The following policy explains what personal information we may collect and how such information will be treated to meet the data protection standards and comply with the relevant laws. We are responsible as “controller” of that personal information for the purposes of those laws.

Key terms:

We, us, our The Company
Our data protection officer (DPO) John Town
3601 Calle Tecate, Suite 120, California, CA
SCSprivacy@conectiv.com regarding matters of personal data protection within the Company.
Local Poland Rep Pawel Mroczkowski Julianowska 65a, 05-500 Józefosław, Poland
Regional Director, Safety and Security Frank Jackson 5215 Lamar Ave., Memphis, TN 38118
SCSsecurity@conectiv.com regarding security for the Company.
Personal Information Any information relating to an identified or identifiable individual.

Provision of services by the Company

The provision of the services by the Company may require collecting some Personal Information. All information we collect is collected for a specific purpose and is necessary for this purpose and will not be used subsequently for another purpose. We do not sell any personal data collected on our websites, and we explicitly forbid anyone to commercially use any personal data present on our websites.

Why and how do we collect personal data

To the extent the Company obtains possession of or collects any Personal Data, the relevant Personal Information shall be:

  • Processed fairly and lawfully.
  • Processed for specified purposes only.
  • Not kept longer than necessary.
  • Processed and held securely.
  • Adequate, relevant and not excessive.
  • Accurate and up to date

The below chart shows the personal information that we collect, along with the purpose for its collection:

Purpose Lawful base Data Categories
Websites service Legitimate interest Preferences cookies Statistics cookies Click stream
Hiring Legitimate interest Personal situation (address, personal phone) Marital situation, Birth date Fiscal situation HR payroll data Picture Resume, Recruitments contacts Personal Finance information Drug scan, criminal records
Providing support on our products and/or services Contract User account (can be name based or ID number) Email, Name/surname, Personal situation (address, personal phone)
Marketing Legitimate interest Marketing cookies, User account (can be name based or ID number) Email, Name/surname, Personal situation (address, personal phone)
Exercising your rights under any applicable law Legal obligation User account (can be name based or ID number) Email, Name/surname, Personal situation (address, personal phone)
Security Legitimate interest Strictly necessary cookies Browsing information, Building exit/entry tracking data Dataleak prevention data, Non-disclosure agreements

We may collect and use the following Personal Information that identifies, relates to, describes, is reasonable capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user, consumer or household. We collect most of this Personal Information directly from you—in person, by telephone, text or email and/or via our website and apps. However, we may also collect information from publicly accessible sources (e.g., property records), from a third party (e.g., sanctions screening providers, banking accounts, credit reporting agencies, or customer due diligence providers), or via our IT systems.

Under applicable data protection law, we can only use your Personal Information if we have a proper reason for doing so, to comply with our legal and regulatory obligations, for the performance of our contract with you or to take steps at your request before entering into a contract, for our legitimate interests or those of a third party, or where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

Sensitive Data

On a general basis, the Company does not collect any sensitive data concerning you. Yet, depending on the definition used in regulations, some data considered as sensitive under certain regulation may be collected. For instance, we may collect birth date, or marital status for hiring purposes, while this information gives age, which is protected under California Consumer Privacy Act (“CCPA”). For security reasons while hiring, we may collect criminal records in certain countries, while this is considered as sensitive under GDPR.

Keeping your information secure

Keeping the Personal Information we collect about you secure is one of our most important responsibilities. We value your trust and handle Personal Information with care. Our employees access information about you only for lawful purposes. We may also access information about you when responding to requests as required by law. This personal data is accessible on a need-to-know basis to the teams involved with the services (marketing, IT, security, finance, and to any subcontractor working with those departments).

We safeguard information according to established security standards and procedures, and we continually assess new technology for protecting information. Our employees are trained to understand and comply with these information principles. The Company uses reasonable administrative, physical, and managerial measures to safeguard your Personal Information against loss, theft and unauthorized access, use, and modification.

How—and why—information is shared

Your information is collected and stored for a limited duration necessary for the purpose of the processing. We limit who receives information and what type of information is shared. We share information to the extent it is necessary to process the information for its intended purpose.

Sharing information within the Company.

In processing information, the Company leverages corporate systems where the Personal Information we have about you may be shared amongst the Company as permitted by law and our agreement with you, as well as to process your notifications of illegal content when you decide to submit it to us.

The Company has offices in several countries, including some countries outside the European Union. Your personal data may be transferred or made accessible outside of the European Union and such access and transfers are governed by an intragroup agreement which secures transfers and access. In case of transfer to subcontractors outside the European Union, we ensure that the Standard Contractual Clauses approved by the European Commission are signed with these subcontractors.

For job recruitment, personal data such as your resume or curriculum vitae is collected when you decide to provide it to us. Please note that we may disclose your Personal Data within the Company, whether within or outside the European Economic Area (“EEA”), for the purpose of a potential recruitment in the Company for which you apply for a job, in the case you consent to this transfer. Be assured that we supervise these transfers by our Intragroup Agreement (EC Standard Contractual Clauses written by the European Commission – Controller to Controller).

Sharing information with companies that work for us.

To handle the support, for employment purposes or to assist us in offering you goods and services related to our agreement with you, we may occasionally share information with companies that work for us, such as companies specialized in hiring, maintenance services, or distributors, channel partners, and value added resellers. In such case, Data Processing Agreements are in place with third parties (EC Standard Contractual Clauses – Controller to Processor). Depending on your requests, the exercise of your rights on your personal data will also be redirected to our partners.

Sharing information with others.

We may provide your personal data as required by law or legal process or accreditations or the audit of our accounts; to maintain our accreditations, to comply with our legal and regulatory obligations, to protect and defend the rights of the Company and under circumstances we believe reasonably necessary to protect the personal safety of users, the Company, its sites, or the public.

Moreover, the Company uses services provided by third parties such as share buttons on social networks (e.g. X, LinkedIn, and Facebook). If you decide to log in your social network profile while you are visiting our site, some personal data from your social network account, which may contain personal data that is part of your profile or your friends’ profile, may be accessible. If you do not agree to this processing, we recommend you keep third-party cookies disabled and/or to disconnect from the social network before visiting our site(s).

How Long Your Personal Information Will Be Kept

We may keep your details on record for as long as is reasonably necessary for the purposes for which it may use your personal data, as set out above and as allowed in accordance with applicable data protection law. The criteria we use to determine data retention periods for your Personal Information includes the following:

  • Retention in case of queries – for example, where you contact us to receive further information about the way we handle your data;
  • Retention for the period in which you might legally bring claims against us;
  • Retention in accordance with legal, tax-related and regulatory requirements – after your agreement with us has come to an end; and
  • To stay in touch about your requirements on an ongoing basis, where you have selected to receive these.

Please note that we reserve the right to retain certain information for our own record-keeping (for example, to ensure that you do not receive marketing communications that you have opted-out of receiving) and to defend ourselves against any claims.

Your rights and offering choices

You will be offered an opportunity to express your preference regarding the use and dissemination of information about you. That opportunity may be made available at the time you register on our web site, when you subscribe to our newsletters, or when you fill in a form (if one of those is applicable). While the specific preferences offered may vary from region to region across the world due to local law and/or practice, it is the Company’s goal to listen and honor our customers’ preferences. Your continued trust and confidence depend upon it.

Data Protection Officer

As a United States headquartered company with world-wide operations including a presence in the European Union, we wish to inform you that the Company has:

  • Nominated a Data Protection Officer (DPO) listed within this Policy.
  • Implemented worldwide an internal Data Control Organization of employees trained for personal data protection.
  • Designated the Poland President of the Office of Personal Data Protection (PUODO) as its Lead Supervisory Authority (Art. 56 GDPR).

Your Rights under the GDPR

You have the following rights under certain circumstances:

  • Right to object to processing (Art. 21 GDPR) – ask us to stop processing your information if the legal basis for this was our legitimate interest according to Art. 6 Para. 1 lit. f GDPR;
  • Right to restrict processing (Art. 18 GDPR) – limit our use or processing of your information;
  • Right to request correction (Art. 16 GDPR) – to make changes or corrections to your information to make sure it is accurate and up to date;
  • Right to request erasure (Art. 17 GPDR) – to ask us to delete your information (we are not obliged to do this in relation to information we need as part of our contractual relationship or for compliance with other laws, such as taxation or accounting laws);
  • Right to request access (Art. 15 GDPR) – receive a copy of the information we hold about you – you may request details of personal information which we hold about you at any time (a Data Subject Access Request or DSAR). No fee will be required, although reasonable fees can be charged for manifestly unfounded or excessive requests;
  • Right of portability (Art. 20 GDPR) – transfer your information to a third party; and to obtain it yourself
  • Where you have provided consent for data processing, you can withdraw this consent at any time (Art. 7 Para. 3 GDPR).

Your Rights under the CCPA

All terms used in this section shall have the meanings given in the CCPA, when applicable. Note, if your information is collected in the context of a business relationship with us, it may not be covered by the CCPA.

CCPA Notice at Collection. We collect and process personal information as described within this Policy. The relevant CCPA categories for this information are listed herein. We may provide a separate notice at collection if we collect additional information or intend to use information for additional purposes.

No Financial Incentive. We do not offer financial incentives or any price or service difference in exchange for the retention or sale of your personal information.

Do Not Sell My Personal Information. Under the CCPA, you have the right to direct us to stop selling your personal information to third parties, if applicable, and to refrain from doing so in the future. For purposes of the CCPA, we do not sell personal information as defined under applicable law.

CCPA Requests to Know and Requests to Delete. California consumers have the right to request that we (1) disclose what Personal Information we collect, use, disclose, and sell, and (2) delete certain personal information that we have collected or maintain. However, there are exceptions. By way of example, these rights do not apply where we collect or sell a consumer’s personal information if: (1) we collected that information while the consumer was outside of California, (2) no part of a sale of the consumer’s personal information occurred in California, and (3) no personal information collected while the consumer was in California is sold. Also, if your information is collected in the context of a business relationship with us, it may not be covered by the CCPA.

Request to Know. As a California resident, you have the right to request: (1) the specific pieces of personal information we have collected about you; (2) the categories of personal information we have collected about you; (3) the categories of sources from which the personal information is collected; (4) the categories of personal information about you that we have sold and the categories of third parties to whom the personal information was sold; (5) the categories of personal information about you that we disclosed for a business purpose and the categories of third parties to whom the personal information was disclosed for a business purpose; (6) the business or commercial purpose for collecting, disclosing, or selling personal information; and (7) the categories of third parties with whom we share personal information. Our response will cover the 12-month period preceding our receipt of a verifiable request.

Request to Delete. As a California resident, you have a right to request the erasure/deletion of certain personal information collected or maintained by us. As described herein, we will delete your personal information from our records and direct any service providers (as defined under applicable law) to delete your personal information from their records. However, we are not required to honor a deletion request if an exemption applies under the law.

Submission Process. You may submit a request to know or to delete via an email to scs.legal@conectiv.com. If a request is submitted in an incorrect manner or if it is deficient, we will either (1) treat the request as if it had been submitted via the designated manner, or (2) provide you with specific directions on how to submit the request or remedy any deficiencies, as applicable.

Verification Process. We are required to verify the identities of those who submit requests to know or to delete. To determine whether the individual making the request is the consumer about whom we have collected information, we will verify your identity by matching the identifying information provided by you in the request to the personal information that we already maintain about you. As a part of this process, you will be required to provide your name, address, and telephone number. We will inform you if we cannot verify your identity.

If we cannot verify the identity of the person making a request for categories of personal information, we may deny the request. If the request is denied in whole or in part for this reason, we will provide a copy of, or direct you to, our privacy policy.

If we cannot verify the identity of the person making the request for specific pieces of personal information, we are prohibited from disclosing any specific pieces of personal information to the requestor. However, if denied in whole or in part for this reason, we will evaluate the request as if it is seeking the disclosure of categories of personal information about the consumer.

If we cannot verify the identity of the person making a request to delete, we may deny the request. If there is no reasonable method by which we can verify the identity of the requestor to the degree of certainty required, we will state this in our response and explain why we have no reasonable method by which we can verify the identity of the requestor.

Authorized Agents. Authorized agents may submit requests via the methods identified in this Policy. If you use an authorized agent to submit a request to know or a request to delete, we may require: (1) the authorized agent to provide proof that you gave the agent signed permission to submit the request; (2) you to verify your identity directly with us; and (3) you to directly confirm with us that you provided the authorized agent permission to submit the request. However, we will not require these actions if you have provided the authorized agent with power of attorney pursuant to the California Probate Code.

Excessive Requests. If requests from a consumer are manifestly unfounded or excessive, in particular because of their repetitive character, we may either (1) charge a reasonable fee, or (2) refuse to act on the request and notify the consumer of the reason for refusing the request. If we charge a fee, the amount will be based upon the administrative costs of providing the information or communication or taking the action requested.

Non-Discrimination. You have the right not to receive discriminatory treatment by us due to your exercise of the rights provided by the CCPA. We do not offer financial incentives and price or service differences, and we do not discriminate against consumers for exercising their rights under the CCPA.

California Shine the Light. Under California Civil Code Section 1798.83, California residents who provide personal information in obtaining products or services for personal, family, or household use may be entitled to request and obtain from us once a calendar year information about the information we shared, if any, with other businesses for direct marketing uses. At present, we do not share your personal information with third parties for those third parties’ direct marketing purposes. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing, if any, will be included in our response. As part of the California Online Privacy Protection Act, all users of our sites may make any changes to their information at any time by contacting us at scs.legal@conectiv.com.

How To Exercise Your Rights?

To exercise any of the above rights, or any similar right that your local regulation may provide you with, please contact our DPO following the contact instructions at the end of the Policy.

As a Data controller, we will confirm Data subject identity before fulfilling rights request. To do so, any request must:

  • Provide enough information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with enough detail that allows us to properly understand, evaluate, and respond to it.

We endeavor to respond within 30 days of receiving a verifiable request. We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Lead Supervisory Authority

You have the right to file a complaint about us with the relevant data protection authority:

  • The Lead Supervisory Authority as designed by the Company is the President of the Office for Personal Data Protection of Poland (PUODO).
  • Or the relevant authority in your country of work or residence.

General

Cookies

The Company may use cookies on our web sites to ease your navigation and to analyze your use of the website. Each website should provide information to better understand how cookies work and how to use the available tools to configure them.

Revisions

We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Privacy Policy, we will post the updated policy on the Website and update its effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

  • Effective date: April 1, 2025

Contact

Privacy – Data Protection Officer

Requests to exercise your right under this Policy, or any questions regarding this Policy and practices can be addressed to our DPO:

Security – Data Breach

Any suspicion of data breach or security issue can be reported via: