Clarra – Privacy Notice

Effective: September 1, 2022

Please read this Privacy Notice carefully. It provides important information about your personal information and tells you about your rights under applicable privacy laws. If you have any questions, comments, or concerns regarding this Privacy Notice and/or our data practices, please contact us. If you’re a resident of California or Nevada, you should also read the applicable sections below for residents of California and Nevada.

BY ACCESSING OR USING ANY OF OUR SERVICES (AS DEFINED BELOW), OR SUBMITTING INFORMATION IN CONNECTION WITH YOUR USE OF ANY OF OUR SERVICES, YOU ACKNOWLEDGE AND AGREE THAT YOU HAVE READ THIS PRIVACY NOTICE.

TABLE OF CONTENTS

1. Introduction
2. Changes to this Privacy Notice
3. Important Note Regarding Information Controlled by our Customer
4. Information We Collect
5. Children’s Privacy
6. Sensitive Data
7. How Clarra Uses Personal Information
8. Sharing Personal Information
9. Marketing Communications
10. Your Choices
11. Third Party Social Plug-Ins
12. External Websites
13. Data Retention
14. Data Security and Protection
15. California Privacy Rights – Shine the Light
16. Nevada Privacy Rights
17. International Transfers
18. How to Contact Us

1. INTRODUCTION
Clarra, Inc. (hereinafter, “Clarra”, “we”, “our” or “us”) owns and operates: (a) the website located at www.clarra.com (the “Site”), and (b) Clarra’s proprietary law practice and legal case management hosted software platform (the “Clarra Platform”).

When we refer to the “Services” throughout this Privacy Notice, we mean the Site, Clarra Platform, and any other products, websites, services, and/or applications provided by us and that include a link and/or reference to this Privacy Notice, and any related services and/or new features and/or functionality provided by us through or in connection with any of the foregoing.

This Privacy Notice describes Clarra’s data collection, use, protection, and privacy practices with respect to information and data we may collect in connection with the following activities:

When visiting and/or browsing the Site;
Registering an account (“Account”) for any of our Services;
Accessing and/or using any of our Services;
Connecting access to, using, and/or otherwise authorizing certain data to be shared, through third-party integrations you have enabled and/or used in connection with the use of the Services (collectively, “Third Party Integrations”);
Interacting with and/or using support and other services provided by us as part of your use of the Services;
Signing up for our marketing communications and/or newsletters, and/or
Communicating with us directly through or in connection with the use of the Services.

2. CHANGES TO THIS PRIVACY NOTICE
Clarra reserves the right to update or modify this Privacy Notice at any time. Except for material changes as described below in this Section, all updates and modifications to this Privacy Notice will be effective from the day they are posted at www.clarra.com/privacy-policy. If we make any material changes to this Privacy Notice, we will provide you with reasonable notice prior to such change taking effect by sending a notification to the email address we have on file for you, and may also post a prominent notice of any such changes on the Site. Material changes to this Privacy Notice will become effective on the date set forth in the notice, and all other changes will become effective from the day they are posted on the Site. It is your responsibility to regularly visit and review this Privacy Notice. In addition, if you are a Customer, you are also responsible for notifying your Authorized Users (as defined in Section 3 below) of changes to this Privacy Notice to the extent applicable to such Authorized Users.

If you do not agree to any updates or modifications to the Privacy Notice, you must cease all use of the Services and terminate your Account, if applicable. Your continued use of the Services after the applicable effective date of the revised Privacy Notice, signifies to us that you acknowledge and agree to be bound by the revised Privacy Notice.

3. IMPORTANT NOTE REGARDING INFORMATION CONTROLLED BY OUR CUSTOMERS
Please note that certain information processed by Clarra is controlled by the business, company, organization and/or or entity (hereinafter, the “Customer”) that has entered into the Clarra Terms of Service Agreement or other agreement with Clarra for the use of the Services (the “Customer Agreement”). When Clarra collects and/or processes such information, it does so as a processor of the date on behalf of the Customer who is the controller of the data. Customer information is owned and controlled by the Customer, and we collect and process such information solely on behalf of our Customers in accordance with the Customer Agreement we have entered into with the applicable Customer. The Customer determines the scope and substance of the information transferred and/or processed by us on behalf of such Customers, which vary by Customer, and the Customer determines its own policies regarding storage, access, modification, deletion, sharing, and retention of your personal information.

In addition, if you access and/or use the Services as an authorized employee, contractor, and/or agent of a Customer and/or have been invited by a Customer to access and/or view the Customer’s data and information through the Services (all of the foregoing, collectively, “Authorized Users”), whether that Customer is your employer, another organization, or an individual, that Customer is the controller of your data as described above.

If you are any Authorized User of a Customer, please contact the Customer directly about the data collection, use, and protection policies and settings the Customer implements with respect to information you submit or that may be processed by us on the Customer’s behalf in connection with the Services.

4. INFORMATION WE COLLECT
How and what personal information we collect in connection with the use of the Services depends on how and why you use the Services. For instance, the information that you provide when you visit and/or browse the Site or sign up for our marketing communications is more limited than the information you provide when you register an Account and use the Clarra Platform.

The term “personal information” or “personal data” means any information about an individual from which that person may be identified. For example, it may include a person’s name, telephone number, email address, or payment information, and in some jurisdictions, IP address. It does not include data from which the identity of an individual has been definitively removed along with any identifiers connected to such individual (also known as anonymous or anonymized data).

When you access and use our Services, we collect information directly from you as explained in the Section Information Provided Directly by Users of the Services, and in certain circumstances we may receive information from third parties as described here. In addition, we may automatically collect certain information when you access and/or use the Services as explained in the Section Information Collected Indirectly.

Please be advised that we may ask you to update your information from time to time in order to keep it accurate. Additionally, if you provide personal information to us about someone else, you must ensure (1) that you are entitled to disclose that information to us, and (2) that, without us having to take any further steps required by data protection laws, we may collect, use and disclose such information for the purposes described in this Privacy Notice. For example, you should ensure the individual concerned is aware of the terms detailed in this Privacy Notice and that they have not objected or do not object to you sharing their information with us.

a. Information Provided Directly by Users of the Services

Clarra collects the following types of information directly from you:

  • Account & Registration Information: If you register an Account for the Services, whether as a Customer or an Authorized User of a Customer, we will collect contact and other information, such as your name (first and last), email address, phone number, business address, and the name of your employer, your occupation and/or profession.\
  • Login Credentials: When you login to your Account to access and use the Services, we collect your username, password and/or other login credentials.
  • Payment & Transaction Information. When you sign up to purchase a subscription to the Services, Clarra may collect certain payment information, such as your credit card and bank account information. Note that we do not directly collect or store any payment information. Payment transaction information is processed and stored exclusively by our third-party, PCI-compliant, payment processors, on our behalf in order to collect fees payable by you in connection with your use of the Services. The information provided to Clarra only includes partial payment or credit card information, and limited transaction information via our payment processors’ portals.

Please review the following Privacy Policies of our current payment providers to learn more about how they collect, process and protect your personal information:

  • Stripe: https://stripe.com/privacy
  • Other Information
    • Contact information, such as first and last names, and/or email address if you sign-up to receive our marketing communications and/or newsletters.
    • information, data, content, documents and/or materials you provide to us when you fill out forms, answer surveys, or contact us (such as your feedback, requests for support, or other communications with us).

b. Information Collected from Third Parties

In some instances, we process personal information from third parties, which consists of:

Data from our analytics, advertising, and/or marketing providers.
Data from Third Party Integrations that you connect to and/or use in connection with the use of the Services, including, but not limited to, when you sign-in to the Services using your account with a third party, such as, Google, LinkedIn, Facebook, Microsoft Azure, Microsoft 365, Outlook, and/or CalendarRules.
Data from our Customers, for example, we may receive your contact information to invite you to set-up an Account and/or access the Services as an Authorized User of a Customer.

c. Information Collected Indirectly

i. Usage Information

We, or our authorized third-party service providers, automatically collect technical and/or analytics information about how you use and/or interact with our Services (collectively, “Usage Information”), which may include (but is not necessarily limited to) identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application information, device event information, crash data, and log files and data, identification numbers and features, your approximate location (as determined through your IP address), browser type, plug-ins, integrations, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, websites, apps and/or ads that referred you to the website, advertising and language preferences, operating system type and version, system configuration information, date and time stamps associated with your usage, and frequency of visits to the websites, and details of which of our products and product versions you are using.

We use this information for our internal purposes, specifically to operate, maintain, secure and improve the Services. We may also use this information to provide you with notifications, recommendations, and information about specific features of the Services and/or additional products, services, or features we believe may be of interest to you.

Typically, all Usage Information is collected in anonymous form and does not identify you personally; however, some of the device and usage information collected, whether alone or in conjunction with other data, could identify you. Except where strictly required to identify an individual for security purposes, such data and information is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals). To the extent any Usage Information is linked or tied to personally identifiable information, such information is deemed “personal data” and we will use it and protect it in accordance with this Privacy Notice.

ii. Cookies and Similar Technologies

We or authorized third parties may collect certain information (including, without limitation, Usage Information) by automated means using technologies such as cookies, web beacons, embedded scripts, pixels, browser analysis tools, server logs, and mobile identifiers, and similar technologies that are deployed, and typically stored on your device and have a unique identifier, when you visit a website, when you open an email or click on links or images within an email, and/or when you interact with online advertisements. While Clarra employs these technologies throughout its Services, Clarra does not track users across third party websites.

These technologies may be used for many different purposes. For example, they can be used to show that you have previously visited and/or used a feature of the Services and to identify which parts of the Services you might be most interested in, or used to improve your online experience by storing your preferences during your visit and/or use of the Services. These technologies can also be used for security, fraud detection and authentication purposes.

In many cases, the information we collect using these technologies is only used in a non-identifiable manner without reference to personal information. For example, we may use information we collect to better understand website traffic patterns and to optimize user experience. In other cases, we associate the information we collect using cookies and other technology with your personal information.

We may use certain third party analytics tools to help us gather certain information when you visit and/or access the Services (including Usage Information). For example, we use Google Analytics on the Site. For more information on how these technologies are used by Google, please refer to: http://www.google.com/policies/privacy/partners/.

iii. How to Manage Cookie Preferences

Most web and mobile device browsers automatically accept cookies, but if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. In order to manage your cookie preferences, you may alter the cookie settings in your browser settings at any time. You may accept all, or certain, cookies. If you do disable our cookies in your browser settings, you may find that certain features and/or functionality of the Services will not work.

To learn more about cookies, including how to manage cookies and opt-out of cookies being placed on your device, please visit http://www.allaboutcookies.org/manage-cookies/index.html.

While tracking is widespread over the internet, there are things you can do to minimize these activities with respect to browser cookies.

Do Not Track Settings

You may turn on the Do Not Track (“DNT”) setting in your browser, which will enable your browser to send a special signal to websites, analytics companies, plug in providers, and other web services you encounter while browsing to stop tracking your activity. To turn on your DNT signal, please visit https://allaboutdnt.com/#adjust-settings.

Please note that not all companies will respond to or honor DNT signals, and Clarra does not process or respond to web browsers’ “do not track” signals.

Google Analytics Opt-Out

You can download the Google Analytics opt-out browser add-on at: https://tools.google.com/dlpage/gaoptout/.

a. Aggregated Data

With the personal information and other data (including, Usage Information) collected by us, we process “Aggregated Data”, such as statistical or demographic data. Aggregated Data may be derived from personal information, but is not considered personal information under the law if it does not directly or indirectly reveal your identity. If we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information, which will be processed in accordance with this Privacy Notice.

5. CHILDREN’S PRIVACY
Clarra does not target the Services to persons under the age of 18, nor does Clarra knowingly collect personal information of persons under the age of 18. Therefore, we ask you not to provide us with personal information of persons under the age of 18. If we learn that personal information of persons under the age of 18, has been collected on or through the Services, then we may deactivate the account or otherwise terminate access to the Services and/or make the user content inaccessible.

6. SENSITIVE DATA
Clarra does not require you to provide any sensitive data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health and genetics, or biometric data to use the Services.

7. HOW CLARRA USES PERSONAL INFORMATION Depending on how you use the Services, we use your personal information in the following instances:

  • To host and provide the Site;
  • To perform and provide the Services to you;
  • To personalize our Services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Services;
  • Provide customized advertisements, content, and information. Where required under applicable law, we will only provide you with tailored content with your opt-in consent;
  • To enable Third Party Integrations connected to the Services;
    Deliver direct marketing communications to you regarding products and services of ours and/or third parties that we may think are of interest to you;
  • Respond to your queries and requests, or otherwise communicate directly with you;
  • Detect any fraudulent or illegal activity against you, our other customers and users, and/or Clarra;
  • Perform system maintenance and upgrades, and enable new features;
  • Provide information to regulatory bodies when legally required, and only as outlined below in Legal Obligations and Security.

8. SHARING PERSONAL INFORMATION Aside from disclosing your information to those of our personnel who are authorized to process the information in order to provide the Services and who are committed to confidentiality, we disclose your personal information only to the third parties as described below a Third-Party Service Providers. We share personal information with third parties that provide services to us that help us in the operation, provision, administration and management of the Services (“Service Providers”), and to otherwise operate our business. Depending on how you use the Services, the following categories of third parties collect data on our behalf or receive personal information:

  • Hosting providers,
  • Analytics providers,
  • Payment processing providers;
  • Advertising and marketing providers that assist in our direct marketing,
  • Providers of business operations and communication tools,
  • Other third-party service providers that help us provide features and functions for the Services (e.g., customer support providers), and
  • Professional service providers, such as auditors, lawyers, consultants, accountants and insurers.

For a list of all Service Providers we use, please contact us. We require all Service Providers to respect the security of your personal information and to treat it in accordance with the law.

b. Disclosures to Customers and as Directed by Customers

We may share and disclose personal information of Authorized Users with the applicable Customer, and otherwise in accordance with the Customer’s instructions, including any applicable terms in the Customer Agreement, and in compliance with applicable law and legal process. If you are an Authorized User, please contact the Customer to learn more about how information you provide in connection with the Services may be used, shared and/or disclosed by or on behalf of the Customer.

c. Authorized Users

If you are a Customer, Authorized Users that you invite to access and/or use the Services under your Account and/or that you otherwise share information with through the Services, will have access to your information.

Note that Authorized Users with whom you choose invite to access the Services under your Account and/or that you choose to share your information with, are under your control and responsibility as the Customer, and not Clarra’s. Authorized Users may use your personal information differently than we do, and we do not control their use of your information. Please make your choice to share your information carefully. Clarra will not be able to contain or retrieve personal information once it has been shared or disclosed, and Clarra will have no responsibility or liability for any consequences that may result because you have released or shared personal information with others.

d. Third Party Integrations

When you interact with and/or use Third Party Integrations in connection with the Services, certain data and information may be exchanged between us and the provider of the applicable Third Party Integration. Information that is shared with us through Third Party Integration is used by us as described in this Privacy Notice. Note that the Third Party Integrations you choose to interact with and/or use are not our service providers. The applicable providers of Third Party Integrations may use your personal information differently than we do and we do not control their use of your information. Please review the privacy notices for the Third Party Integrations that you use in connection with the Services.

e. Business Transfers

We may also share data with third parties to whom we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this Privacy Notice.

f. Within the Clarra Organization and to Affiliates and Subsidiaries

Personal information that we collect about you through or in connection with your use of the Services may be shared with the employees, contractors, and agents of Clarra and our affiliated and subsidiary entities (“Affiliates”) who are involved in providing or improving the Services that we offer to you. We obligate the employees, contractors and agents of Clarra and our Affiliates to ensure the security and confidentiality of your personal information and to act on that personal information only in a manner consistent with this Privacy Notice.

g. Legal Obligations and Security

Regulatory and Government Bodies – Compliance with Law

We may disclose your information to regulatory agencies and official government bodies, as required to comply with or satisfy any laws, rules, or regulations applicable to Clarra.

Required Disclosures – Responding to Legal Orders

If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States. Under such circumstances, unless prohibited by applicable law, we will attempt to provide you with prior notice that a request for your personal information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address. However, government requests may include a court-granted non-disclosure order, which prohibits us from giving notice to the affected individual. In cases where we receive a non-disclosure order, we will notify you when it has expired or once we are authorized to do so.

If you are an Authorized User, please consult with the Customer to learn more about how Customer responds to requests for information pursuant to legal orders.

Exigent Circumstances & Enforcement/Protection of Our Rights

Your information, including the contents of all of your online communications in our Services and between you and Clarra may be accessed and monitored as needed to provide our Services and may be disclosed to law enforcement, regulatory agencies, official government bodies, and other third parties, as we, in our sole discretion, believe necessary or appropriate:

To enforce our rights under the Customer Agreement and/or any other terms and conditions applicable to the use of the Services;
In connection with an investigation of fraud, intellectual property infringement, piracy or other unlawful activity or activity that may expose us or our affiliates, partners and/or agents to legal liability; and/or
If we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person.

h. With your Consent

There may be situations where you are asked to consent to share personal information with third parties for additional reasons not included in this Privacy Notice. In such event, we will only share such personal information if we have received your prior consent and only for the purposes as listed in the request to share such information.

9. MARKETING COMMUNICATIONS
If you have not otherwise opted out (or with your consent where required by applicable law), or if you have opted in to receive direct marketing emails from us, we may use your personal information to send you marketing information about the Services, new product releases, new feature releases of the Services, and/or other Clarra products and services, that we think may interest you. We carry out direct marketing by email, telephone, SMS/text, and physical mail.

If you no longer wish to receive marketing communications, you may manage the receipt of marketing and non-transactional communications sent by email by clicking on the “unsubscribe” link located on the bottom of any of our marketing e-mails. We will use commercially reasonable efforts to process such requests in a timely manner. Note that you cannot opt out of receiving transactional e-mails or communications related to the Services (e.g., requests for support), which, for clarification, are not marketing communications.

10. ACCESSING, UPDATING AND CORRECTING PERSONAL INFORMATION
If you would like to correct or update certain personal information (such as your contact information), please contact us and we will use reasonable efforts to correct and/or update such information. If you are an Authorized User, please contact the Customer if you wish to request the correction and/or update of personal information under their control.

11. THIRD PARTY SOCIAL MEDIA PLUG-INS
On or through the Services we may provide third-party “share” buttons which enable you to share certain content via social media sites (e.g., Facebook, Twitter, Instagram, YouTube, and LinkedIn). These “share” buttons may function as web beacons when you interact with the button. Please note that when you “share” using the buttons, you may send to the third party provider of the “share” button the information that you are viewing. If you are not logged into your account with the third party provider, then the third party may not know your identity. If you are logged in to your account with the third party, then the third party may be able to link information or actions about your interactions with the Services to your account with the applicable third party provider. Please refer to each third party’s privacy policies to learn more about its data practices.

12. EXTERNAL WEBSITES
On or through the Services we may provide or make available, for informational purposes only, links to other websites or resources with which we do not have a contractual relationship and over which we do not have control (“External Websites”). Such links do not constitute an endorsement by Clarra of those External Websites, and are provided to you only as a convenience. By clicking on links to External Websites, the operators of the External Websites may collect your personal information. We are not responsible for the content or data collection practices of those External Websites, and your use of External Websites is subject to their respective terms of use and privacy policies.

13. DATA RETENTION
Personal information is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.

In order to determine the most appropriate retention periods for your personal information, we consider the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal information, and applicable legal requirements.

In some instances, we may choose to anonymize personal information instead of deleting it. When we choose to anonymize, we make sure that there is no way that the personal information can be linked back to any specific individual.

14. DATA SECURITY AND PROTECTION
We have put in place reasonable and appropriate security measures designed to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption, secure socket layer (SSL), firewalls, and password protection. In addition, we limit access to personal information to those employees, agents, contractors and the third parties who have a business need-to-know.

We also have procedures in place to deal with any suspected data security breach. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and while we take reasonable steps to provide secure services, by using the Services, you understand and assume the risks associated with your activities on the internet.

Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted on the Services is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Services. To the fullest extent permitted under applicable law, we cannot and do not guarantee that information you post on or transmit to the Services will not be viewed by unauthorized persons.

15. CALIFORNIA PRIVACY RIGHTS – SHINE THE LIGHT
Clarra does not share your personal information with any unaffiliated third party for its direct marketing purposes without your express consent.

California residents who have provided us with personal information have the right (under California Civil Code§ 1798.83) to request and obtain from us, once each year, the details of any personal information we shared with a third party for that third party’s direct marketing purposes during the prior calendar year. The details would include the categories of personal information and the names and addresses of the third party with which it was shared.

To request information about this sharing, you may submit a request with “Your California Privacy Rights” in the subject line, along with your first and last name, and complete mailing address (including street address, city, state, and zip code) by either: sending an email message or writing to us at the email and/or mailing address specified in the How to Contact Us Section.

If you do not submit and send your request with complete information as set forth above, we will not process it.

16. NEVADA PRIVACY RIGHTS
Under Nevada law, Nevada “consumers” (individuals who are seeking or acquiring goods/services for personal, family, or household purposes) may opt out of the sale of covered personal information (which includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online) to a person for that person to license or sell such information to additional persons.

Clarra does not currently sell covered information of Nevada consumers as defined under applicable Nevada law; however, you may submit an opt-out request, which we will honor as required by Nevada law should we engage in such a sale in the future.

You may submit an opt-out request by sending an email message or writing to us at the email and/or mailing address specified in the How to Contact Us Section; along with your full name, any user name, and complete mailing address (including street address, city, state, and zip code), email address (so that we can contact you, if needed, in connection with the request) and confirmation that you are a Nevada resident.

You must provide us with information reasonably requested by us to verify your identity and the authenticity of the request. We typically process these requests within 60 days from the day we receive it (and will notify you within that period if we need an additional 30 days to do so).

17. INTERNATIONAL TRANSFERS
Clarra is based in the United States. The personal information that we collect is sent to and stored on servers located in the United States. Such storage is necessary in order to process the information. Clarra operates globally and may transfer the personal data that we collect from you to our other offices and/or to the third parties mentioned in the circumstances described above, which may be situated outside of your country or regional area, and may be processed by staff operating outside of your country or regional area. In particular, information provided to us or collected by us likely will be transferred to and processed in the United States by us or our Affiliates and our respective agents and contractors. The data protection laws of the United States or other countries may not be as comprehensive or equivalent to those in your country of residence.

18. HOW TO CONTACT US
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us as follows:

By email at: legal@clarra.com; Subject Line: Privacy Request
By mail at: Clarra, Inc.
Attn: Privacy Request
2100 Geng Road, Suite 210
Palo Alto, CA 94303