January 1, 2022
Who are “we?”: This Policy sets out how Crystal Technology & Industries Inc. (Crystal Technology, “CTI”) and our affiliated companies (together, where appropriate, “we”) handle your personal data. CTI is the data controller for your personal data. Where the processing of personal data is undertaken by our affiliated companies, they are joint controllers with CTI for your personal data.
Who are “you?”: This Policy applies to any visitor to our Sites, users of the Services, individuals who contact us or with whom we communicated via phone, email, or otherwise; and Customers, including both free trial and paid account holders (individually and collectively, where appropriate, “you”).
To EU Residents: CTI processes your personal data under the EU data protection legislation, including national or international legislation implementing the EU Data Protection Directive (until superseded), the Privacy in Electronic Communications (“ePrivacy”) Directive (EU), and the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as amended or superseded.
We’ll only use your personal information to administer your account and to provide the products and services you requested from us. Occasionally, we would like to contact you about our products and services, as well as other content that may be of interest to you.
- We Do NOT sell or share your personal information. Period.
- We WILL only use your information internally.
- And we WILL safely store your information.
- You can Opt Out at any time
To Opt Out, do one of the following:
- Call 972-934-2525 the IT and privacy department.
- Send an email to email@example.com. Be sure to give us your name.
- “Content” vs. Other Information
Our Services permit Customers to store and access their own data through the Site. This is your Content. In this Policy, we distinguish between Content and all other information about you. We have no control over the information contained within the Content, including any personal data. Content does not include usage information we collect about how users to access, create, share, and manage Content (e.g., file sizes or access logs). CTI is a data processor of the Content and will only process personal data from the Content on behalf of, and under the instructions from, our Customers or where otherwise required by applicable laws. For more information about Content, please refer to our Terms and Conditions.
- Other Information We Collect About You
This section describes the information that is not Content.
We collect personal data about you directly from you, from others (e.g., your employer if you use an enterprise account), and automatically when you use the Services. If the personal data we process is needed to comply with the law or to enter into or perform an agreement with you, we will inform you accordingly at the time of such data collection.
Information We May Collect Directly from You.
At Account Creation. Department or company name, physical address, telephone number, mailing address, contact person, and contact person email address may be required to provide Services. Without this information, we may be unable to create your account or adequately provide the Services.
When Attending Events. We may collect or otherwise receive personal data such as your name, address, phone number, and email when you register for or attend an event where CTI is a sponsor or participant.
In Online Submissions. We collect information through interactive features of our Sites – e.g., when you submit online forms, participate in surveys, contests, promotions, or sweepstakes, join online chat discussions, request customer support, respond to “Contact Us” requests, or submit testimonials. Personal data gathered may include contact information (full name, phone number, email, etc.), and any other information you choose to share.
In Other Communications. You may share information in communications with us relating to the Services, including during phone calls (and call recordings), chats, or over email. Personal data gathered may include contact information, employment details, user preferences, and any other information you choose to share. Please only provide us with personal data that we need to respond to your request.
Information We Collect From Your Employer. If you use the Services through an enterprise account, your employer will provide CTI your email address to provision your account. Your employer may choose to share additional information about you, including your profile image, contact information (e.g., full name, phone number, etc.), and employment details (e.g., job title). Information We Collect From Third Parties.
Information We Collect From Third Parties.
When Purchasing Services. A third-party intermediary is used to manage credit card processing. It is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
Third-Party Sources. Subject to applicable laws, we may gather information about you from lead-sharing tools, including by way of example and, without limitation, LinkedIn Lead Generation or public information – including internet searches relating to you or your company – to better service your account and to provide more relevant assistance and marketing.
Information We May Collect.
Our Customers are responsible for ensuring that Content is collected and handled (including any personal data therein) in compliance with applicable laws. As a processor, we handle Content as directed by our Customers (the controllers), pursuant to our relevant customer agreements. We only access Content as necessary to:
- Respond to customer support requests.
- Comply with the law or legal proceedings; for example, we may disclose Content in response to lawful requests by public authorities, including responding to national security or law enforcement disclosure requirements.
- Investigate, prevent, or take action against suspected abuse, fraud, or violation of our policies and terms.
- Purposes for \We Use Personal Data
We use the personal data we collect under this Policy in furtherance of our legitimate business interests, which include:
- Provision of Services: To give and operate our Services, fulfill your orders and requests, process your payments, for bug and error reporting and resolution, to perform upgrades and maintenance, and for similar purposes.
- Customer Support: To communicate with you about your use of the Services; respond to your communications, complaints, and inquiries; provide technical support, and for other customer service and support purposes.
- Personalization: To tailor content we send or display to you to offer location customization and personalized help and instructions and to otherwise personalize your experience using the Services.
- Marketing and Promotions: For direct marketing and promotional purposes. For example, we may use contact information such as your email address to send you newsletters, exclusive offers, or promotions or to otherwise contact you about CTI products or information we think may interest you. As explained above, we do not use Content for direct marketing purposes. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them. You may opt out of receiving marketing emails by following the opt-out instructions in the email or emailing firstname.lastname@example.org. We may still email customer service and transaction-related communications, even if you have opted out of receiving marketing communications.
- Advertising: To help in advertising the Services on third-party websites such as PoliceOne.com.
- Analytics and Improvement: To better understand how users access and use the Services and for other research and analytical purposes, such as to evaluate and improve the Services and to develop additional products, services, and features.
- Comply with Legal Obligations: To comply with the law or legal proceedings; for example, we may disclose information in response to lawful requests by public authorities, including responding to national security or law enforcement disclosure requirements.
- General Business Operations: Where necessary to the administration of our general business, accounting, recordkeeping, and legal functions.
To make our platform as user-friendly as possible, we – like many other companies – may use “cookies.”
Cookies. A cookie is a small text file that is stored in the web browser that allows CTI or a third party to recognize you. Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes, while others may expire after multiple years. Cookies placed by the website you’re visiting are sometimes called “first-party cookies,” while cookies placed by other companies are sometimes called “third party cookies.”
Types of Cookies.
Essential Cookies. These are first party cookies that are sometimes called “strictly necessary” as without them, we cannot provide much of the functionality that you need on the Services. For example, essential cookies help remember your preferences as you move around the Services.
Analytics Cookies. These cookies track information about how the Services are being used so that we can make improvements and report our performance. They collect information about how visitors use the Services, which site the user came from, the number of each user’s visits, and how long a user stays on the Services. We might also use analytics cookies to test new pages or features to see how users react to them. Analytics cookies may either be first-party cookies or third-party cookies.
Preference Cookies. These cookies are also sometimes called “functionality cookies.” During your visit to the Services, cookies are used to remember information you have entered or choices you make (such as your username, language, or region) on the Services. They also store your preferences when using the Services, for example, your preferred language. These preferences are remembered through the use of persistent cookies, and the next time you visit the Services, you will not have to set them again.
Targeting or Advertising Cookies. These third-party cookies are placed by third-party advertising platforms or networks to deliver ads, track ad performance, and enable advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called “behavioral” “tracking” or “targeted” advertising). More information about how cookies are used for advertising purposes is explained below in Behavioral Targeting and Remarketing. CTI will never use these third-party cookies.
How to Disable Cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you disable cookies, be aware that some features of our Services may not function.
To learn more about how to control cookie settings through your browser:
Click here to learn more about the “Private Browsing” setting and managing cookie settings in Firefox.
Click here to learn more about “Incognito” and managing cookie settings in Chrome.
Click here to learn more about “InPrivate” and managing cookie settings in Internet Explorer.
Click here to learn more about “Private Browsing” and managing cookie settings in Safari.
Clear GIFs. Clear GIFs (a.k.a. web beacons or pixel tags) are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, clear GIFs are embedded invisibly on web pages and are not stored on your hard drive. We might use clear GIFs to track the activities of Site visitors and users of our Services, to help us manage content, and to compile statistics about usage. Our third-party service providers and we also might use clear GIFs in HTML e-mails to our customers to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Behavioral Targeting and Remarketing. We use advertising platforms, including but not limited to Google Ads/DoubleClick (more info here), Facebook Custom Audience (more info here), LinkedIn Marketing (more info here), Microsoft/Bing (more info here), and Marketo (more info here), to display ads as part of our advertising campaigns. As a result, our ads may be displayed to you on a search results page or on third-party sites. These third parties may collect your IP address or other device identifiers and combine the information they collect on our Sites with information about your visits to other sites to create market segments that they will use to advertise our services and those of other advertisers.
Opting Out of Ad Networks. If you wish not to have this cross-site information used to serve your targeted ads, you may opt out of many ad networks by clicking here (or if located in the European Union, click here). You will continue to receive ads on the sites you visit, but the ad networks from which you have opted out will no longer target ads to you based on your activities on other sites. Please note, however, that these opt-out mechanisms are cookie based; so, if you delete cookies, block cookies, or use another device, your opt-out will no longer be effective. For more information, go to www.aboutads.info.
Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Currently, our systems do not recognize browser DNT requests. In the meantime, you can use the “help” portion of the toolbar on most browsers to learn how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you disable cookies, be aware that some features of our Sites may not function.
- Your Choices and Rights
Content. Requests to access, delete, or modify Content will be directed to the Administrator who owns the account. If you wish to request access to personal data contained in Content to delete, modify, or limit use, please provide us with the name of the Customer who submitted your information to our Services. We will refer your request to that Customer and will support them as needed.
Access and Correction. If you are not on an enterprise account, you may log in and use the Account Administration settings or contact us at https://www.crystalindustries.com/gethelp to access or update account profile information. If you are on an Azure Cloud account, you may log in and use the Account Administration settings or contact an administrator for the account to access or update account profile information. CTI will support its enterprise customers as needed to update your account information.
Marketing Choices. Customers can always opt-out of being contacted by us for marketing or promotional purposes by following the opt-out instructions located in the e-mails we send, by changing the account privacy settings, or by emailing us at email@example.com. Please note that if you opt-out of marketing communications, CTI will continue to send you transactional or service-related communications, such as service announcements and administrative messages. If you do not wish to receive these, you have the option to cancel your account by logging in and using the Account Administration settings or by emailing us at https://www.crystalindustries.com/gethelp.
Users in the European Economic Area.
Individuals in the EEA have the following rights concerning their personal data:
- Access. You can ask us to confirm whether we are processing your personal data; give you a copy of that data; and provide you with other information about your personal data, such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
- Rectification. You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
- Erasure. You can ask us to erase your personal data, but only where it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see ‘Objection’ below); it has been processed unlawfully, or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary for compliance with a legal obligation or the establishment, exercise, or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
- Restriction. You can ask us to restrict (i.e., keep but not use) your personal data, but only where its accuracy is contested (see ‘Rectification’ above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction where we have your consent; to establish, exercise, or defend legal claims; or to protect the rights of another natural or legal person.
- Objection. You can object to any processing of your personal data which has our ‘legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. In addition, you can object to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing without providing any reason. We will then cease the processing of your personal data for direct marketing purposes.
- Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent, and the processing is carried out by automated means.
- Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data which is based upon consent that you have previously provided.
- Data Retention
We keep your personal data for as long as reasonably necessary for the purposes set out in Section 4 above. Except as noted below, we will retain your account profile data as necessary for our legitimate business purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention, and other business administrative purposes); generally, where we no longer have a legitimate business purpose of retaining it, we will anonymize or delete such personal data within 180 days after the closing of your account. However, we will maintain your personal information longer where required for tax or accounting purposes to ensure we would be able to defend or raise a claim or where we have a specific need to retain, though we will generally not keep personal data for longer than seven years following the last date of communication with you. Legitimate business purposes that we may rely on to keep your personal data when you are not a customer include direct marketing (where you have not opted out) for up to two years, CTI fliating the restoration or establishment of a user account in the future, maintaining CTI’s business intelligence systems for analytics and other internal purposes, etc. Where your information is no longer required, we will ensure it is disposed of securely.
- How We Protect Your Information
We have implemented technical, physical, and administrative safeguards to protect your information. However, no company, including CTI, can guarantee the absolute security of Internet communications. If you have any questions about how we secure your information, please contact us at https://www.crystalindustries.com/gethelp.
- Blogs; Forums
Our Sites may have publicly accessible blogs and community forums. Be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request the removal of your information from our blog or community forum, contact us at https://www.crystalindustries.com/gethelp. In some cases, we may not be able to remove your information; if that happens, we will let you know why.
- Linked Sites; Third Party Widgets
Links to Other Websites. Our Services may include links to other websites with privacy practices that may differ from ours. Any information you submit to a website not belonging to us is governed by that site’s privacy statements, not this one. We encourage you to carefully read the privacy statement of any website you visit.
Plugins and Social Media Widgets. Our Sites may include social media features and widgets (collectively “Widgets”), such as a “share this” button or other interactive mini-programs that run on our Services. Widgets can be used to provide you with specific services from other companies (e.g., displaying the news, opinions, music, etc.). Personal data, such as your email address, may be collected through the Widgets. Cookies may also be set by the Widgets to enable them to function properly. Widgets displayed on our Sites are not hosted by CTI and are subject to the privacy policies of the third-party company providing the Widget, and not this Policy.
- Children’s Personal Data
The Services are not directed toward children, and we do not encourage children to take part in providing us with any personally identifiable information. We do not knowingly collect any personal data from children under the age of 18. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal data through the Services. If you have reason to believe that a child under the age of 18, without a parent or guardian’s consent, has provided personal data to us through the Services, please contact us at firstname.lastname@example.org, and we will use commercially reasonable efforts to delete that information.
- International Transfers and CTI Privacy Shield Notice
International Transfer of Data. We are based in the United States, and the information we collect is governed by U.S. law. The information we collect may be transferred to, used from, and stored in the United States or other jurisdictions in which CTI, our affiliates, or service providers are located; these jurisdictions (including the United States) may not guarantee the same level of protection of personal data as the jurisdictions in which you reside. By using the Services, you acknowledge and agree to any such transfer of information outside of the jurisdiction in which you reside.
Law Enforcement Requests. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Onward Transfers. Third parties who process personal data on our behalf must agree to use such personal data only for the purpose for which it is provided by us, and they must contractually agree to provide adequate protections for personal data. CTI will continue to be liable for any onward transfers of personal data to such third parties. Where required by applicable data protection laws, we have ensured that such third parties sign standard contractual clauses as approved by the European Commission or other supervisory authorities. You can obtain a copy of such safeguards by contacting us (see below).
Complaints or Questions About Our Privacy Shield Certifications. If you have any questions or complaints regarding our Privacy Shield Certification, you may contact us at email@example.com. We will promptly investigate and attempt to resolve any complaints and will respond to your complaint within 45 days of receiving any such complaint. If you are a user located in the EEA whose complaint cannot be resolved through this process, we will participate in the dispute resolution process administered by JAMS. For information about how to initiate a Privacy Shield claim with JAMS, please contact JAMS at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. Under certain conditions (which are described on the Privacy Shield website), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
- Changes to this Policy
We may update this Policy to reflect changes to our privacy practices. If you are a CTI customer and we make any material changes that affect the way we treat information that we have previously collected from you, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice through the Services prior to the change becoming effective. We encourage you to periodically review this Policy for the latest information on our privacy practices.
- How to Contact Us/Dispute Resolution
If you have any questions or concerns regarding the way in which your personal data is being processed, or you want to exercise your rights above, please reach out to CTI using the contact information below:
If you remain dissatisfied, you have the right to reach out directly to the Data Protection Authority in your jurisdiction. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact the Data Protection Authority at any time. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.