Unison Privacy Policy

Introduction

This privacy policy (“Policy”) is designed to inform users of Unison Computing, PBC’s (“Unison’s” or “our”) proprietary cloud computing platform, hosting service, and related websites and applications (individually or collectively, the “Service”) about how Unison gathers and uses personal information collected by us in connection with the Service. BY ACCESSING OR USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE THE SERVICE. We will take reasonable steps to protect user privacy consistent with the guidelines set forth in this policy and with applicable U.S. laws, including the California Consumer Privacy Act (“CCPA”) and the General Data Protection Regulation (“GDPR”). In this policy, “user” or “you” means any person using or otherwise benefiting from the Service or otherwise submitting personal information to Unison.

1. GDPR Disclosures

What Information Do We Collect?

Limited Personal Information

We collect the following personal information in connection with the Service:

All of this information is referred to in this Policy as “Personal Information”.

Apart from the limited personal information described above, Unison does not collect and does not wish to receive any personally identifying information, nor does Unison collect or wish to collect any data from individuals under the age of 18.

What are the Legal Bases for Our Collection and Use of Personal Information?

We rely on the following legal grounds to collect and process your Personal Information:

How Do We Use the Information We Collect?

Personal Information

Your Personal Information may be supplemented with additional information regarding your activities on the Service; to the extent that such information is linked specifically to you, we will treat that additional information as your Personal Information. We may use your email address to contact you to market our materials or for the internal operational and administrative purposes of the Service.

User Data

We collect and store User Data in order to provide the Service to you, and it may be used for the internal operational, product development, and administrative purposes of the Service.

Web Tracking Information

We use web tracking information to administer the Service and to understand how well our Service is working, to store your user preferences, and to develop statistical information on usage of the Service. This allows us to determine which features and content users like best to help us improve our Service, to personalize your user experience, and to measure overall effectiveness.

Aggregate Information

We will also create statistical, aggregated data relating to our users and the Service for analytical purposes. Aggregated data is derived from Personal Information and User Data but in its aggregated form it does not duplicate or reveal any User Data or relate to or identify any individual or entity.

What Information Do We Disclose to Third Parties?

Personal Information and User Data

We will not disclose your Personal Information or User Data to any third parties except as follows: (i) to third party contractors engaged to provide services on our behalf (“Contractors”), such as performing marketing, analyzing data and usage of the Service, hosting and operating the Service or providing support and maintenance services for the Service, or providing customer service. We enter into agreements with all Contractors that require Contractors to use the Personal Information they receive only to perform services for us; or (ii) when we have your consent to share the information.

Email Communications

If you register and provide your email address, we will send you administrative and promotional emails. If you wish to opt out of these emails, you may do so by emailing privacy@unison.cloud.

Network Operators

Use of the Service may involve use of the services of third party internet or telecommunications providers. Such providers are not our contractors, and any information that a provider collects in connection with your use of the Service is not “Personal Information” and is not subject to this Privacy Policy. We are not responsible for the acts or omissions of these third parties.

Legal Exception

Notwithstanding the above, we may in any event use Personal Information and other information collected through the Service to the extent required by law or legal process, to resolve disputes, to enforce our agreements (including this Privacy Policy), or if in our reasonable discretion use is necessary to protect our legal rights or to protect third parties.

Additional Disclosures

We reserve the right to disclose any information we collect in connection with the Service, including Personal Information, (a) to any successor to our business as a result of any merger, acquisition, asset sale or similar transaction; and (b) to any law enforcement, judicial authority, or governmental or regulatory authority, to the extent required by law or if in our reasonable discretion disclosure is necessary to enforce or protect our legal rights or to protect third parties.

Your Choices About Your Information

You have the right to:

To request an accounting of your Personal Information, a change to your Personal Information, or deletion of your Personal Information, contact privacy@unison.cloud.

If you are a resident of the European Union and have a complaint about our use or processing of your Personal Information, you have a right to lodge a complaint with a national Data Protection Authority. Each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country here: Article 29.

If you have consented to the collection, processing, and/or transfer of your Personal Information, you have the right fully or partially to withdraw your consent. To withdraw your consent, please contact privacy@unison.cloud. Once we have received notification that you withdraw your consent, we will no longer process your information for the purposes to which you consented unless there are compelling legitimate grounds for further processing or for the establishment, exercise, or defense of legal claims.

General

Security

We use reasonable security precautions to protect the security and integrity of your Personal Information in accordance with this policy and applicable law. However, no Internet transmission is completely secure, and we cannot guarantee that security breaches will not occur. Without limitation of the foregoing, we are not responsible for the actions of hackers and other unauthorized third parties that breach our reasonable security procedures.

Links

During the course of using our Service you may encounter links to other websites or services. Unison is not responsible for the privacy practices or the content of those websites. Users should be aware of this when they leave our Service and review the privacy statements of each third party website. This Privacy Policy applies solely to information collected by the Service.

Amendments

Unison may modify or amend this policy from time to time. If we make any material changes in the way in which Personal Information is collected, used or transferred, we will notify you of these changes by modification of this Privacy Policy, which will be available for review by you at the Service.

Geographic Location

We offer the service in several geographic regions. We define a geographic region as the location where a user is located.

Users Within the United States

For users within the United States, we process data in data centers located in the United States. We have adopted reasonable physical, technical, and organizational safeguards against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, access, use, or processing of user data in our possession. We comply with state and federal laws governing the protection of personal information.

Users Within the European Union

For users within the European Union, we transfer data from the European Union to data centers located in the United States for processing. Such processing is performed in accordance with Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and free movement of such data, known as the General Data Protection Regulation (“GDPR”). This includes the imposition of required safeguards with respect to accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of data. Transfers of European Union user data to processors in the United States are made in accordance with the GDPR.

Users in Other Regions

For users not within the United States or the European Union, we transfer data from such regions to the United States for processing. For such users, we have adopted reasonable physical, technical, and organizational safeguards against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, access, use, or processing of user data in our possession that substantially mirror protections available to users located within the United States.

Retention and Deletion

We will only retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. In some circumstances, we may anonymize your Personal Information so that it can no longer be associated with you, at which point it will no longer be treated as Personal Information. It is our policy to retain Personal Information for until such personal information is no longer necessary to deliver the Service and to delete such personal information thereafter.

About Us

We are based in the United States of America at Unison Computing, PBC, 177 Huntington Ave, Ste 1703 PMB 30333 Boston, MA, 02115-3153. Users in the United States and regions other than the European Union can contact us at the above address. Our representative in the EU for GDPR purposes can be contacted at gdpr@unison.cloud.

2. CCPA Disclosures

California Users’ Rights

California residents have certain rights regarding our collection and use of personal information under the California Consumer Privacy Act (“CCPA” or the “Act”). For purposes of this “CCPA Section,” the term “personal information” means personal information under Cal. Civ. Code 1798.140(o). To the extent that any other provision of this Privacy Policy conflicts a provision of this CCPA Section, the provision in this section controls as to California residents.

California residents may:

*We will not discriminate against Users for exercising their rights under the CCPA.

Exercising Your Rights

Requests for Information

California Users may request that we provide certain information about our use of their personal information, as specified above. Upon receiving a request from a User, we will take reasonable steps to verify the User’s identity. We will respond to a verified User request by: (a) providing the requested information; or (b) explaining to the User why the Act does not require us to provide the requested information.

We will respond to requests for information within 45 days. If a response requires additional time, we will notify the User of the basis for the delay and may extend our response period up to an additional 90 days. If the Act requires us to provide the information requested to the User, we will provide the information covering the 12 months preceding the request, free of charge, and in a readily useable portable format. We have no obligation to provide personal information to a User more than twice in a 12-month period. If a request or series of requests are manifestly unfounded or excessive, we may charge a reasonable fee for processing the request(s), or may refuse to process the request(s).

Requests to Opt-Out

California users may opt-out of the sale of their personal information by contacting us at privacy@unison.cloud.

Once we have received a directive from a User to not sell the User’s personal information, we will not sell the User’s personal information unless and until the User subsequently provides express authorization for the sale of the User’s personal information. We will not ask the User for permission to sell their personal information for 12 months after receiving a request to opt-out. We will only use information that a User provides in submitting a request to opt out for purposes of processing the opt-out request.

Requests to Delete

California Users may request that we delete their personal information. Upon receiving a request from a User, we will take reasonable steps to verify the User’s identity. We will respond to a verified User request by: (a) deleting the User’s personal information and, if applicable, directing our service providers to delete the User’s personal information; or (ii) explaining to the User why the Act does not require us to delete their personal information.

If a request or series of requests are manifestly unfounded or excessive, we may charge a reasonable fee for processing the request(s), or may refuse to process the request(s).

Minors

If we have actual knowledge that a User is under 16 years of age, we will not sell the User’s personal information unless the User – or, in the case of Users who are less than 13 years of age, the User’s parent or guardian – affirmatively “opts in” to the sale of the User’s information.

Personal Information We Have Collected, Sold, or Disclosed

In the preceding 12 months, we have collected the following categories of personal information about California Users:

*We have not sold any consumers’ personal information in the preceding 12 months.

**We have not shared for a business purpose any consumers’ personal information in the preceding 12 months.