PRIVACY POLICY

Last Revised: October 2, 2024

This privacy notice (the “Privacy Notice”) together with the Terms of Use constitutes an agreement between you and Cronometer Software Inc. and its affiliates (collectively “Cronometer”, “us”, “our,” or “we”) while accessing and using our website located at cronometer.com, other websites we own or operate, and/or Cronometer’s mobile applications (collectively, the “Site”). This Privacy Notice describes how Cronometer collects, protects, uses, and discloses information and data collected and created in the course of your access to and use of the Cronometer website, products, and services, as well as your interactions with Cronometer via telephone, electronic or other means (collectively, and together with the Site, the “Services”), and is governed by our Terms of Use.

Your privacy is important, and we encourage you to read this Privacy Notice carefully to understand the information we collect and what we do with it.

‍‍Consent. By accessing the Site, registering with Cronometer, creating a user profile on our Site, or submitting information to Cronometer, you consent to this Privacy Notice and the collection and use of information as described below. We will take steps to notify you and confirm that you agree at different stages of collecting information. If you do not agree with our policies and practices, you may not be able to access or benefit from certain portions of the Site.  

‍Scope. Please be advised that this Privacy Notice applies to information that we collect when you visit the Site or use our Services, when you submit your information to us on the Site or our Services, when you communicate with us through email and other means, via third parties that we work with to provide our Services, or by any other means over the course of your use of our Services.  

For purposes of this Privacy Notice:  

‍“HIPAA” means the United States Health Insurance Portability and Accountability Act of 1996.  

‍“PHI” means individually identifiable health information, held or maintained by a Covered Entity or its Business Associates acting for the Covered Entity that is transmitted or maintained in any form or medium (including the PHI of non-U.S. citizens).  

‍“Business Associate” means a person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or provides services to, a HIPAA Covered Entity.  

‍“Covered Entity” means (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions to which HIPAA applies.  

‍“Content” means any expression fixed in a tangible medium and includes, without limitation, ideas, text, comments, video, audio, graphics, designs, drawings, animations, logos, trademarks, copyrights, information, data, software, scripts, executable files, recipes, workouts, likes, activities, maps, routes, nutritional information and data, and any intellectual property therein, any of which may be created, submitted, or otherwise made accessible on or through the Site and/or Services.

‍Personal Information. As used in this Privacy Notice, “Personal Information” means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer, account or device, such as:

• Identifiers (e.g., name, address, telephone number, email address, username);
• Sensitive Personal Information (e.g. state identification number, financial information);
• Protected classification information (e.g. age, citizenship, sex, veteran or military status);
• Nutrition and personal health related information (e.g. height, weight, nutrition, diet, exercise, health conditions, and targets);
• Connections (e.g. apps, devices, professionals and friends connected to your account);
• Biometric information (e.g. keystrokes, behavioral or biological characteristics);
• Internet or other similar activity (e.g. browsing history);
• Employment-related information (e.g. current or past employment); and
• Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99).
• Commercial information (e.g. products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies).

Non Personal Information.  As used in this Privacy Notice, “Non-Personal Information” means information that does not identify you and cannot be used to contact you personally and may include: (a) certain publicly available information; (b) aggregate information, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; (c) deidentified information that cannot be easily linked back to the individual; or (d) and in full compliance with HIPAA and Privacy laws, and on an aggregated and anonymous basis, your diary entries, health data, recipes, targets and profile. Under certain circumstances, Personal Information and/or Non-Personal Information may constitute PHI. If HIPAA applies to such Personal Information and/or Non-Personal Information, we will take appropriate steps to comply with HIPAA’s privacy and security rule requirement. For example, if we are a Business Associate of a Covered Entity, and if specific Personal Information and/or Non-Personal Information that we use or disclose as such a Business Associate is PHI, we will take appropriate steps to comply with HIPAA’s privacy and security rule requirement with respect to any such use and disclosure.  

Lawful Basis. We will only collect your Personal Information (a) when applicable, with your consent; or (b) as authorized or required by law. We will limit the collection of Personal Information to that which is reasonable. If we collect or use your Personal Information based on your consent, we will also notify you of any changes and will request your further consent as needed.  

HOW WE COLLECT & USE YOUR PERSONAL INFORMATION The Personal Information we collect about you and how we use the Personal Information we collect depends on the context of your interactions with Cronometer, the Site, and our Services.  

Information we collect directly from you, with your consent. We collect Personal Information directly from you with your consent when you leave a comment or use other interactive features on the Site or communicate with us online or by other means. If you leave a comment on the Site, we collect your email address and IP address to confirm that the comment originated from a Site user and not from a bot or other automated spam generator. If you access or submit an inquiry through our Site, subscribe to a service, register to receive marketing materials, participate in contests, sweepstakes or promotions, or receive other Services, we may ask you to provide certain personal information such as your name, email address, phone number and zip code, and possibly other Personal Information. We take reasonable steps to make sure that your contact information is accurate, complete, current, and otherwise reliable. We use your Personal Information to communicate with you about Cronometer and our Services and for direct marketing purposes, such as:  

• Sending you periodic email and newsletter communications;
• Responding to your inquiries;
• Sending you surveys and other quality assurance communications;
• Analyzing preferences, trends, and statistics;
• Informing you of our new products, services, and offers; and
• Providing you with other marketing information from and about Cronometer.

We will only contact you in ways compatible with your communications choices. However, even if you have opted-out of receiving marketing communications from us, we may need to contact you to address questions or issues specific to the services you have requested.  

We may periodically supplement the Personal Information we collect from you with personal or non-personal information about you or another person obtained from companies with whom we have marketing or other business relationships and other third party sources. Any aggregate information that is linked or linkable to your Personal Information will be treated as Personal Information under this Privacy Notice.  

Currently, Cronometer or our third party service providers retain and store information collected by, or provided to, us in the cloud and on secure, HIPAA compliant servers in the United States. As Cronometer and some of our third party service providers may retain and store information received from users (including Personal Information) outside of Canada, and under the laws of those other jurisdictions, in certain circumstances courts, law enforcement agencies, regulatory agencies or security authorities in those other provinces or foreign jurisdictions may be entitled to access users’ information.  

‍Payment Information. Cronometer does not collect or maintain any payment information. If you choose to subscribe to our Site and/or Services, our current payment processor, will collect your financial information to facilitate the transaction. We partner with third party service providers and vendors to provide access to existing payment gateways and your credit card, banking and other billing information will be stored only with our payment processor, not with Cronometer. You will be given information regarding our current payment processor, including access to their privacy policy and terms, when you authorize a transaction through the Site.  

‍Information collected from your use of the Site, with a legitimate interest. We use analytics tools or other technologies to collect information about you from your use of this Site. We collect this information to achieve our legitimate interests of operating the Site and our Service, as well as marketing our Services to a broader audience. This information may be combined with other information that you choose to submit to us. This information may also be merged into aggregate information about site visitors and traffic. We use third-party analytics tools to distinguish and analyze user behavior.

Log Files. We collect anonymous and technical information from your computer, including your internet protocol address, data about your computer or other device, the type of browser or operating system your device uses, the programs, services, and version of software you use, and the address of any linking site, when you request a web page while visiting the Site. We use this information for statistical purposes, to ensure that our web pages will appear and function appropriately on your computer, to determine how you were referred to our Site, and to personalize your access to our Site or conduct our own analyses and research to improve our programs, products, services, and content. We may sell, rent, or otherwise convey this anonymous, technical information to a third party, but this information will never constitute Personal Information. We also use third parties to collect and analyze information. If you do not agree with Cronometer or our Services Providers (as defined below) collecting and using your anonymous and technical information as described in this paragraph, discontinue use of the Site or you may contact us as described under “Controlling Your Personal Information.”  

‍Cookies. Like most commercial websites, we use cookies to track use of our Site. Cookies are small text files that are stored on your computer or equipment when you visit certain online pages that record your preferences. Cronometer and our Service Providers use cookies to track use of our Site and online services. Cookies may also be used to monitor traffic, improve the Site, make the Site easier and/or more relevant for your use, and improve the performance of our advertising. You can make personalized choices regarding the cookies employed within the Site in the Settings section. However, certain features of our Sites or other Services may not work if you delete or disable cookies. For more information on cookies and how to disable them on your computer please visit: https://www.consumer.ftc.gov/articles/0042-online-tracking.  

Generally-speaking, we use 1st and 3rd-party session and persistent cookies. The cookies set by us are called “1st-party cookies” and the cookies set by our Service Providers are called “3rd-party cookies.” Session cookies are temporary cookies that remain on your device until you close your web browser. Many session cookies are essential to make our Site work correctly, as they typically enable you to move around our Site and use our features. Persistent cookies remain on your device after you close your browser or until you manually delete it (for the former, the amount of time the cookie remains on your device will depend on the duration or “lifetime” of the specific cookie and your browser settings). Persistent cookies help us recognize you as an existing user of our Site, so it’s easier and convenient to return to our Site or interact with our Services without signing in again. In addition, persistent cookies also help us recognize you when you view a resource belonging to our Site from another website or app (such as an advertisement) and help us record information about your web browsing habits during the lifetime of the persistent cookie.  

Examples of cookies we use:

• Strictly Necessary Cookies: these cookies are strictly necessary for our Site to function properly and ensure our Services are accessible to you (e.g., log-in functionality, load balancing, navigation, filling in forms). The Site cannot function properly without these cookies.
• Preference Cookies: enable our Site to provide enhanced features or settings based on your previous visits and selections, such as language preferences, remembering log-in details, remember searches and filter settings, and other conveniences.
• Statistic Cookies: Statistic cookies enable us to understand how visitors interact with our Site by collecting and reporting information anonymously.
• Social Media Cookies: These cookies are used to allow you to share or like our pages and content through third-party social media websites.
• Marketing Cookies: Marketing cookies are used to track visitors across our Site. The intention is to display ads that are relevant and engaging for the individual user.

Information we collect indirectly from you, with your consent. We collect Personal Information from other sources with your consent, such as health applications on your device.  For example, in such cases, we adhere to the following:

• Health Connect - Limited Use Disclosure: If you give Cronometer permission to access data from your Health Connect application, we will use that information in accordance with this Privacy Notice, to provide you with the Services, and in compliance with the Health Connect Permissions policy, including the Limited Use requirements.
• Apple Health - HealthKit Limited Use:  If you give Cronometer permission to access data from your Apple Health application, we will use that information in accordance with this Privacy Notice, to provide you with the Services, and in compliance with the Apple HealthKit guidelines.

There may be other instances where we collect Personal Information from other sources, such as third-party applications, with your consent.  In these cases, we will only do so after receiving your express consent to access the data and will do so in compliance with any applicable terms, the third-party privacy policy and this Privacy Notice.  

Cronometer uses Personal Information collected from you automatically perform data analysis, identify Site and Services usage trends, develop and display content and advertising tailored to your interests or location, and to measure the effectiveness of our marketing efforts and our Services. Cronometer may use and store this information and the reports we generate using this information in an anonymized form or in the aggregate that it is not associated with individual end users and does not include personal information.

‍Other ways we might use your Personal Information. In addition to the specific uses and purposes described above, we might use information that we collect about you or that you provide to us, including any Personal Information:

• To present our Site and its contents to you.
• To provide you with information, products, or services that you request from us or that we deem relevant to you.
• To allow you to participate in interactive features on our Site or to notify you about changes to our Site or any products or services we offer or provide though it.
• To provide you with other information about a business or organization with which we are associated.
• To protect your privacy and enforce this Privacy Notice.
• If we believe it is necessary to identify, contact or bring legal action against persons or entities who may be causing injury to you, to Cronometer, or to others.
• To comply with applicable law, regulation, legal process or court order.

Children Under Age 16. Cronometer products and services are designed to benefit both adults and children. However, any Personal Information submitted pertaining to children under the age of 16 must be explicitly consented to by that child’s parent or legal guardian. As such, this Site may not be used, and no Personal Information should be submitted from children under 16 years of age without such consent. If you are under 16, do not use or provide any information on this Site or on or through any of its features, make any purchases through the Site, use any of the interactive or public comment features of the Site or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under 16 without verification of parental or legal guardian consent, we will delete that information. If you believe we might have any information from or about a child under 16 without appropriate consent from a legal guardian, please contact us at privacy@cronometer.com.

A SPECIAL NOTE ABOUT YOUR HEALTH INFORMATION

We are committed to protecting your privacy and we recognize the sensitivity of your health information.  We will manage your PHI in accordance with applicable health information privacy legislation, such as HIPAA.    

We do not sell PHI, or provide it to third parties without your consent.  

You should consider carefully the nature of the sensitive health information you add to your account.  As noted below, we take reasonable, legally permitted measures to protect your information from law enforcement, however, it may be subject to access in accordance with applicable laws.  

In some cases, healthcare providers may be using our Services to collect, use and disclose personal information about you, their patient.  As applicable, those healthcare providers are the custodians of that personal health information.  If you would like to know more about how your healthcare provider handles your personal information, you should ask them about their policies and practices.  

‍DISCLOSURE OF YOUR INFORMATION

As permitted by applicable law, we may share your Personal Information as follows:

• To Our Service Providers. Vendors that provide us with various services (collectively, “Service Providers”) may have access to your Personal Information while they are performing their contractual obligations. Examples of Service Providers we use include payment processors, data analytics companies, email delivery, web hosting services, customer service, and marketing services. We prohibit our Service Providers from selling or disclosing the Personal Information we provide, and we require all Service Providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Information. These Service Providers include but are not limited to marketing companies, companies that host our Site or App, or provide IT services to support either, platforms we use to help us manage our data and companies that assist us in processing job applications that you submit through our Site. The type of information that we provide to a Service Provider will depend on the purpose of the service that they provide to us.
• For Special Features. We may offer special features that require transmission of certain data to the third party helping us to provide you with the feature.  In such cases, we will only provide a limited amount of information in accordance with the notice or consent provided at the time you request the feature.  In some cases, we will not transmit personally identifiable information, however, it may involve certain details about you, such as diary data, anthropometrics, targets and other contextual information.  An example of such a feature is the AI assistant available for our “Pro” accounts, where we provide certain limited information to OpenAI with your consent.  If your organization is a Covered Entity under HIPAA with which we have a Business Associate Agreement, it may enable this feature and if so, when you use it we will provide OpenAI with certain limited information under our Business Associate Agreement with OpenAI.
• To Our Advertisers. For users accessing our free Services, we disclose certain limited information to Service Providers that are network advertisers, sponsors, and/or traffic measurement services (collectively, “Advertisers”) to enable those Advertisers to serve targeted advertisements to you on the Site, the App or other Sites or media (e.g., social networking platforms). We allow some Advertisers to assist us with behavioral advertising by collecting and analyzing certain information when you visit our Site (e.g., click stream information, browser type, time and date, subject clicked or scrolled over). These Advertisers typically use a cookie or other technologies to personalize advertising content and measure the effectiveness of their ads. We do not provide personal health information, or PHI, to Advertisers. Additionally, for users paying for our Services, we may from time to time send you offers from Advertisers, but generally speaking you will not be subject to the targeted advertisements mentioned above.
• Other Third Parties. As permitted by applicable law, we may disclose Personal Information to third parties (i) as part of a business transition (e.g. a merger or acquisition by another company); (ii) to comply with federal, state, or local law, a judicial proceeding, court order, or other legal process, or if we have a good faith belief that disclosure is necessary to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (iii) if we believe it is appropriate in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Privacy Notice, or to exercise or defend our legal claims; or (iv) in any case where we have obtained your prior consent.
• For Legal and Other Compliance. We may disclose Personal Information when we believe it is appropriate to: (a) comply with the law, (b) enforce or apply this Privacy Notice or our other policies or agreements, (b) protect our or our users' rights, property or safety, (c) protect our users from fraudulent, abusive or unlawful use of, our Site, or (d) if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of records without delay.
• For Lawful Requests.We do not disclose your Personal Information simply on request.  We will take reasonable, legally allowed measures to protect your information from requests by law enforcement.  It is our policy to disclose personal information to law enforcement and such governmental agencies only in response to a legal instrument issued by an agency or court with competent jurisdiction, such as a search warrant issued upon demonstration of probable cause.  To be clear, however, your personal information may be accessible under the laws of any applicable jurisdiction.  Therefore, if you have concerns about certain types of information being collected by a state actor, please do not add that information to your account.
• As Part of Business Transfers. We may disclose Personal Information as part of any merger, acquisition, debt financing, sale of company assets or other business transaction. In this situation, we will ensure that standard confidentiality and data security measures are agreed to by all parties with access to Personal Information.
• As Aggregated or Deidentified Information. We reserve the right to share or sell aggregated, anonymous or deidentified information about any individuals with non-affiliated entities for marketing, advertising, research or other purposes, without restriction. We do not limit the third parties’ use of the aggregated information.
• As PHI Information. If information constitutes PHI, we will only use or share PHI in compliance with the privacy and data security requirements of the applicable health information privacy laws, such as HIPAA, and in conformity with the terms and conditions of any applicable Business Associate Agreement.

SECURITY

‍‍Data Security. It is Cronometer’s policy to treat your Personal Information with complete confidentiality. We minimize the Personal Information we store and employ commercially appropriate and reasonable safeguards both online and offline to maintain the security, confidentiality, and integrity of information that we collect about you. We maintain physical, electronic and procedural security measures to safeguard your non-public personal information. We update and test our technology to improve the protection of our information about you and to assure the integrity of that information.  

We educate our employees about the importance of confidentiality and customer privacy through standard operating procedures and special training programs.  

In many instances we employ state-of-the-art, and in any event commercially reasonable, measures to protect your Personal Information, such as two-factor authentication, penetration testing, the implementation of privacy-by-design and thorough vetting of our hosting services providers. However, please note, however, that no transmission of data over the internet is 100% secure and we cannot guarantee that unauthorized third parties will not defeat those measures and use nonpublic Personal Information for improper purposes. Therefore, we are not responsible for circumvention of any privacy settings or security measures contained on the Site or for actions of third parties. The safety and security of your information also depends on you, and you are responsible for keeping your password confidential. Also, always remember to log off your account and close your browser window when you have finished your visit. This is to ensure that others cannot access your account, especially if you are sharing a computer with someone else or are using a computer in a public place. Please refer to the Federal Trade Commission's website at http://www.ftc.gov/bcp/menus/consumer/data.shtm for information about how to help protect yourself against identity theft.  

‍Public Forums. If you choose to make use of any public forum, comment section or chat function, we may collect any information you may disclose through such means.  

‍In-Media Communications. If you choose to send a message to another user or defined group of users through our message, chat, post or other function, we may collect any information you may disclose through such means, as well as the necessary Personal Information of the user(s) you are contacting, in order to facilitate the communication.  

‍Third Party Sites. This Privacy Notice applies only to information collected by Cronometer. We may provide links to third party websites from our Sites as a service to our users, but we have no ability to control, and we are not responsible for, the privacy and data collection, use, and disclosure practices of third party websites. When you click on links that take you to external websites, you will be subject to their privacy policies and practices and not ours. We encourage you to review and understand the privacy policies of such websites before providing them with any information.  

‍Photos and Videos. If you post a video, image or photo on our Site for public view you should be aware that these may be viewed, collected, copied and/or used by other users without your knowledge or consent. We are not responsible for the videos, or photos that you choose to submit to the public sections of our Site. For clarity, there are also private sections of the Site where you can submit content that will not be viewable by other users. Please see our Terms of Service at https://cronometer.com/terms/ on this point and for other guidelines about posting content on any portion of our Site.  

‍Updates and Push Notifications. We may occasionally send you updates, patches and related push notifications that may be of importance to you. If you do not wish to receive updates, patches and notifications you should discontinue use of our Site and/or Services or disconnect your computer or device from the Internet. If you do not wish to receive push notifications, do not select the "Send me newsletters and promotional emails" box under your Account Information in your Cronometer Profile. If you choose to enable push notifications, we may use your information such as a device ID or email address in order to send push notifications to your device.  

‍Do Not Track Signals. Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. For information about Do Not Track, visit www.allaboutdnt.org. At this time, Cronometer does not respond to Do Not Track browser settings or signals. In addition, Cronometer may use other technology that is standard to the internet to track visitors to the Site. Those tools may be used by us and by third parties to collect information about you and your internet activity, even if you have turned on the Do Not Track signal.  

‍Unauthorized Use. If you become aware of any unauthorized submission of information to Cronometer, including children’s information, please inform us by contacting us at the contact information listed below so that we may delete it.

RETAINING AND DELETING YOUR PERSONAL INFORMATION
‍
‍Cronometer retains Personal Information as long as it is reasonably necessary to provide the Services to you and others such as professionals on your behalf.  This includes consideration of business requirements and legal obligations to retain the information.  You have the ability to delete information from your account at any time.    

As described in the “Controlling your Personal Information” section below, you can control many aspects of the information in your account, such as profile information, including by deleting the information or your account.  As described below, you may request deletion of your account by making a request to privacy@cronometer.com.  Otherwise, we will generally keep information associated with your account until it is no longer reasonably necessary to provide the Services, or until your account is deleted. We may delete accounts that are unused for a certain period, such as no activity for 36 months, depending on the nature of the account. We may consider the amount, nature and sensitivity of the personal information and purposes for which it may be processed to determine retention.  We may retain de-identified or aggregated information with other non-personal data indefinitely as it is no longer Personal Information and it may be useful for our business purposes.  

Following the deletion of information from your account, your account, or a request for deletion, we take steps to fully delete the Personal Information from our logs and systems within a reasonable time.  We may retain information for a longer period as permitted by law, including for legal compliance and regulatory purposes, to prevent fraud, collect fees, resolve disputes, assist with investigations, or enforce our terms or a legal right.  We will handle the information we retain in accordance with this Privacy Notice.  

‍CONTROLLING YOUR PERSONAL INFORMATION

Cronometer provides you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information. Depending on where you reside, your options to control your Personal Information may include some or all of the following:

• Changing the Services for which you are signed up.
• Changing your preferences for how and about what we communicate with you.
• Changing the third parties you share certain information with, such as friends, professionals, and connected apps.
• Correcting, updating, and deleting the Personal Information in your account. Please note that certain legal obligations may limit or prevent our ability to fulfill these requests, and that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Site, Portal, or App for a period of time.
• Requesting access to the Personal Information we hold about you and that we amend or delete it.
• Choosing whether to receive marketing communications from us, including promotions, surveys, and information about products and services that may be of interest to you.
• Control how the cookies we use interact with your browser.

At any time, you may exercise any of these controls and choices, express concerns, lodge a complaint, or obtain additional information about the use of your Personal Information by contacting us at privacy@cronometer.com.

We Do Not Sell Your Personal Information.  Cronometer will not share the details of your Cronometer account for commercial purposes without the express permission of the end-user, and in accordance with all relevant legislation.  

‍Opting Out of Sharing.  We may share your Personal Information with friends and professionals, for example, as permitted by you.  If you would like to opt-out of sharing your Personal Information, there are various ways you can accomplish this.  You may delete your account at any time, following which, we will not share your information with third parties except as may be required by law.  You may also see and control sharing with third parties through your account by going to the “More” link and selecting “Sharing” in your account.  You will be able to see the friends you are sharing with (for Gold subscribers), as well as the professionals and third party apps which you have connected to your account.  You may decide to add or stop sharing with any apps or professionals.  If you would like to opt-out of sharing in these ways, or opt-out of sharing any targeted advertising, sharing with third-parties, please contact our privacy officer at privacy@cronometer.com. In some circumstances, opting out of sharing may mean we or third parties are not able to provide you with certain services.  We may also consider certain legal, contractual and business interests and obligations and your rights, including to opt-out in the circumstances.  

Opting Out of Communications. We will only communicate with you if you want to hear from us, or if it necessitated by the Services you receive from us (i.e. transactional, payment or invoicing related messages). You can modify or limit the communications we send to you by clicking the “unsubscribe” link at the bottom of any of our emails, or by visiting the “Settings” section of the Site where you can make specific choices regarding your communication preferences. You may also contact us directly by email at privacy@cronometer.com. Please be sure to include your full name, email address and specifically what information you do not want to receive.

UNITED STATES – STATE PRIVACY LAWS  

This section of the Privacy Policy is specifically intended to address Cronometer’s obligations in respect of the various states with privacy laws, including California, Colorado, Connecticut, Montana, Oregon, Texas, Virginia, and Utah.  Along with the provisions above, the sections below describes additional measures we take to collect, use, and share personal data in accordance with the respective state laws.  

‍CALIFORNIA PRIVACY RIGHTS

Cronometer adopted this section to comply with the California Consumer Privacy Act (“CCPA”) and applies to residents of the State of California (“California Consumers”). Without limiting the foregoing, this section provides California Consumers with the disclosures and notices required under the CCPA. Certain exceptions and limitations, may apply to a California Consumer’s rights and Cronometer’s obligations under the CCPA.  

Personal Information Collected. Cronometer has collected the following categories of Personal Information from California Consumers within the last twelve (12) months:

• Identifiers (e.g. real name, alias, online identifier, IP address, email address, or other similar identifiers).
• Personal Information Categories Listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)). Some Personal Information included in this category may overlap with other categories.
• Internet or Similar Network Activity (e.g. browsing history within the Site, search history within the Site, interactions with the Site, Application, or our advertisement).
• Geolocation Data (e.g. physical location or movements).

Sources for the Personal Information We Collect. We collect the Personal Information described above from the following sources:

• directly from you when you leave a comment or use other interactive features on the Site or communicate with us, fill out a form, or submit an inquiry, use our Services, interact with us through the Site, or apply for employment with Cronometer.
• indirectly from you as information we collect automatically from your use of the Site.
• third parties, as described in more detail below.

Use of Personal Information. Depending on your interactions with Cronometer, we may use or disclose the Personal Information we collect about you for one or more of the following business purposes:

• to provide you with our services, which includes, but is not limited to, communicating with you, maintaining accurate records, and personalizing your experience with the Services.
• to improve our Services by analyzing how Site visitors access and use our Services, both on an aggregated and individualized basis.
• for our direct marketing efforts, such as sending you news, newsletters, email marketing material, targeted advertising, and, if you have provided us with prior express written consent to receive marketing messages via telephone, text messages or calls.
• for other purposes as permitted by law, such as complying with a law, regulation, legal process or court order, or fulfilling any other purpose with your consent.

We will not collect additional categories of Personal Information or use the Personal Information we collect for materially different, unrelated, or incompatible purposes without notifying you.

‍Disclosing Personal Information. Cronometer may disclose Personal Information for a business purpose to the following categories of third parties:

• law enforcement, regulatory and other governmental agencies.
• business partners.
• parent entities, affiliates and subsidiaries.
• cookie information recipients, subject to their respective privacy notices.

In the preceding twelve (12) months, Cronometer has disclosed the following categories of Personal Information for a business purpose:

• identifiers.
• California Customer Records Personal Information categories.
• internet or other similar network activity.
• geolocation data.

No Sale of Personal Information. Cronometer has not sold any Personal Information in the preceding twelve (12) months.

‍Your Rights and Choices. The CCPA provides California Consumers with specific rights regarding their Personal Information. The following paragraphs describe CCPA rights and explain how to exercise those rights. Each of these rights is subject to our receipt of a verifiable consumer request (see below).

‍Right to Disclosure. You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months, such as:

• the categories of Personal Information we have collected about you.
• the categories of sources for the Personal Information we have collected about you.
• our business or commercial purpose for collecting or selling that Personal Information.
• the categories of third parties with whom we share that Personal Information.
• if we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing (i) sales, identifying the Personal Information categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.

Cronometer is only required to respond to two disclosure requests within a 12-month period.

‍Right to Access. You have the right to request that we provide you with access to specific pieces of Personal Information we have collected about you over the past 12 months (also called a data portability request). If you submit a right to access request, we will provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that Cronometer is prohibited by law from disclosing copies of certain pieces of Personal Information (e.g., government identification numbers, financial account information, and passwords or security questions and answers) because the disclosure would create a substantial, articulable, and unreasonable risk to the security of the information, our business systems, or your account. Cronometer is only required by law to respond to two access requests within a 12-month period.  

Right to Deletion. You have the right to request that we delete any of your Personal Information that we collected from you and retained, with certain exceptions. Cronometer may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion. If you submit a right to deletion request, we will confirm the Personal Information to be deleted prior to its deletion, and we will notify you when your request is complete.  

Submit a Consumer Privacy Request. To exercise any of the above rights, please submit a verifiable consumer privacy request to Cronometer by email at privacy@cronometer.com.  

Verification. We cannot respond to your request or provide you with Personal Information unless we can verify your identity and your authority to make the request and confirm that the Personal Information relates to you. A verifiable consumer privacy request must:

You do not have to sign up with Cronometer to make a verifiable consumer privacy request. We will only use Personal Information provided in a verifiable consumer privacy request to verify the requestor’s identity or authority to make the request.  

Authorized Agent. You may make a verifiable consumer request on behalf of your minor child. Otherwise, only you, or a person you have designated in writing as your authorized agent or who is registered with the California Secretary of State to act on your behalf, or to whom you have provided power of attorney pursuant to California Probate Code sections 4000 to 4465 (“Authorized Agent”) may make a verifiable consumer request related to your Personal Information. If you wish to have an Authorized Agent make a verifiable consumer request on your behalf, they will need to provide us with sufficient written proof that you have designated them as your Authorized Agent, and we will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we collected Personal Information.  

Cronometer’s Response. We endeavor to respond to a verifiable consumer request within 45 days of receipt. If we require more time, we will notify you in writing of the reason and extension period. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding receipt of the verifiable consumer request. If we cannot comply with part or all of your request, we will explain the reasons in our response. We do not charge a fee to process or respond to your verifiable consumer privacy request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.  

Nondiscrimination. We will not discriminate against you for exercising any of your CCPA rights.

Unless permitted by law, we will not do any of the following as a result of your having exercised your right under the CCPA:

• provide sufficient information that allows us to reasonably verify you are the person about whom we have collected Personal Information or an authorized representative.
• describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

• deny you goods or services.
• charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties.
• provide you a different level or quality of goods or services.
• suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Other California Privacy Rights. California Civil Code sections 1798.83-1798.84 (the Shine the Light Act) entitles California residents to request disclosure regarding Personal Information sharing with affiliates and/or third parties for marketing purposes. If you are a California resident and you would like to request a copy of this notice, please contact us at privacy@cronometer.com with the subject line “Request for California Privacy Information.”
‍
VARIOUS ADDITIONAL STATE PRIVACY RIGHTS: CALIFORNIA COLORADO, CONNECTICUT, MONTANA, OREGON, TEXAS, VIRGINIA, and UTAH

‍Under Colorado, Connecticut, Montana, Oregon, Texas, Virginia, and Utah law, residents of these states have specific rights regarding their Personal Information. These rights include:  

‍Right to Access.  You have the right to access your Personal Information (known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you, subject to exceptions and requirements in the law.  If you submit a right to access request, we will provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that Cronometer is prohibited by law from disclosing copies of certain pieces of Personal Information (e.g., government identification numbers, financial account information, and passwords or security questions and answers) because the disclosure would create a substantial, articulable, and unreasonable risk to the security of the information, our business systems, or your account.  

‍Right to Delete.  You have the right to request that we delete Personal Information that we collected from you and retained, subject to certain exceptions.  

‍Right to Data Portability.  You have the right to request a copy of the Personal Information that we collected about you during the 12 months before your request.  

‍Right to Opt-Out of Sharing or Selling of Your Personal Information.  We do not sell your Personal Information.  You have a right to opt-out of the sharing of your personal data. You may, at any time, direct businesses not to share your personal data with third parties. If you would like to opt-out of sharing, please contact our privacy officer at privacy@cronometer.com. In some circumstances, opting out of sharing may mean we or third parties are not able to provide you with certain services.  

‍Non-Discrimination. We will not treat you differently because you exercised a legal right.  

Under California, Colorado, Connecticut, Montana, Oregon, Texas, and Virginia laws, residents of these states have these further rights regarding their Personal Information:  

‍Right to Correct Personal Information.  You have the right to request that we correct inaccuracies in the Personal Information we maintain about you.  We depend on you to keep the information we have about you up-to-date.  In circumstances where a correction and deletion of the old information is not appropriate, we may annotate the information you have asked us to correct.    

‍Right to Restrict Automated Decision Making.  We do not engage in any automated decision making regarding our users.  In the event we do so in the future, we will add a notice to this policy and provide you with a means to exercise your right to restrict us from making any automated decision that has legal or significant effects for you.  

‍ADDITIONAL PRIVACY NOTICE TO RESIDENTS OF THE EUROPEAN UNION, UNITED KINGDOM AND CANADA
‍
‍Cronometer adopted this section to comply with the European Union’s General Data Protection Regulations (“GDPR”) and other jurisdictions with similar data protection laws such as Canada. This section applies to Site visitors, users, and others who are residents of the European Union, United Kingdom and Canada. We endeavor to uphold GDPR principles for data subjects in the EU as well as those in other jurisdictions with similar rights. Without limiting the foregoing, to the extent that Cronometer’s activities implicate the GDPR or other similar laws now or in the future, this section provides those individuals with information about our relevant privacy practices.

‍Data Controller. The data controller of your Personal Information is Cronometer, if you have engaged us directly. If Cronometer has been engaged to provide services by your school or other primary contact, Cronometer is a data processor for the primary contact.

‍Lawful Basis under GDPR. The lawful bases on which Cronometer processes your Personal Information are: (a) when applicable, with your direct consent; (b) if we have a legitimate interest in doing so, such as fulfilling our obligations as a data processor to your School, administering our business, maintaining the quality of our Site and Software, providing customer service, or identifying new business opportunities; and (c) as authorized or required by law.

‍Additional rights: you have the following rights in relation to the Personal Information we hold about you.

If you want to exercise any of these rights, please make a request to privacy@cronometer.com.

‍TERMS‍

‍Terms of Use. We encourage you to familiarize yourself with the Site Terms of Use (https://cronometer.com/terms/) which governs all matters not set forth in this Privacy Notice.  

Changes to this Privacy Notice. We may occasionally make changes to this Privacy Notice to ensure its accuracy. If we make changes, the revised Privacy Notice will be posted online and the date of the newest version will be listed. Please check back frequently, especially before you provide us with personal information, to determine the current scope of the notice.  

Governing Law. Those who choose to use or access the Site and/or Services from outside Canada do so on their own initiative and are responsible for compliance with local laws, if and to the extent local laws are applicable. Notwithstanding the foregoing, and recognizing the global nature of the Internet, each viewer and user shall comply with all local rules regarding online conduct and submission of acceptable materials. This Privacy Policy is governed and interpreted pursuant to the laws of the Province of British Columbia, Canada and the federal laws of Canada applicable therein, without regard to principles of conflicts of law that would impose the law of another jurisdiction, and you accept and submit to the exclusive jurisdiction of the courts located within the Province of British Columbia, Canada.  

International Transfer. We may transfer information that we collect about you to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Please note that these countries and jurisdictions may not have the same personal information protection laws as your own jurisdiction, and you consent to the transfer of information over international borders and the use and disclosure of information about you, including Personal Information, as described in this Privacy Policy.  

CONTACT INFORMATION  

If you have any further questions about our collection and use of your Personal Information, or if you wish to exercise any of your rights over your Personal Information or if you have any questions about this Privacy Notice, please contact us at privacy@cronometer.com  

Cronometer Software Inc.
Attention:
Privacy Officer  

Address:
Cronometer Software Inc.,  
PO Box 3270  
Revelstoke, B.C.
Canada
V0E 2S0  

Email:
‍ privacy@cronometer.com