Terms of Service, Privacy Policy and Compliance

Privacy Policy

1. Purpose

PFL Tech, Inc. (collectively, “PFL”, “we” or “us”) respects the privacy of its customers and business partners. The PFL Notice of Privacy Practices (the “Privacy Statement”) describes the information that we collect, how we obtain and store the information, and the ways we may use or share that information. This Privacy Statement also describes the measures we take to protect the security of the information and how we can be contacted about the information we collect from or about you.

2. Scope

This Privacy Statement only covers our privacy practices with respect to the collection, use, storage, and sharing of information obtained: (i) through the PFL websites (collectively, our “Website”), Customer Service, or marketing and sales initiatives; (ii) through the use of our hosted software applications (the “Subscription Services”) and related support services (“Support Services”) that we provide to Customers. In this Privacy Statement, the Subscription Services and the Support Services are collectively referred to as the “Services.”

3. Definitions

• 3.1. Customer
• An entity that purchases the Services.
• 3.2. Customer Data
• The electronic data captured, provided, or uploaded into the Subscription Services by or for a Customer or its legally designed Users.
• 3.3. Visitor
• A guest to the Website or user of Customer Services.
• 3.4. User
• An individual legally authorized by a Customer to access and use the Subscription Services.
• 3.5. User Data
• Refers to content or materials you post submit, contribute, publish, display, or make available to us, transmit to others on or through our Services or public forum.

4. Services

• 4.1. How We Obtain Information
• 4.1.1. Information You Provide to Us
• When filling out forms on our Website we collect personal information, including, but not limited to, name, mailing address, email address and telephone number.
• When you post User Data to our social media, participate in bulletin boards, blogs, comment threads, forums or other interactive features, register, or request further information or services from us.
• When you enter a contest or promotion we sponsor.
• When you report a problem with our Website.
• When you contact us.
• When you complete our surveys.
• Other information you may submit to us related to your use of our Services from any source, for example, through email or messaging services.
• 4.1.2. Information we collect through our Subscription and Support Services
• General information, including a Customer’s company name and address, and the Customer’s representative’s contact information (“General Information”) for billing and contracting purposes.
• Information and correspondence our Customers and Users submit to us in connection with Services or other requests related to our Service.
• Information we receive from our business partners or third-party affiliates in connection with our Customers and Users use of the Services or in connection with services provided by our business partners on their behalf, including configuration of the Subscription Services.
• Aggregated data captured from our Customers and Users during use of the Subscription Services or server logs in support of the Subscription Services.
• Information contained in session cookies used during authentication of subscription access. No personally identifiable information is stored.
• 4.2. How We Use Information Collected
  • 4.2.1. To provide you with information, products or services that you request from us or we determine, at our sole discretion, will be of interest to you.
  • 4.2.2. To carry out our obligations and enforce our rights arising from any contracts entered between you and us.
  • 4.2.3. For industry analysis, benchmarking, performance and usability analytics, marketing, and other legal business purposes.
  • 4.2.4. The Human Resources Department is responsible for managing all hardcopy Human Resources Records, Employee and Benefits Records.
• 4.3. How We Share Information Collected
  • We may disclose personal information that you provide to us, to the following third parties:
  • 4.3.1. Vendors, business partners and service providers we use to support our Services or business efforts or third parties which provide services on our behalf.
  • 4.3.2. In the event of merger, acquisition, or any form of sale or transfer of some or all our assets (including in the event of a reorganization, dissolution or liquidation), in which case personal information held by us about our Visitors will be among the assets transferred to the buyer or acquirer. Customers will be notified prior to any such event.
• 4.4. Third Party Disclosure of Personal Information
  • 4.4.1. Comply with any court order issued by a court of proper jurisdiction.
  • 4.4.2. Protect the rights, property, or safety of PFL.
  • 4.4.3. We will not sell, rent trade or share Customer Data with third parties for their promotional purposes.

5. Third Party Websites and Applications

PFL may link to websites that are not owned or controlled by PFL. As such, this Privacy Statement does not apply to information collected when visiting any third-party site or by any third-party application that may link to or be accessible from the PFL website or Services. You should be aware that any information you provide to these sites may be read, collected, and used by others who access them. We cannot control the actions of other users of the sites with whom you may choose to share your User Data. Your interactions with these sites are governed by the privacy policy of the organization providing the site or service. This Privacy Statement also does not cover the use or disclosure of any information stored in the Subscription Service when hosted by the Customer.

6. California Privacy Rights

California Consumer Privacy Act (“CCPA”) – If you are a California resident and the processing of personal information about you is subject to the CCPA, you have certain rights with respect to that information:

• 6.1. Access/Right to Know
• You have a right to request that we provide you with the following information:
• The categories and specific pieces of personal information we have collected about you in the last 12 months.
• The categories of sources from which we collect personal information.
• The purposes for collecting, using, or selling personal information.
• The categories of third parties with which we share personal information.
• The categories of personal information we have disclosed about you for a business purpose.
• The categories of personal information we have sold about you for each category of third party to which the personal information was sold. Note that the CCPA defines “sell” very broadly, and some of our data sharing described in this Policy may be considered a “sale” under that definition. We do not intentionally sell personal information or knowingly sell personal information of minors under 16 years of age without affirmative authorization.
• 6.2. Right to Delete
  • You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions.
• 6.3. How to exercise your CCPA
  • Please refer to the Data Request Form link below.

7. European Data Protection Rights

If processing of your personal information is subject to European Union data protection law, you have certain rights with respect to that data:

• You can request access to, and rectification or erasure of, personal data;
• If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format;
• If the processing of personal data is based on your consent, you can withdraw consent at any time for future processing;
• You can to object to, or obtain a restriction of, the processing of personal data under certain circumstances; and
• For residents of France, you can send us specific instructions regarding the use of your data after your death.

To make such requests, please refer to the Data Request Form below.

When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party.

8. Communication Preferences and Choices

If processing of your personal information is subject to European Union data protection law, you have certain rights with respect to that data:

We provide certain choices regarding the information Visitors provide to us. We have created some mechanisms to provide you with control over your information when using our Website. First, if you do not wish to have your e-mail address used for promotional purposes by PFL, you may withdraw consent at a later time by contacting PFLTrust@PFL.com.

Second, you may contact PFLTrust@PFL.com to request changes to any personal information that you have provided to us in connection with the Website or Services. We will use reasonable efforts within the scope of our business and technology practices to respond to such requests for correction or updates to personal information.

9. Customer Data

We may use Customer Data to provide the Services, including updating and maintaining the Subscription Services and providing Support Services. Notwithstanding anything else to the contrary in this Privacy Statement, we will not use, disclose, review, share, distribute, transfer or reference any Customer Data except as permitted in the Customer Agreement or as required by law.

10. Retention of Personal Information

We retain personal information for as long as necessary to provide PFL Services, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.

11. Location of Personal Information

The personal information we collect is stored and processed in the United States, except as otherwise permitted in the Customer Agreement for PFL to process information in a country or region outside of the United States. We take steps designed to ensure that the data we collect under this Policy is processed according to the provisions of this Policy and applicable law wherever the data is located.

In the event we transfer personal data from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

12. Security of Personal Information

Safeguarding personal information is important to us and PFL uses industry standard procedures and processes to protect the personal information obtained through the Website and in connection with the Services. While no systems, applications, or websites are 100% secure, we take reasonable and appropriate steps to help protect personal information from unauthorized access, use, disclosure, alteration, and destruction.

13. Changes to Our Privacy Statement

PFL reserves the right to update or change this Privacy Statement when necessary to reflect changes in our Services, how we use personal information, or changes to the applicable laws. Any updates or changes to this Privacy Statement will be posted to the home page and it is the sole responsibility of the Customer, Visitor, or User to review this Privacy Statement frequently. If we make material changes to this policy, we will attempt to notify you of such change on our home page prior to the change becoming effective. Your continued use of the Website or Services is deemed to be acceptance of all updates or changes we make to this Privacy Statement and as such, we ask that you review the Privacy Statement periodically for any updates or changes that we may have made.

14. Contact Information

To inquire or comment about this Privacy Statement and our privacy practices or if you need to update, change or remove your information, contact us at:

PFL Tech, Inc
Attn: Privacy Officer
100 PFL Way
Livingston, MT 59047

www.pfl.com
1-800-930-5088

Updates as of July 2021

PFLTrust Compliance Information

GDPR Statement of Compliance

Introduction

The General Data Protection Regulation (“GDPR”), which will become enforceable on May 25th, 2018, aims to strengthen the security and protection of personal data in the European Union (“EU”). This rule clarifies how the EU personal data laws apply even beyond the borders of the EU and will replace the European Privacy Directive and national legislations accordingly. Any organization that works with EU residents’ personal data in any manner has obligations to protect the data. PFL Tech, Inc. (“PFL”) is well aware of its role in providing the right tools and processes to support its users and customers in order to meet their GDPR mandates.

PFL’s Commitment

At PFL, we have demonstrated our commitment to data privacy and protection by meeting the industry standards for PCI, HIPAA, SOC 1 and SOC 2. We recognize that the GDPR will help us move towards the highest standards of operations in protecting customer data and PFL attests that we will comply with applicable GDPR regulations as a data processor by the May 25th, 2018 enforcement date.

PFL GDPR Roles and Employees

PFL has designated Casey Bartz, Chief Technology Officer, as our Data Protection Officer (DPO) and has a dedicated internal team of cross-functional stakeholders to develop and implement our roadmap for GDPR compliance. The team is responsible for promoting awareness of the GDPR across the organization, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures. PFL understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR. We have incorporated GDPR specific content to PFL’s onboarding and annual employee training programs.

PFL GDPR Readiness

Our readiness initiatives include:

• Designating data privacy roles;
• Building on existing security policies, processes and controls;
• Providing visibility and transparency;
• Enhancing data integrity and security;
• Portability and transferability of data;
• Identifying personal data;
• Encrypting, anonymizing or deleting user data; and
• Creating provisions for data subject’s rights.

PFL Users and Customers

Compliance with the GDPR requires a partnership between PFL and our users and customers in their use of applicable PFL services. In this context, PFL will act as a data processor and our users and customers will act as data controllers. Working together, we hope to explore opportunities within our relevant service offerings to support our users and customers in meeting their GDPR obligations. PFL encourages partners and customers to independently familiarize themselves with the GDPR. Please direct questions or comments regarding PFL’s data privacy program to PFLTrust@PFL.com.

PFL Data Processing Addendum

GDPR or CCPA Data Request Form

Request a copy of the data that we have stored about you or request that your data be removed from our system.