Cintap privacy policy

This privacy notice for CINTAP Inc. (“Company,” “we,” “us,” or ”our”), describes how and why we might collect, store, use, and/or share (“process”) your information when you use our services (“Services”), such as when you:

  • Visit our website at https://www.cintap.com, or any website of ours that links to this privacy notice
  • Use our EDI converter and validator tool
  • Engage with us in other related ways, including any sales, marketing, or events

 

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and options. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

1. What information do we collect?

Personal information you disclose to us 

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us. 

Personal information provided by you 

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following: 

  • Names
  • Email addresses
  • Phone numbers
  • Mailing addresses
  • Job titles
  • Usernames
  • Passwords
  • Contact preferences
  • Contact or authentication data
  • Billing addresses
  • Debit/credit card numbers

Sensitive information 

We do not process sensitive information. All personal information that you provide to us must be trues, complete, and accurate, and you must notify us of any changes to such personal information. 

Information automatically collected

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, county, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

  • Location data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect the geolocation data that tells us your current location based on your IP address. You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

2. How do we process your information?

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
  • To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you. We may process your information when necessary to request feedback and to contact you about your use of our Services.
  • To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.
  • To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.
  • To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
  • To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences, you can opt out of our marketing emails at any time.
  • To deliver targeted advertising to you. We may process your information to develop and display personalized content and advertising tailored to your interests, location, and more.
  • To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
  • To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
  • To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
  • To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s viral interest, such as to prevent harm.

2.1. Beta Services.

“Beta Services” refer to any CINTAP service or feature labeled or presented as alpha, beta, experimental, pilot, limited release, under development, developer preview, early access, non-production, or evaluation. These offerings are provided prior to their full commercial launch and may carry a “Beta” designation. 

By agreeing to these terms or using CINTAP Beta Services, you acknowledge and accept that they are made available on an “As Is” or “As Available” basis. Beta Services may include defects, errors, or other issues that could impact their performance or functionality. You bear full responsibility and all associated risks when using the Beta Services, including costs for internet access, data backups, equipment usage, and any potential damage to devices, software, information, or data. 

Additionally, CINTAP is not obligated to provide maintenance, technical assistance, or updates for Beta Services. 

3. Data Processing Addendum

This Data Processing Addendum (“DPA”) is incorporated into and forms a part of the agreement between CINTAP Inc. (“CINTAP”) and Customer that governs Customer’s access to and use of the online Services (“Agreement”).  Capitalized terms not defined herein have the meaning given in the Agreement. 

3.1. Definitions.  

In this DPA, the following terms (and derivations thereof) have the meanings set out below: 

“Affiliate” means any person or entity that owns or controls, is owned or controlled by, or is under common control or ownership with, a party to this Agreement, where “control” is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract, or otherwise. 

“Controller” means the individual or entity that determines the purposes and means of the Processing of Personal Data. 

“Customer” means the individual or entity that has entered into the Agreement and agreed to the incorporation of this DPA into the Agreement. 

“Customer Content” means any data, file attachments, text, images, reports, personal information, or other content that is uploaded or submitted to an online Service by Customer or Users and is Processed by CINTAP on behalf of Customer. For the avoidance of doubt, Customer Content does not include usage, statistical, learned, or technical information that does not reveal the actual contents of Customer Content. 

“Customer Personal Data” means Personal Data that is contained within Customer Content. 

“Data Breach” means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Content. 

“Data Protection Laws” means, to the extent applicable to a Party, the data protection or privacy laws of any country regarding the Processing of Customer Personal Data. 

“Data Subject” means an identified or identifiable natural person.  

“Parties” or “Party” means Customer and/or CINTAP as applicable. 

“Personal Data” means any information relating to, identifying, describing, or capable of being associated with a Data Subject or a household.  

“Process” means any operation or set of operations performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, alignment, combination, restriction, erasure, destruction or disclosure by transmission, dissemination or otherwise making available. 

“Processor” means the individual or entity that Processes Personal Data on behalf of a Controller. 

“Professional Services” means implementation, configuration, integration, training, advisory, and other professional services related to the online Services that are provided or controlled by CINTAP. 

“Services” means the Professional Services and the Subscription Service and any other online service or application provided or controlled by CINTAP for use with the Subscription Services.  

“CINTAP Personnel” means any individual authorized by CINTAP to Process Customer Personal Data. 

“Subprocessor” means any individual or entity (including any third party but excluding CINTAP Personnel) appointed by or on behalf of CINTAP to Process Customer Personal Data in connection with the Agreement. 

“Subscription Services” means the subscription-based online services and applications that are provisioned and controlled by CINTAP.  

“Supervisory Authority” means an independent competent public authority established or recognized under Data Protection Laws. 

“User” means any individual authorized or invited by Customer or another User to access and use the online Services available to Customer under an Order and the terms of the Agreement.  

3.2. Roles of Parties. 

Customer and CINTAP agree that, as between the Parties, Customer is a Controller and CINTAP is a Processor of Customer Personal Data and that each Party is solely responsible for its compliance with Data Protection Laws applicable to it and for fulfilling any of its related obligations to third parties, including Data Subjects and Supervisory Authorities. 

Customer as Controller: Customer is solely responsible for the accuracy of Customer Personal Data and the legality of the means by which Customer acquires, discloses, and processes Customer Personal Data. Customer’s instructions to CINTAP to Process Customer Personal Data will comply with Data Protection Laws and be duly authorized, with all necessary rights, permissions, and consents secured.  

CINTAP as Processor: CINTAP will Process Customer Personal Data only: (a) as instructed by Customer in writing or as initiated by authorized Users via an online Service; (b) as necessary to provide the Services and prevent or address technical problems with an online Service or violations of the Agreement or this DPA; or (c) as required by applicable law. Schedule 1 (Details of Processing of Customer Personal Data) sets out a description of CINTAP’s Processing of Customer Personal Data. CINTAP agrees to immediately inform Customer if CINTAP reasonably believes that any instruction to Process Customer Personal Data violates, or would violate, Data Protection Laws. 

CINTAP will ensure that CINTAP Personnel: (a) access Customer Personal Data only to the extent necessary to perform CINTAP’s Processing obligations under this DPA and the Agreement; (b) are bound by confidentiality obligations with respect to Customer Personal Data substantially as protective as those set forth in this DPA and the Agreement; and (c) are subject to appropriate training relating to the Processing of Customer Personal Data.  

CINTAP will not sell or share Customer Personal Data in violation of Data Protection Laws.  

CINTAP will not assess the type or substance of Customer Content to identify whether it is Customer Personal Data and/or subject to any specific legal requirements. 

Following termination of the DPA, CINTAP will return or delete Customer Content in accordance with the Agreement. 

3.3. Security. 

CINTAP will implement and maintain technical, physical, and organizational measures and controls designed to protect and secure Customer Content (including the return and deletion thereof) in accordance with the Agreement. Notwithstanding the foregoing, Customer is solely responsible for independently assessing and ultimately implementing such security configuration settings made available to Customer by CINTAP as it deems necessary to meet its requirements and legal obligations under applicable Data Protection Laws. 

Customer acknowledges that, through its Users, Customer: (a) controls the type and substance of Customer Content; and (b) sets User permissions to access Customer Content; and therefore, Customer is responsible for reviewing and evaluating whether the documented functionality of an online Service meets Customer’s required security obligations relating to Customer Personal Data under Data Protection Laws. 

3.4. Subprocessors. 

CINTAP’s Subprocessors may be updated by CINTAP from time to time in accordance with this DPA. Customer authorizes CINTAP Affiliates to act as Subprocessors and to use any identified Subprocessors subject to the terms and conditions of this Section 3.4. 

CINTAP will carry out appropriate due diligence on each Subprocessor and have a written agreement with each Subprocessor that includes provisions for Processing Customer Personal Data that are at least as protective as those set out in this DPA.  

In accordance with Data Protection Laws, CINTAP is liable for Subprocessors’ acts and omissions, including a Subprocessor’s appointment of another Subprocessor.  

3.5. Data Subject Requests. 

CINTAP will provide Customer access to Customer Personal Data via the online Services to allow Customer to respond to Data Subject requests relating to Customer Personal Data. 

CINTAP will notify Customer in writing without undue delay, and in any event within 10 business days, following receipt and verification of any requests CINTAP receives directly from a Data Subject relating to Customer Personal Data, and CINTAP may only respond directly to a Data Subject request: (a) to confirm that such request relates to Customer; (b) as required by applicable law; or (c) with the written consent of Customer. Except as provided herein, CINTAP, as processor, has no intention to respond to or fulfill any Data Subject requests. 

At Customer’s written request and to the extent Customer is unable to access Customer Personal Data on its own, CINTAP will provide reasonable assistance to Customer in accessing Customer Personal Data for Customer to respond to such Data Subject requests. To the extent legally permitted, Customer will be responsible for any expenses attributable to CINTAP’s assistance efforts outside the normal course of business. 

3.6. Data Breach. 

CINTAP will notify Customer in writing without undue delay, and in any event within 72 hours, upon CINTAP becoming aware of a Data Breach. 

CINTAP will investigate and, as necessary, mitigate or remediate a Data Breach in accordance with CINTAP’s security incident policies and procedures (“Breach Management”). 

Subject to CINTAP’s legal obligations, CINTAP will provide Customer with information available to CINTAP as a result of its Breach Management, including the nature of the incident, specific information disclosed (if known), and any relevant mitigation efforts or remediation measures (“Breach Information”), for Customer to comply with its obligations under Data Protection Laws as a result of a Data Breach.   

If Customer requires specific information relating to a Data Breach in addition to the Breach Information, at Customer’s written request and to the extent Customer is unable to access the additional information on its own, CINTAP will reasonably cooperate with Customer as requested by Customer to attempt to collect and provide such additional information. 

 3.7. Audit Rights. 

CINTAP will use external auditors to annually audit and verify the adequacy of its security measures and controls (“Audit”). The Audit will: (a) be performed by independent third party security professionals at CINTAP’s selection and expense; (b) include testing of the security measures and controls of the online Services, performed according to AICPA SOC2 standards or such other alternative standards substantially equal to AICPA SOC2, that results in the generation of, at a minimum, a SOC2 report or the substantive equivalent; and (c) include penetration testing of the online Services and result in the generation of a penetration test report.  The reports generated by the Audit (“Reports”) will be made available to Customer upon written request no more than annually subject to the confidentiality obligations of the Agreement or a mutually-agreed non-disclosure agreement. For clarity, each Report will only discuss the online Services in general commercial availability at the time the Report was issued; subsequently released Services, if covered by a Report, will be in the next annual iteration of such Report. 

Upon Customer’s written request, CINTAP will provide reasonable assistance to Customer in relation to data protection impact assessments and consultations with Supervisory Authorities, taking into account the nature of CINTAP’s Processing activities and the information available to CINTAP. If Customer requires information for its compliance with Data Protection Laws in addition to the foregoing and the Reports, at Customer’s sole expense and written request and to the extent Customer is unable to access the additional information on its own, CINTAP will allow for and cooperate with a Customer mandated audit by a third party auditor in relation to the CINTAP’s Processing of Customer Personal Data (“Customer Audit”), provided that: 

Customer provides CINTAP reasonable advance notice including the identity of the auditor and the anticipated date and scope of the Customer Audit; 

CINTAP approves the auditor by notice to Customer, with such approval not to be unreasonably withheld; 

Customer and the auditor act to avoid causing any damage, injury, or disruption to CINTAP’s premises, equipment, or business in the course of such Customer Audit; and  

Customer initiates only one Customer Audit in any calendar year unless otherwise required by a Supervisory Authority. 

3.8. International Provisions. 

The Parties acknowledge and agree that the Processing of Customer Personal Data by CINTAP may involve an international transfer of Customer Personal Data from Customer to CINTAP (“International Transfer”). Customer acknowledges that, as of the Effective Date, CINTAP’s primary processing activities are in the United States. 

To the extent that CINTAP Processes Customer Personal Data originating from and protected by applicable Data Protection Laws, then the terms specified therein with respect to the applicable jurisdiction(s) will apply in addition to the terms of this DPA. 

To the extent that Customer’s use of the Services requires a valid transfer mechanism to lawfully transfer Customer Personal Data from a jurisdiction (i.e., the European Economic Area (“EEA”), the UK, Switzerland or any other jurisdiction) to CINTAP located outside of that jurisdiction (a “Transfer Mechanism”), the jurisdiction’s laws will apply. 

3.9. General. 

Amendment; Waiver. Unless otherwise expressly stated herein, this DPA may be modified only by a written agreement executed by an authorized representative of each Party.  The waiver of any breach of this DPA will be effective only if in writing, and no such waiver will operate or be construed as a waiver of any subsequent breach.  

Severance. If any provision of this DPA is held to be unenforceable, then that provision is to be construed either by modifying it to the minimum extent necessary to make it enforceable (if permitted by law) or disregarding it (if not permitted by law), and the rest of this DPA is to remain in effect as written. Notwithstanding the foregoing, if modifying or disregarding the unenforceable provision would result in failure of an essential purpose of this DPA, the entire DPA will be considered null and void. 

Order of Precedence. Regarding the subject matter of this DPA, in the event of any conflict between this DPA and any other written agreement between the Parties (including the Agreement), this DPA will govern and control. Any data processing agreements that may already exist between Parties are superseded and replaced by this DPA in their entirety. To the extent there is any conflict between the Standard Contractual Clauses and any other terms in this DPA, including Schedule 4 (Jurisdiction Specific Terms), the provisions of the applicable Standard Contractual Clauses will prevail. 

Notices. Unless otherwise expressly stated herein, the parties will provide notices under this DPA in accordance with the Agreement, provided that all such notices may be sent via email. 

Governing Law and Jurisdiction. Unless prohibited by Data Protection Laws, this DPA is governed by the laws stipulated in the Agreement and the Parties to this DPA hereby submit to the choice of jurisdiction and venue stipulated in the Agreement, if any, with respect to any dispute arising under this DPA. 

Enforcement.  Regardless of whether Customer or its affiliate(s) or a third-party is a Controller of Customer Personal Data, unless otherwise required by law: (a) only Customer will have any right to enforce any of the terms of this DPA against CINTAP; and (b) CINTAP’s obligations under this DPA, including any applicable notifications, will be to only Customer.  

Liability. As between the Parties to this DPA, each Party’s liability and remedies under this DPA are subject to the aggregate liability limitations and damages exclusions set forth in the Agreement. 

Variations in Data Protection Laws. If any variation is required to this DPA as a result of a change in or subsequently applicable Data Protection Law, then either Party may provide written notice to the other Party of that change in law. The Parties will then discuss and negotiate in good faith any variations to this DPA necessary to address such changes, with a view to agreeing and implementing those or alternative variations as soon as practicable, provided that such variations are reasonable with regard to the functionality and performance of the Services and CINTAP’s business operations. 

Reservation of Rights. Notwithstanding anything to the contrary in this DPA: (a) CINTAP reserves the right to withhold information the disclosure of which would pose a security risk to CINTAP or its customers or is prohibited by applicable law or contractual obligation; and (b) CINTAP’s notifications, responses, or provision of information or cooperation under this DPA are not an acknowledgement by CINTAP of any fault or liability. 

Regulatory Requests. In the event CINTAP is required by law or legal process to disclose Customer Personal Data, CINTAP, to the extent legally permitted, agrees to give Customer prior notice of such disclosure to afford Customer a reasonable opportunity to appear, object, and obtain a protective order or other appropriate relief regarding such disclosure. 

4. What legal bases do we rely on to process your information?

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

  • Consent. We may process your information if you have given us permission (I.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
  • Performance of a contract. We may process your information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legitimate interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
  • Send users information about special offers and discounts on our products and services
  • Develop and display personalized and relevant advertising content for our users
  • Analyze how our Services are used so we can improve them to engage and retain users
  • Support our marketing activities
  • Diagnose problems and/or prevent fraudulent activities
  • Understand how our users use our products and services so we can improve user experience
  • Legal obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information in litigation in which we are involved.
  • Vital interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

If you are located in Canada, this section applies to you.

If you are located in the EU or UK, this section applies to you.
We may process your information if you have given us specific permission (I.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (I.e., implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
  • For investigations and fraud detection and prevention
  • For business transactions provided certain conditions are met
  • If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
  • For identifying injured, ill, or deceased persons and communicating with next of kin
  • If we have reasonable grounds to believe and individual has been, is, or may be victim of financial abuse
  • If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
  • If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced.
  • If the collection is solely for journalistic, artistic, or literary purposes
  • If the information is publicly available and is specified by the regulations

5. When and with whom do we share your personal information?

We may need to share your personal information in the following situations:

  • Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • When we use Google Maps Platform APIs. We may share our information with certain Google Maps Platform APIs (e.g., Google Maps API, Places API)

6. Do we use cookies and other tracking technologies?

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies can be found upon request at [email protected] 

7. HOW LONG DO WE KEEP YOUR INFORMATION? 

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice unless a longer retention period is required or permitted by law. No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us. 

8. HOW DO WE KEEP YOUR INFORMATION SAFE? 

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Service is at your own risk. You should only access the Services within a secure environment. 

9. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent of guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. For further concerns, contact us at [email protected]

10. wHAT ARE YOUR PRIVACY RIGHTS? 

In some regions (like the EEA, UK, and Canada), you have certain rights under applicable data protection laws. These may include the right

  1. to request access and obtain a copy of your personal information,
  2. to request rectification or erasure
  3. to restrict the processing of your personal information. You can make sure a request by contacting us using the contact details provided in the “HOW CAN YOU CONTACT US ABO UT THIS NOTICE?” section below.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent:
If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us using the details in the “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” section below.
However, please note that this will not affect the lawfulness of the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details in the “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” section below. You will then be removed from the marketing lists. However, we may still communicate with you- for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account Information:
If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Log in to your account settings and update your user account

 

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements.
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. You may also opt out of interest-based advertising by advertisers on our Services.
If you have questions or comments about your privacy rights, you may email us at [email protected].

11. Controls for do-not-track features

Most web browsers and some mobile operating systems and mobile applications include a Do-NotTrack (DNT) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice. 

12. Do California residents have specific privacy rights?

California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at [email protected].
If you are under 18 years of age, reside in California, and have a registered account with Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

CCPA PRIVACY NOTICE
The California Code of Regulations defines a “resident” as:

  1. Every individual who is in the State of California for other than a temporary or transitory purpose and
  2. Every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as “non-residents.”
If this definition of “resident” applies to you, we must adhere to certain rights and obligations regarding your personal information.

What categories of personal information do we collect?
We have collected the following categories of personal information in the past 12 months:

We will use and retain the collected personal information as needed to provide the Services or for as long as the user has an account with us. We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

  • Receiving help through our customer support channels
  • Participation in customer surveys or contests
  • Facilitation in the delivery of our Services and to respond to your inquiries

How do we use and share your personal information?
More information about our data collection and sharing practices can be found in this privacy notice.
You may contact us by email at [email protected], or by referring to the contact details at the bottom of this document.
If you are using an authorized agent to exercise your right to opt out we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf, following the same strict privacy protection obligations mandated by the CCPA.
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of your personal information.

CINTAP Inc. has not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding 12 months. CINTAP Inc. Will not share or sell personal information in the future belonging to website visitors, users, and other consumers.
Your rights with respect to your personal data
Right to request deletion of the data- Request to delete
You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law.

Right to be informed- Request to know
Depending on the circumstances, you have a right to know:

  • Whether we collect and use your personal information
  • The categories of personal information that we collect
  • The purposes of which the collected personal information is used
  • Whether we sell or share personal information to third parties
  • The categories of personal information that we sold, shared, or disclosed for a business purpose
  • The categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose
  • The business or commercial purpose for collecting, selling, or sharing personal information
  • The specific pieces of personal information we collected about you

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.
Right to Non-Discrimination for the Exercise of Consumer’s Privacy Rights
We will not discriminate against you if you exercise your privacy rights.
Right to Limit Use and Disclosure of Sensitive Personal Information
We do not process consumer’s sensitive personal information.
Verification process
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you thought a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided i as soon as we finish verifying you.

Other privacy rights

  • You may object to the processing of your personal information
  • You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information
  • You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA
  • You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than 15 days from the date of the request submission.

To exercise these rights, you can contact us by email at [email protected], or by referring to the contact details at the bottom of this privacy notice.

13. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? 

Virginia CDPA Privacy Notice
Under the Virginia Consumer Data Protection Act (CDPA):
“Consumer” means a natural persona who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.
“Personal data” means any information that is linked or reasonably linkable to an identifitied or identifiable natural person. “Personal data” does not include de-identified data or publicly available information.
“Sale of personal data” means the exchange of personal data for monetary considerations.
If this definition “consumer” applies to you, we must adhere to certain rights and obligations regarding your personal data. The information we collect, use, and disclose about you will vary depending on how you interact with CINTAP Inc. And our Services.

Your rights with respect to your personal data

  • Right to be informed whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”)

 

CINTAP Inc. has not sold any personal data to third parties for business or commercial purposes. CINTAP Inc. will not sell personal data in the future belonging to website visitors, users, and other consumers.
Exercise your rights provided under the Virginia CDPA

More information about our data collection and sharing practices can be found in this privacy notice. You may contact us by email at [email protected], by submitting a data subject access request, or by referring to the contact details at the bottom of this document.

Verification process
We may request that you provide additional information reasonably necessary to verify you and your consumer’s request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal
If we decline to take action regarding your request, we will inform you of our decision and the reasoning behind it. If you wish to appeal against our decision, please email us at [email protected]. Within 60 days of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision. If your appeal is denied, you may contact the Attorney General to submit a complaint.

14. DO WE MAKE UPDATES TO THIS NOTICE? 

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” data and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at [email protected] or by post to:

  • CINTAP Inc.
  • 101 E. Park Blvd, Suite 400, Plano, TX 75074
  • United States

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU? 

Based on the applicable laws of your county, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.
Updated: April 12, 2023.

Play Video