SilkRoad Technology Privacy Policy

SilkRoad Technology, Inc. (“SilkRoad”) is committed to protecting your privacy. This privacy policy applies to www.SilkRoad.com and the SilkRoad software-as-a-service (SAAS) applications and related services which are hosted and operated by SilkRoad and provided to its customers. This privacy policy describes how SilkRoad collects and uses the personal information you provide on our web site at www.SilkRoad.com and our SAAS applications and related services. It also describes the choices available to you regarding our use of your personal information and how you can exercise your privacy rights regarding this information.

Personal Information Collection, Use, and Sharing

When you register with www.SilkRoad.com website or use the services made available to the public on the www.SilkRoad.com website, personal information is needed such as your name, company name, and email address. SilkRoad uses and shares personal information for purposes such as processing and fulfilling your request, billing, service improvement, research, marketing, communicating with you and other general purposes. Regarding use of SilkRoad SAAS solutions purchased by our customers, see the section below entitled Data Collected Through SilkRoad Purchased Solutions.

SilkRoad will not sell, rent, exchange, or share personal information with any third parties without permission or except as described in this privacy policy. SilkRoad will share personal information with government authorities and others in order to respond to investigations, court orders, legal process, or to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person, violations of SilkRoad’s terms of service, or as otherwise required by law. If SilkRoad is involved in a merger, acquisition, or sale of all or substantially all of its assets, you will be notified via email and/or a prominent notice on our web site of any such change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

SilkRoad may also anonymize and aggregate data collected and use and disclose it for general purposes.

Data Security

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and when we store and process it in our data center. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and do not take responsibility for any third-party actions when we have endeavored to follow generally accepted standards. In addition, we do not take responsibility for your systems, the Internet itself or any third-party networks or services used to transmit data which are outside the firewall of the data center we use to process and store your personal data. If you have any questions about the security on our web site or our services, please contact us.

Email Marketing Choices

You may choose to stop receiving our marketing emails by following the unsubscribe instructions included in these emails or you can contact us. If you purchase a service, you can still opt out of marketing related emails however you cannot opt out of service related announcements.

If your personal information changes, you may correct, update, amend, delete/remove or deactivate it by contacting us by email or postal mail at the contact information listed below. We will respond to your request within 30 days. Note that different rules apply to personal information processed or stored in our purchased solutions. (See section below entitled Data Collected Through SilkRoad Purchased Solutions).

Data Storage

We will retain your personal information for as long as your account is active or as needed to provide you services and for archival and marketing purposes. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Note that different rules apply to personal information stored in our purchased solutions. (See section below entitled Data Collected Through SilkRoad Purchased Solutions).

Cookies

SilkRoad uses a technology called “cookies” to store session information. A cookie is a small amount of data, which often includes an anonymous unique identifier, which is sent to your browser from a web site’s computers and stored on your computer’s hard drive. We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. We use Session Cookies to track your Login status. This cookie is only ever transmitted over HTTPS. A persistent cookie remains on your hard drive for an extended period of time. We use Persistent Cookies to determine from where you were referred to our site, as well as the last user ID that you used to login to our site. SilkRoad may set and access SilkRoad cookies on your computer. Cookies are required to use certain services provided on the SilkRoad website. You can remove persistent cookies by following directions provided in your Internet browser’s “help” directory. If you reject cookies, you may still use our site, but your ability to use some areas of our site will be limited.

The use of cookies by our partners and affiliates is not covered by our privacy policy. We do not have access or control over these cookies. Our partners and affiliates use session ID and persistent cookies to better gauge our customers’ interest in our products and their products.

As is true of most web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole. We also gather, parse, and retain data related to the provision of our web site and related services for internal and service-related purposes.

We do link automatically collected data to personally identifiable information. IP addresses are tied to personally identifiable information to better gauge our customers’ needs and provide specific information to best serve them.

Third Party Advertising

We may partner with a third-party ad network to manage our advertising on other sites. Our ad network partner would use cookies and web beacons to collect non-personally identifiable information about your activities on this and other web sites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by contacting us. We may use Google AdSense to publish ads on this site. When you view or click on an ad, a cookie will be set to help better provide advertisements that may be of interest to you on this and other web sites. You may opt-out of the use of this cookie by visiting Google’s Advertising and Privacy page: www.google.com/privacy_ads.html.

Blogs and Community Forums

Our web site may offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, please contact us.

Social Media Features

Our web site may include social media features, such as the Facebook ‘Like’ button, and widgets, such as the ‘Share This’ button or interactive mini programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our web site. Your interactions with these features are governed by the privacy policy of the company providing it.

Other Web Sites

Our web site includes links to other web sites whose privacy practices may differ from those of SilkRoad. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any web site you visit.

Updates to the Privacy Policy

SilkRoad may update this Privacy Policy and we may notify registered users of significant changes in the way we treat any personal information by sending a notice to the primary email address specified in your SilkRoad account or by placing a notice on our web site or within our solutions. However, we nevertheless reserve the right to amend our privacy practices and policy from time to time without prior notice. We encourage you to periodically review this page for the latest information on our privacy practices.

Data Collected Through SilkRoad Purchased Solutions

SilkRoad is in the business of providing SAAS solutions and associated services and in connection with providing such offerings to its customers. SilkRoad collects information (including personal information) under the direction of its customers about their business activities, employees, contractors, affiliates, and applicants (“Customer Data”). SilkRoad has no direct relationship with the individuals whose personal data it processes and stores for SilkRoad customers, and SilkRoad will process, store and retain Customer Data as per our agreement with our applicable customer (including transferring the Customer Data to the applicable customer). Therefore, if you are an employee/contractor/applicant of one of our customers and would no longer like to be involved with one of our customers that use our solutions or otherwise have issues related to your data that is included in Customer Data (such as to correct, amend, or delete such data), please contact the customer that you interact with directly. For the purposes of the EU-US Privacy Shield, the Swiss Privacy Shield and other global privacy laws, SilkRoad acts as a processor/instruction taker which accesses and processes Customer Data on behalf of its customers, which are the controllers/owners of such data.

Service Providers and Sub-Processors

SilkRoad may transfer personal information to companies that help us provide our services. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our customers.

Data Retention

SilkRoad will retain personal information from our web site and that we process on behalf of our customers for as long as needed to provide services to our customers. SilkRoad will also retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Children’s Privacy

SilkRoad does not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of our web site is directed to children under the age of 13. If you learn that your child has provided us with personal information without your consent, you may alert us at Privacy@SilkRoad.com. We will take steps to delete it if we learn we have collected it.

Locations where personal information is processed

Your personal data may be stored and processed in the United States and in any other country where SilkRoad or its affiliates, subsidiaries, or third-party service providers maintain facilities or personnel. When you provide personal data to SilkRoad, we may process and transfer your data within the United States and around the world. We follow applicable data protection laws when transferring personal data.

SilkRoad may transfer, store, or process your personal data in a country outside your jurisdiction, including ones that are not subject to an adequacy decision by the European Commission. However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Statement. These safeguards include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, thus requiring all group companies to protect personal data they process from the EEA in accordance with European Union data protection law.

To the extent permitted by law, by choosing to visit our web site or otherwise provide information to us, you are agreeing to the processing and transfer of your personal information in accordance with this Privacy Policy.

EU-U.S. and Switzerland-U.S. Privacy Shield

SilkRoad complies with the EU-U.S. Privacy Shield Framework and the Swiss Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of customer personal data from European Union member countries (“EU Personal Data”) and Switzerland (“Swiss Personal Data”) (collectively, “European Personal Data”). SilkRoad certifies that, with respect to European Personal Data, SilkRoad adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. With respect to onward transfers, where SilkRoad transfers the European Personal Data to third parties acting as agents/subprocessors, SilkRoad implements appropriate contractual protections for such data, and generally remains responsible for such data under Privacy Shield except in limited circumstances that are beyond SilkRoad’s control. SilkRoad has agreed to cooperate with the European Union data protection authority panel (the “EU DPA”) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship. SilkRoad has agreed to cooperate with the Swiss federal data protection authority panel (the “Swiss DPA”). and comply with the advice given by such authorities with regard to human resources data transferred from the Switzerland in the context of the employment relationship The EU DPA serves as an independent dispute resolution body to address complaints and provide appropriate recourse free of charge to the EU individuals. The Swiss DPA serves as an independent dispute resolution body to address complaints and provide appropriate recourse free of charge to the Swiss individuals. SilkRoad is subject to the investigatory and enforcement powers of the Federal Trade Commission, and under certain conditions, individuals may have the ability under Privacy Shield to invoke binding arbitration in disputes. SilkRoad may be required to disclose information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To learn more about the Privacy Shield program, and to view SilkRoad’s certification, please visit www.privacyshield.gov/list.

Exercising your rights relating to your personal information

To exercise your rights with regard to personal information collected and stored by SilkRoad in connection with your use of the services made available to the public by SilkRoad on the www.SilkRoad.com website, SilkRoad is the “controller” with regard to the processing of your personal information and you should contact us directly in connection with the exercise of your rights under applicable privacy laws. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you to honor your request. Occasionally it may take us longer than a month, considering the complexity and number of requests we receive.

To exercise your rights regarding personal information collected and stored by SilkRoad in connection with the use of SilkRoad SAAS solutions purchased by one of our customers, please inquire with the applicable customer directly. Since SilkRoad serves as a “processor” and such customer is the “controller” SilkRoad may only make changes to a customer’s data upon instruction from that customer unless otherwise required by applicable law. If you make your request directly to us, please provide to us the name of the SilkRoad customer who is the controller for your personal data, and we will refer your request to that customer.

Description of your rights relating to your personal information

You have certain rights relating to your personal information under the local data protection laws that apply to you. Depending on the applicable laws and, in particular, if you are located in the European Economic Area, California or Nevada or otherwise covered under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA) or the Nevada Security and Privacy of Personal Information statute these rights may include the following, subject to the requirements and limitations of those laws:

• To access your personal information held by us (right to access).
• To rectify inaccurate personal information and, considering the purpose of processing the personal information, ensure it is complete (right to rectification).
• To erase/delete your personal information, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten).
• To restrict our processing of your personal information, to the extent permitted by law (right to restriction of processing).
• To transfer your personal information to another controller, to the extent possible (right to data portability).
• To object to any processing of your personal information carried out based on legitimate interests (right to object). Where we process your personal information for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
• To the extent we base the collection, processing and sharing of your personal information on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
• Receive a copy of your personal data in an electronic and machine-readable format
• Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision-Making”). SilkRoad does not perform Automated Decision-Making as part of the processing activities covered by this Privacy Statement.
• Receive the categories of sources from whom we collected your personal data
• Opt out of marketing communications at any time by clicking on the “Unsubscribe” or “opt out” link in marketing emails we send you or by contacting us
• Complain to a regulator or data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.

SilkRoad will not discriminate against you for exercising your rights.

If your personal data has been submitted to us by or on behalf of a SilkRoad customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly.

If you are a resident of California, under the age of 18 and have registered for an account with us, you may ask us to remove content or information that you have posted to our websites. Please note that your request does not ensure complete or comprehensive removal of the content or information, because, for example, some of your content may have been reposted by another visitor to our websites.

Legal basis for processing personal information

Our legal grounds for collecting and using your personal information as described in this Privacy Statement fall into the following four categories.

Consent: In some cases, we ask you for your consent to process your personal information, such as when we need your consent for marketing purposes. You can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. If you would like to withdraw your consent, you can do so by emailing Privacy@SilkRoad.com.

Legitimate Interest: We process certain data for the legitimate interests of SilkRoad, our affiliates, our partners, or our customers. These legitimate interests include, for example, contacting you to provide support or sending you marketing information (subject to applicable law); detecting, preventing, and investigating illegal activities and potential security issues; and maintaining and improving the Website and mobile applications. We will rely on our legitimate interests for processing personal information only after balancing our interests and rights against the impact of the processing on individuals.

Performance of a Contract: Sometimes we process personal information to perform our obligations under an agreement with you or your employer or prospective employer.

Other Legal Bases: In some cases, we may have a legal obligation to process your personal information, such as in response to a court or regulator order. We also may need to process your personal information to protect vital interests, or to exercise, establish, or defend legal claims.

Contact Us

For questions related to this Privacy Policy, contact Privacy@SilkRoad.com or at:

SilkRoad Technology, Inc.
C/O: Security Department
100 South Wacker Drive, Suite 425,
Chicago, IL 60606
USA

Effective date: October 2020