MadKudu Privacy Notice

Effective on: 2019-02-18

1. Introduction and Scope

MadKudu Inc. ("MadKudu", "we," "us," "our") takes the protection of personal data ("PII") very seriously. This Privacy Notice (the "Notice") describes our processing of PII that we may receive from of our customers or business partners in our MadKudu platform. This Notice does not apply to PII we collect by other means, such as PII that we receive directly through MadKudu's own publicly accessible websites.

2. Controllership

In the context of this Notice, MadKudu acts as a data processor for the data we process.

3. Categories of PII

We may process the following types of PII:

1. Name;
2. email address;
3. job title;
4. work address;
5. work phone number;
6. information relevant to sales, such as details about past or scheduled meetings;
7. web application usage data;
8. IP address; and
9. any other type of PII our clients may choose to share with us.

4. How we Receive PII

We may receive PII in a variety of ways. For example:

1. When clients upload PII to us, or when receive access to raw customer data from our clients;
2. when our clients enable our programmatic access to PII collected and stored by them;
3. as otherwise provided by our clients via technical means and integrations; and
4. from third party data brokers.

5. Basis of Processing

Within the scope of this Notice, we will only process PII as instructed by our clients (the data controllers). When our engagement with a client ends, we will delete the PII submitted by that client within one month.

6. Purpose of Processing

The purposes for processing PII include:

1. Lead scoring which involves taking a list of customers and assigning a lead "score" to each customer based on the available data;
2. topical enrichment; and
3. providing our clients with other services that they have specifically requested from us.

7. Sharing PII with Third Parties

We share PII with our service providers, that process PII on behalf of MadKudu. Such third parties include:

1. Infrastructure service providers;
2. data brokers; and
3. analytics service providers.

Our service providers may be located outside of the United States; however, we will require that those third parties maintain at least the same level of confidentiality that we maintain for such PII. MadKudu remains liable for the protection of PII that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

Where such international PII transfers are regulated by the EU General Data Protection Regulation, we will transfer PII outside the European Economic Area in compliance with the said Regulation.

8. Other Disclosure of PII

We may disclose PII:

1. To the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
2. if we sell or transfer all or a portion of our company's business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
3. to our subsidiaries or affiliates only if necessary for business and operational purposes as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any PII for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.

If we must disclose PII in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of PII will maintain the privacy or security of said PII.

9. Access & Review

If you are a data subject about whom we store PII, you may have a right to request access to, and the opportunity to update, correct, or delete, such PII. You may also have the right to opt out of having your PII shared with third parties and to revoke your consent to our sharing your PII with third parties. You may also have the right to opt out if your PII is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized. To submit such requests or raise any other questions, the affected data subjects should directly contact our client that submitted the PII to us.

10. Data Integrity & Security

MadKudu has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PII from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.

11. EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

With respect to personal data processed within the scope of this Notice, MadKudu complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the "Privacy Shield"), as adopted and set forth by the U.S. Department of Commerce, regarding the collection, use, retention, and other processing of personal information transferred from the European Union/European Economic Area, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. MadKudu commits to adhere to and has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield, and to view MadKudu's certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/participant?id=a2zt0000000TOH6AAO&status=Active, respectively.

12. Dispute Resolution

Where a privacy complaint or dispute cannot be resolved through MadKudu's internal processes, MadKudu has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to data subjects. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

13. Binding Arbitration

If a dispute or complaint can't be resolved by us, nor through the dispute resolution program established by VeraSafe, data subjects may have the right to require that we enter into binding arbitration with the affected individual pursuant to the Privacy Shield's Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.

14. Regulatory Oversight

MadKudu is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

15. Changes to this Privacy Notice

If we make any material change to this Notice, we will post the revised Notice to this web page and update the "Effective" date above to reflect the date on which the new Notice became effective.

16. Contact Us

If you have any questions about this Notice or our processing of PII, please contact our CTO Paul Cothenet by email at privacy@madkudu.com, by phone at +1 (715) 972-7044, or by postal mail at:

MadKudu Inc. Attn: Paul Cothenet 812 W Dana St. Mountain View, CA 94041 USA

Please allow up to four weeks for us to reply.

17. European Union Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of PII. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/

Alternatively, VeraSafe can be contacted at:

VeraSafe Czech Republic s.r.o. Klimentská 46, Prague 1, 11002, Czech Republic

‍