Privacy Policy

Privacy Policy

Dated:  November 22, 2021

Archipelago Analytics, Inc. (“Archipelago,” “Company,” “we,” “us”) offers a Software as a Service (SaaS) platform which, among other things, digitizes risk information for analytics and use in insurance placements (collectively, the “SaaS Service”) and websites including but not limited to www.onarchipelago.com (collectively, the “Website(s)”) (SaaS Service and Websites referred to collectively as the “Services”).  This Archipelago Privacy Policy (“Privacy Policy") explains our privacy practices for the activities described herein. Please read this Privacy Policy carefully to learn how we collect, use, share, and otherwise process information relating to individuals (“Personal Data”) as described below and to learn about your rights and choices regarding your Personal Data. For purposes of this Privacy Policy, we refer to users of our SaaS Service and/or Websites as “Users or “you.” Regardless of what type of User you are, this Privacy Policy applies to your access and use of the Services.

By accessing or using the Services, you acknowledge and agree that you have read, understand, and agree to be bound by the terms of this Privacy Policy and our User Terms of Service (“User Terms”). If you do not agree with this Privacy Policy and/or our User Terms, do not access or use the Services, or any other part of Archipelago’s business.

1. GENERAL

As you interact with Archipelago including by accessing and using our Services, we collect and process information from and about you to provide you with access to and enhance your experience while using the Services and otherwise to interact with you. This Privacy Policy describes how Archipelago collects, uses, and discloses information collected through the Services and otherwise as described herein, and what choices you have with respect to such information.  

2. PROCESSING ACTIVITIES COVERED

This Privacy Policy applies to the processing of Personal Data collected by us when you:

  • Visit our Websites;
  • Receive communications from us, including emails, phone calls, texts or fax;
  • Use our SaaS Service as an authorized user (for example, as an employee of one of our customers who provided you with access to our Services) where we act as a controller of your Personal Data;
  • Register for, attend or take part in our events, webinars, or contests;
  • Visit our branded social media pages;
  • Visit our offices; or
  • Participate in community and open source development.

Our Services may contain links to other websites, applications, and services maintained by third parties. The information practices of other services or social media platforms that host our branded social media pages, are governed by their privacy statements, which you should review to better understand their privacy practices.

3. COLLECTION OF INFORMATION

3.1 Personal Data We Collect Directly From You

The Personal Data we collect directly from you includes identifiers, professional or employment-related information, commercial information, visual information, mobile and internet activity information. We collect such information in the following situations:

  • If you express an interest in obtaining additional information about our Services; request customer support; use “Contact Us” or similar features; register to use our Services or a product demo or trial; sign up for an event, webinar, or contest; or download certain content, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, email address or username and password;
  • If you attend an event, we may, with your further consent, scan your attendee badge, which will provide to us your information, such as name, title, company name, address, country, phone number, and email address;
  • If you register for an online community that we host, we may ask you to provide a username, photo, or other biographical information, such as your occupation, location, social media profiles, company name, areas of expertise, and interests;
  • If you interact with our Services, emails, texts, or advertisements, we automatically collect information about your device and your usage of our Services, emails, texts, or advertisements (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data using cookies, web beacons, or similar technologies;
  • If you use and interact with our Services, we automatically collect information about your device and your usage of our Services through log files and other technologies, some of which may qualify as Personal Data;
  • If you voluntarily submit certain information to our Services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request; and
  • If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name, and time and date of arrival.

If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Policy.

If you believe that your Personal Data has been provided to us improperly, or want to exercise your rights relating to your Personal Data, please contact us by using the information in the “Contact Us” section below.

3.2 Personal Data We Collect From Other Sources

We also collect information about you from other sources including third parties from whom we may license Personal Data and from publicly available information.  We may combine this information with Personal Data provided by you. This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. The Personal Data we collect from other sources includes identifiers, professional or employment-related information, education information, commercial information, visual information, internet activity information, and inferences about preferences and behaviors. For example, we may collect such Personal Data from the following sources:

  • Third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information;
  • Another individual at your organization who may provide us with your business contact information for the purposes of obtaining Services; and
  • Platforms such as GitHub to manage code check-ins and pull requests. If you participate in an open source or community development project, we may associate your code repository username with your community account so we can inform you of program changes that are important to your participation or relate to additional security requirements.

4. PROCESSING OF DEVICE AND USAGE DATA

We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our Services, our Services, or interact with our advertisements or emails we have sent to you.

4.1 Device and Usage Data

We gather certain information automatically when individual users visit our Services. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the Services. This information is used to analyze overall trends, help us provide and improve our Services, offer a tailored experience for Website users, and secure and maintain our Services.

In addition, we gather certain information automatically as part of your use of our Services. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration information and date and time stamps associated with your usage. This information is used to maintain the security of the Services, to provide necessary functionality, to improve performance of the Services, to assess and improve customer and user experience of the Services, to review compliance with applicable usage terms, to identify future opportunities for development of the Services, to assess capacity requirements, to identify customer opportunities, and for the security of Archipelago generally (in addition to the security of our products and Services). Some of the device and usage data collected by the Services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that such device and usage data is generally used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the Services to our customers.

4.2 Cookies and Online Analytics

We use a variety of online tracking and analytics tools (e.g., cookies, pixel tags, and web beacons ) to collect and analyze information as you use our Services.

When you visit our Services, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.

We may sometimes use cookies delivered by us or by third parties to show you ads for our products that we think may interest you on devices you use and to track the performance of our advertisements. For example, these cookies collect information such as which browser you used when visiting our Services.

We may also use third-party web analytics services (e.g. Google Analytics, Mixpanel, Hubspot, Outreach.io, Segment, etc.) to track and analyze usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements. You can learn about Google’s privacy practices by going to www.google.com/policies/privacy/‌partners/.

Archipelago may also contract with third-party advertising networks that collect IP addresses and other information from web beacons on our Services, from emails, and on third-party websites. Advertising networks may follow your online activities over time and across different websites or other online services by collecting device and usage data through automated means, including through the use of cookies, and serve advertisements that may be of interest to you on sites across the Internet. These technologies may recognize you across the different devices you use.

The types of tracking and analytics tools we and our service providers use for these purposes include, for example:

  • “Cookies” are small data files stored on your computer or device to collect information about your use of our Services and advertisements. Cookies may enable us to recognize you as the same user who visited our Services and/or used our Services in the past, and relate your usage to other information we have about you. Cookies may also be used to enhance your experience (for example, by storing your username) and/or to collect general usage and aggregated statistical information. Most browsers can be set to detect cookies and give you an opportunity to reject them, but refusing cookies may, in some cases, limit your use of our Services or features thereof. To learn more about the use of cookies, including how to manage or delete them, click here.  Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings.
  • “Local shared objects,” or “flash cookies,” may be stored on your computer or device using a media player or other software. Local shared objects operate much like cookies, but cannot be managed in the same way. Depending on how local shared objects are enabled on your computer or device, you may be able to manage them using software settings. For information on managing flash cookies, for example, click here.
  • A “pixel tag” (also known as a “clear GIF”) or “web beacon” is a tiny image – typically just one-pixel – that can be placed on a web page or in our electronic communications to you in order to help us measure the effectiveness of our content and advertisements by, for example, counting the number of individuals who visit us online or verifying whether you’ve opened one of our emails or seen one of our web pages.

4.3 Notices on Behavioral Advertising and Opt-Out for Website Visitors

As described above, we or one of our authorized partners may place or read cookies on your device or use similar technologies when you visit our Services for the purpose of serving targeted advertising on sites across the Internet (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks, and to opt out of third party vendors’ use of cookies, please visit the opt-out pages of the Network Advertising Initiative, click here, and the Digital Advertising Alliance, click here.

To learn how to manage privacy and storage settings for Flash cookies, click here. Various browsers may also offer their own management tools for removing certain types of local storage.  

4.4 Opt-Out From the Setting of Cookies on Your Individual Browser

In  many cases you may opt-out from the collection of non-essential device and usage data on your web browser by managing your cookies at the browser or device level. In addition, if you wish to opt-out of interest-based advertising, click here (or, if located in the European Union, click here).  Please note, however, that by blocking or deleting cookies and similar technologies used on our Services, you may not be able to take full advantage of the Services.

Do Not Track. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not currently recognize or respond to browser-initiated DNT signals. Learn more about Do Not Track.

5. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA

We collect and process your Personal Data for the following purposes. Where required by law, we obtain your consent to use and process your Personal Data for these purposes. Otherwise, we rely on other authorized legal bases, including but not limited to the (a) performance of a contract or (b) legitimate interest in collecting and processing your Personal Data.

  • Providing our Services : We process your Personal Data to perform our contract with you for the use of our Services and to fulfill our obligations under the applicable User Terms; if we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our Services and to provide you with content you access and request (e.g., to download content from our Services);
  • Providing necessary functionality: We process your Personal Data to perform our contract with you for the use of our Services; if we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to provide you with the necessary functionality required for your use of our Services;
  • Managing user registrations: If you have registered for an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you according to applicable terms of service;
  • Handling contact and user support requests: We process your Personal Data to perform our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;
  • Managing event registrations and attendance: We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you;
  • Promoting the security of our Services: We process your Personal Data by tracking use of our Services, creating aggregated non-personal data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent it is necessary for our legitimate interest in promoting the safety and security of the Services, systems, and applications and in protecting our rights and the rights of others;
  • Developing and improving our Services: We process your Personal Data to analyze trends and to track your usage of and interactions with our Services to the extent it is necessary for our legitimate interest in developing and improving our Services and providing our users with more relevant content and service offerings, or where we seek your valid consent;
  • Assessing and improving user experience: We process device and usage data as described above, which in some cases may be associated with your Personal Data, to analyze trends and assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving our Services, or where we seek your valid consent;
  • Reviewing compliance with applicable usage terms: We process your Personal Data to review compliance with the applicable usage terms in our customer’s contract to the extent that it is in our legitimate interest to ensure adherence to the relevant terms;
  • Assessing capacity requirements: We process your Personal Data to assess the capacity requirements of our Services to the extent that it is in our legitimate interest to ensure that we are meeting the necessary capacity requirements of our Services;
  • Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of customers and their users’ experiences;
  • Registering office visitors: We process your Personal Data for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access;
  • Displaying personalized advertisements and content: We process your Personal Data to conduct marketing research, advertise to you, provide personalized information about us on and off our Services and to provide other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interest in advertising our Services or, where necessary, to the extent you have provided your prior consent;
  • Sending marketing communications: We will process your Personal Data or device and usage data, which in some cases may be associated with your Personal Data, to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, email, SMS, or push notifications) about us and our affiliates and partners, including information about our products, promotions, or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent; and
  • Complying with legal obligations: We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our Services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.

If we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you.

6. SHARING OF PERSONAL DATA

We may share your Personal Data as follows:

  • Service Providers: With our contracted service providers, who provide services such as IT, system administration, hosting, credit card processing, research and analytics, marketing, customer support, and data processing and enrichment, and for the purposes and pursuant to the legal bases described above;
  • Customers With Whom You Are Affiliated: If you use our Services as an authorized user, we may share your Personal Data with your affiliated customer responsible for your access to the Services to the extent this is necessary for verifying accounts and activity, analyzing usage, investigating suspicious activity, or enforcing our terms and policies;
  • Third party networks and websites: With third-party social media networks, advertising networks, and websites, so that Archipelago can market and advertise on third party platforms and websites;
  • Third Party Partners: If you choose to interact with or use third-party tools, we may share your Personal Data with our third party partners who may contact you regarding their products or services;
  • Event Sponsors: If you attend an event or webinar organized or sponsored by us, or download or access an asset on our Website, we may share your Personal Data with sponsors of the event or webinar. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy statements. If you do not wish for your information to be shared, you may choose to opt-out or decline to opt-in, for example, via the applicable event/webinar registration or elect to not have your badge scanned, and other available means;
  • Professional Advisers: In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers - including lawyers, bankers, auditors, and insurers based in countries in which we operate who provide consultancy, banking, legal, insurance, and accounting services, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data;
  • Archipelago Affiliates: With affiliates and companies that we acquire in the future, to the extent such sharing of data is necessary to fulfill a request you have submitted via our Services or for customer support, marketing, technical operations and account management purposes; and
  • Third Parties Involved in a Corporate Transaction: If we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by third party, with such third party. We will comply with applicable laws regarding notification in case of transfer of your Personal Data to an unaffiliated third party.

We may also share anonymous or de-identified usage data with Archipelago’s service providers for the purpose of helping Archipelago in such analysis and improvements. Additionally, Archipelago may share such anonymous or de-identified usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our Services.

Anyone using our communities, forums, blogs, or chat rooms on our Services may read any Personal Data or other information you choose to submit and post.

7. INTERNATIONAL TRANSFER OF PERSONAL DATA

We may transfer information that we collect about you to third party processors across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. As required by applicable law, we will take reasonable and appropriate steps to ensure that any third party who is acting as a “data processor” under applicable EU and Swiss terminology is processing the personal data we entrust to them in a manner consistent with applicable law, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR). Where required by applicable law, we will only share, transfer or store your Personal Data outside of your jurisdiction with your prior consent.

8. CHILDREN

Our Services are not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the “Contact Us” section below and we will take steps to delete their Personal Data from our systems.

9. RETENTION OF PERSONAL DATA

We may retain your Personal Data for a period of time consistent with the original purpose of collection (see the “Purposes for which we process Personal Data” section, above) or as long as required to fulfill our legal obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).

After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

10. YOUR RIGHTS RELATING TO YOUR PERSONAL DATA

10.1 Your Rights

You may have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:

  • Access your Personal Data held by us;
  • Know more about how we processed your Personal Data;
  • Rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete;
  • Erase or delete your Personal Data (also referred to as the ‘right to be forgotten’), to the extent permitted by applicable data protection laws;
  • Restrict our processing of your Personal Data to the extent permitted by law;
  • Transfer your Personal Data to another controller to the extent possible (right to data portability);
  • Object to any processing of your Personal Data. Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
  • Opt-out of certain disclosures of your Personal Data to third parties;
  • Not be discriminated against for exercising your rights described above;
  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our Services or in our Services; and
  • Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.

10.2 How to Exercise Your Rights

To exercise your rights, please contact us by using the information in the “Contact Us” section, below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. If you are an employee of an Archipelago customer, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.

Some registered users may update their user settings, profiles, organization settings and event registrations by logging into their accounts and editing their settings or profiles.

10.3 Your Rights Relating to Customer Data

As described above, we may also process Personal Data submitted by or for a customer to our Services. To this end, if not stated otherwise in this Privacy Policy or in a separate disclosure, we process such Personal Data as a processor on behalf of our customer (and its affiliates) who is the controller of the Personal Data. We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those explained in this Privacy Policy. If your data has been submitted to us by or on behalf of an Archipelago customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. Because we may only access a customer’s data upon their instructions, if you wish to make your request directly to us, please provide us the name of the Archipelago customer who submitted your data to us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.

11. HOW WE SECURE YOUR PERSONAL DATA

We take appropriate precautions including organizational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the Personal Data we process or use.

While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of Services after your sessions. If you have any questions about the security of our Services, please contact us by using the information in the “Contact Us” section, below.

12. YOUR PREFERENCE FOR EMAIL AND SMS MARKETING COMMUNICATIONS

From time to time we may contact you with information about our Services, including sending you marketing messages and asking for your feedback on our Services. You may manage your receipt of marketing and non-transactional communications from us by clicking on the “unsubscribe” link located on the bottom of Archipelago marketing emails, by replying or texting ‘STOP’ if you receive Archipelago SMS communications, or by contacting legal@onarchipelago.com.

Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements or security information.

13. YOUR PREFERENCE FOR TELEMARKETING COMMUNICATIONS

If you want your phone number to be added to our internal Do-Not-Call telemarketing register, please contact us by using the information in the “Contact Us” section below. Please include your first name, last name, company and the phone number you wish to add to our Do-Not-Call register. Alternatively, you can always let us know during a telemarketing call that you do not want to be called again for marketing purposes.

14. LINKS TO OTHER WEBSITES AND SERVICES

The Service may contain links to and from third party websites of our business partners, advertisers, and social media sites and our users may post links to third party websites.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability resulting from you following a link to these websites.  Additionally, other privacy policies may apply when you engage with us through a co-branded or co-sponsored promotional or marketing activity. We strongly recommend that you read the privacy policies and terms and conditions of use of any third party website or service to understand how your information will be collected, used and shared. We are not responsible for the privacy practices or the content on the websites of third-party sites.

15. CHANGES TO THIS PRIVACY POLICY

We will update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we do, we will update the “effective date” at the top. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our Website or by contacting you directly, or where required under applicable law and feasible, seek your consent to these changes.

We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing and sharing of your Personal Data.

16. CONTACT US

If you wish to contact us or have any questions about or complaints in relation to this Privacy Policy, please email legal@onarchipelago.com.