Reciprocity Privacy Policy

Last Updated: April 3, 2020

Reciprocity is committed to protecting your privacy.  Our most important asset is you and your trust and we want you to have confidence in the way we use your Personal Information.

In this Privacy Notice, “us”, “we” and “our” refers to Reciprocity, Inc. and our affiliates listed on this page (collectively “Reciprocity”). “Personal Information” means any information relating to an identified or identifiable individual. Please read the following carefully to understand our views and practices regarding your Personal Information and how we will treat it. 

This Privacy Notice provides Information about:

Reciprocity and our Privacy Notice

Reciprocity is a computer software company. Our Governance, Risk, and Compliance (GRC) software helps our customers to more effectively manage different business risks.  

This Privacy Notice describes how we collect, use, disclose and otherwise process Personal Information about you when: 

Outside of customer account information, this Privacy Notice does not apply to processing by our customers of Personal Information when they use Reciprocity Services. Where Reciprocity host customer Personal Information within the Reciprocity Services we do so in our capacity as a processor on the customer’s behalf. Our customer is the controller in respect of Personal Information they process when using Reciprocity Services. 

For more information about how Reciprocity safeguards Personal Information submitted by or processed within the Services by customers, please see our ZenGRC and Services privacy policy.

By visiting and using our Site and engaging with us, you acknowledge that you have read and understood this Privacy Notice.

Personal Information We Collect

Information provided by you

You may provide us with the following categories of Personal Information about you:

We may ask you to provide certain Contact and Professional information when you register for events, request a demo, download white papers or literature, or seek more information. 

We may also collect any other Personal Information that you choose to provide to us. For example, Communications and Marketing information if you decide to contact us with a request, or Professional information where you contact us to apply for a job with Reciprocity.

Information we collect about you

We may collect via automated means the following categories of Personal Information about you or that relate to your use of our Site: 

Cookie and Similar Technologies

We use cookies and similar technologies to collect and store certain information. This includes saving cookies to your device. For information on what cookies are, which ones we use, why we use them, and how you can manage their use, please see our Cookies Policy.

How we use Personal Information

We use information held about you in the following ways:

Information provided by you

We will use this information to:

Information we collect about you

We will use this information in our legitimate interests:


If you are in Europe

If you are located in Europe, we rely on one or more of the following grounds when processing your Personal Information:

Our Promotional Updates and Communications

Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal data for marketing analysis and to provide you with promotional update communications by email or by telephone about our Services.

You can object to further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional update communications to you, or contact us directly. See Your Rights and Choices below 

Who We Share Personal Information With

We may share your Personal Information with:

Click here to see a list of our subprocessors

Where We Store Personal Information

The servers used to process your Personal Information collected from this Site are in the USA, however we collect data from wherever visitors to our Site or customers are situated. The information that we collect may therefore be transferred to the USA from any other country in which you may be located.

If you are in Europe

Where we transfer Personal Information, we will take all steps reasonably necessary to ensure that it is protected by appropriate safeguards. This includes:

We may transfer your personal information outside Europe:

Our Participation in the EU-US and Swiss-US Privacy Shield Framework

Reciprocity, Inc. participates in and complies with the EU-U.S. and Swiss-U.S. Privacy Shield, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the UK, Switzerland, and European Union to the United States.

Certification

Reciprocity Inc. has certified to the US Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

How to make a complaint?

In compliance with the Privacy Shield Principles, Reciprocity Inc. commits to resolve complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at privacy@reciprocitylabs.com.

Reciprocity Inc. has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.

If your complaint is not satisfactorily resolved by either Reciprocity Inc. or the third-party resolution service, you may, under certain conditions, pursue binding arbitration through the Privacy Shield Panel here.

Data sharing to third parties

Reciprocity Inc. may provide personal data to third parties who perform services on our behalf. Third parties who receive such information must maintain compliance with our Privacy Shield obligations.

We are responsible and remain liable for the processing of personal data we receive, under the Privacy Shield Framework, including if we subsequently transfer to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the UK, Switzerland, and European Union, including the onward transfer liability provisions. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Federal Trade Commission enforcement

Reciprocity Inc. is subject to the investigation and enforcement actions of the Federal Trade Commission. Reciprocity Inc. may be required to share your personal data, including the disclosure of UK, Switzerland, and European Union personal data, to public authorities and law enforcement agencies in response to lawful requests, including requests to meet national security and law enforcement requirements.

Security

We are committed to ensuring that your Personal Information is adequately protected. In order to prevent unauthorized access to or disclosure of your Personal Information, we have implemented appropriate administrative, physical and technical controls to safeguard our systems, applications and information, as well as robust standard operating procedures in the event of a security incident. We also maintain procedural safeguards to further restrict access to your Personal Information to employees who need it to perform their tasks or people working on our behalf and under confidentiality agreements.

Retention

We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. 

When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

If you opt-out from us sending you promotional updates and marketing, or object to any other processing of your Personal Information, we may keep a record of your objection for the legitimate purpose of ensuring that we can continue to respect your wishes and not contact you further, during the term of your objection.

Your Rights and Choices

You have options and choices over how we use your personal information. You may have the right under applicable laws to ask for details of the personal information we hold about you, or to amend, limit or delete your personal information. You may also have the right to object to further processing under certain circumstances.
We also respect the rights you may have under applicable laws to receive that information in a commonly used electronic format (or ask for this information to be provided in that format to a third party where feasible).

If you are in Europe, you have the right under certain circumstances:

Opting out of our Marketing Communications

To opt out from receiving electronic marketing communications from Reciprocity, please:

Opting out from our Marketing Calls

This Privacy Notice covers the privacy practices of Reciprocity and it does not cover the privacy practices of third parties on their websites and other features. Reciprocity is not responsible for the privacy notices and/or practices of third-parties.

Reciprocity’s Site may provide links that can take you to other websites, which may include partner websites. You should review the privacy and other policies that govern the websites you visit, since those websites are not bound by Reciprocity’s Privacy Notice, and Reciprocity has no control over the content of those Websites, nor the usage of information they gather.

Modifications to the Privacy Notice

Any changes we make to our privacy notice will be posted on this page https://reciprocitylabs.com/privacy and, in relation to substantive changes, will be notified to you by e-mail.

Contacting Reciprocity

If you would like to contact us with questions or concerns about this Privacy Policy, our privacy practices, or would like to exercise your privacy rights, you may contact us via any of the following methods:

E-mail: privacy@reciprocitylabs.com
Toll-free Number (USA): +1-877-440-7971

You may also write to us at:
Attn: Privacy Officer
Reciprocity, Inc.
755 Sansome Street
6th Floor
San Francisco, CA 94111

Our EU Representation:
Attn: Privacy Officer
Reciprocity d.o.o.
Celovška cesta 25
1000 Ljubljana
Slovenia