Last Updated: April 3, 2020

Reciprocity is committed to protecting your privacy.  Our most important asset is you and your trust and we want you to have confidence in the way we use your Personal Information.

In this Privacy Notice, “us”, “we” and “our” refers to Reciprocity, Inc. and our affiliates listed on this page (collectively “Reciprocity”). “Personal Information” means any information relating to an identified or identifiable individual. Please read the following carefully to understand our views and practices regarding your Personal Information and how we will treat it. 

This Privacy Notice provides Information about:

Reciprocity and our Privacy Notice

Reciprocity is a computer software company. Our Governance, Risk, and Compliance (GRC) software helps our customers to more effectively manage different business risks.  

This Privacy Notice describes how we collect, use, disclose and otherwise process Personal Information about you when: 

  • you visit our website at www.reciprocitylabs.com (the “Site”); or 
  • submit Personal Information directly to us on the Site; or 
  • otherwise contact, or inquire or otherwise engage with us in respect of our products and services which we market through our Site (our “Services”). 

Outside of customer account information, this Privacy Notice does not apply to processing by our customers of Personal Information when they use Reciprocity Services. Where Reciprocity host customer Personal Information within the Reciprocity Services we do so in our capacity as a processor on the customer’s behalf. Our customer is the controller in respect of Personal Information they process when using Reciprocity Services. 

For more information about how Reciprocity safeguards Personal Information submitted by or processed within the Services by customers, please see our ZenGRC and Services privacy policy.

By visiting and using our Site and engaging with us, you acknowledge that you have read and understood this Privacy Notice.

Personal Information We Collect

Information provided by you

You may provide us with the following categories of Personal Information about you:

  • Contact information:  basic contact information such as your first and last name, email address, phone number and other contact information such as your address.
  • Professional information: job title, title level, title function, company name, which subject matter you are interested in, resume/curriculum vitae (CV).
  • Communications information: records of any correspondence and communications including the content of your message, the date and time and our response if you contact us or raise a question with us.
  • Marketing information: you may provide concerning your marketing preferences.

We may ask you to provide certain Contact and Professional information when you register for events, request a demo, download white papers or literature, or seek more information. 

We may also collect any other Personal Information that you choose to provide to us. For example, Communications and Marketing information if you decide to contact us with a request, or Professional information where you contact us to apply for a job with Reciprocity.

Information we collect about you

We may collect via automated means the following categories of Personal Information about you or that relate to your use of our Site: 

  • Technical  information which may include: 
    • Internet protocol (IP) address
    • Browser type and version
    • Device ID’s
    • Google ID
    • Time zone setting
    • Operating system and platform
    • Hardware version
    • Device language settings
  • Information about your visit which may include:
    • Uniform Resource Locators (URL)
    • Clickstream to and through our Site (but not from our Site)
    • Page response times and download errors
    • Page interaction information (such as scrolling, clicks, frequency and length of visits, types of content viewed or engaged with)

Cookie and Similar Technologies

We use cookies and similar technologies to collect and store certain information. This includes saving cookies to your device. For information on what cookies are, which ones we use, why we use them, and how you can manage their use, please see our Cookies Policy.

How we use Personal Information

We use information held about you in the following ways:

Information provided by you

We will use this information to:

  • Ensure in our legitimate interests that:
    • content from our Site is presented in the most effective manner for you and for your device to provide you with a better experience 
    • to communicate with you and respond to your inquiries.
    • to process your job applications with us
  • Take steps in order to enter into any contract or carry out our obligations arising from any contract entered into between you and us including:
    • administering an account you have with us;
    • notifying you about changes or updates to our Service.
  • Provide you with information about our Services we believe may interest you and which may be tailored to you, in our legitimate interests (provided these interests do not override your right to object to such communications) or if you have given your consent to receiving marketing material from us at the point we collected your information, where such consent is required by law or otherwise. For example we may:   
    • send you an email to alert you about Service upgrades, upcoming events, updated information and about other of our Services.  See ‘Our promotional updates and communications’.
    • call you on the telephone number you have provided to us with information regarding our Services or upcoming events. If you do not wish to receive such telephone calls, please let us know at the time you provide this information or by using the contact details provided below.

Information we collect about you

We will use this information in our legitimate interests:

  • For internal operations, including troubleshooting, data analysis, testing, research, statistical analysis purposes.
  • To understand how you use and interact with our Site
  • To keep our Site safe and secure.
  • To improve our Site to ensure that content is presented in the most effective manner for you and for your computer or device.
  • To measure and understand the effectiveness of our advertising and to deliver relevant advertising to you.


If you are in Europe

If you are located in Europe, we rely on one or more of the following grounds when processing your Personal Information:

  • To fulfill a contract we have with you.
  • To comply with a legal obligation.
  • You have given clear consent for us to process your Personal Information for a specific purpose.
  • Data protection law allows us to use Personal Information for our genuine and legitimate reasons as long as we respect your rights and freedoms. This lawful basis for using your information is called ‘legitimate interests’. When we rely on our legitimate interests as the legal basis for processing your Personal Information for the purposes set out above, we will specify what our legitimate interests are, and carefully consider and balance any possible effect this may have on you and your rights. You have the right to object to this processing, however please bear in mind if you object this may affect our ability to carry out certain activities.

Our Promotional Updates and Communications

Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal data for marketing analysis and to provide you with promotional update communications by email or by telephone about our Services.

You can object to further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional update communications to you, or contact us directly. See Your Rights and Choices below 

Who We Share Personal Information With

We may share your Personal Information with:

  • companies within our group including Reciprocity Europe who may support us in any of the purposes set out in this Privacy Notice
  • analytics and search engine providers that assist us in the improvement and optimization of our Platform, including by measuring the performance of our online campaigns and analysing visitor activity
  • business partners, suppliers and sub-contractors, performing services on our behalf (e.g., Site hosting providers and other parties who assist us in operating our Site, conducting our business, or serving our Site visitors and customers)
  • any company or prospective buyer of all or substantially all of the Company group’s assets in connection with the sale or transfer of assets to any prospective buyer
  • any person to whom disclosure is necessary to enable us to enforce our rights under this Privacy Notice or under the terms of use or to protect our rights or the rights of third parties. This includes exchanging information with law enforcement agencies or other similar government bodies
  • another party where required to do so by court order or where we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation

Click here to see a list of our subprocessors

Where We Store Personal Information

The servers used to process your Personal Information collected from this Site are in the USA, however we collect data from wherever visitors to our Site or customers are situated. The information that we collect may therefore be transferred to the USA from any other country in which you may be located.

If you are in Europe

Where we transfer Personal Information, we will take all steps reasonably necessary to ensure that it is protected by appropriate safeguards. This includes:

  • relying on a European Commission recognized legal adequacy mechanism, like the European Commission standard contractual clauses for transfers of personal information
  • ensuring it is treated securely and in accordance with this Privacy Notice.

We may transfer your personal information outside Europe:

  • in order to store it
  • in order to enable us to provide our Service to you and fulfill any contract with you. This includes the provision of support services
  • where we are legally required to do so
  • in order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

Our Participation in the EU-US and Swiss-US Privacy Shield Framework

Reciprocity, Inc. participates in and complies with the EU-U.S. and Swiss-U.S. Privacy Shield, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the UK, Switzerland, and European Union to the United States.

Certification

Reciprocity Inc. has certified to the US Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

How to make a complaint?

In compliance with the Privacy Shield Principles, Reciprocity Inc. commits to resolve complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at privacy@reciprocitylabs.com.

Reciprocity Inc. has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.

If your complaint is not satisfactorily resolved by either Reciprocity Inc. or the third-party resolution service, you may, under certain conditions, pursue binding arbitration through the Privacy Shield Panel here.

Data sharing to third parties

Reciprocity Inc. may provide personal data to third parties who perform services on our behalf. Third parties who receive such information must maintain compliance with our Privacy Shield obligations.

We are responsible and remain liable for the processing of personal data we receive, under the Privacy Shield Framework, including if we subsequently transfer to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the UK, Switzerland, and European Union, including the onward transfer liability provisions. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Federal Trade Commission enforcement

Reciprocity Inc. is subject to the investigation and enforcement actions of the Federal Trade Commission. Reciprocity Inc. may be required to share your personal data, including the disclosure of UK, Switzerland, and European Union personal data, to public authorities and law enforcement agencies in response to lawful requests, including requests to meet national security and law enforcement requirements.

Security

We are committed to ensuring that your Personal Information is adequately protected. In order to prevent unauthorized access to or disclosure of your Personal Information, we have implemented appropriate administrative, physical and technical controls to safeguard our systems, applications and information, as well as robust standard operating procedures in the event of a security incident. We also maintain procedural safeguards to further restrict access to your Personal Information to employees who need it to perform their tasks or people working on our behalf and under confidentiality agreements.

Retention

We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. 

When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

If you opt-out from us sending you promotional updates and marketing, or object to any other processing of your Personal Information, we may keep a record of your objection for the legitimate purpose of ensuring that we can continue to respect your wishes and not contact you further, during the term of your objection.

Your Rights and Choices

You have options and choices over how we use your personal information. You may have the right under applicable laws to ask for details of the personal information we hold about you, or to amend, limit or delete your personal information. You may also have the right to object to further processing under certain circumstances.
We also respect the rights you may have under applicable laws to receive that information in a commonly used electronic format (or ask for this information to be provided in that format to a third party where feasible).

If you are in Europe, you have the right under certain circumstances:

  • to be provided with a copy of your personal information held by us
  • to request the correction or erasure of your personal information held by us
  • to request that we restrict the processing of your personal information (while we verify or investigate your concerns with this information, for example)
  • to object to the further processing of your personal information, including the right to object to marketing (as mentioned in our promotional updates and marketing section
  • to request that your provided personal information be moved to a third party
  • to withdraw consent
  • Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us. You can also change your marketing preferences at any time as described in our promotional updates and marketing section and below. If you remain unhappy with a response you receive from us, you can also refer the matter to your data protection supervisory authority which can be found here.

Opting out of our Marketing Communications

To opt out from receiving electronic marketing communications from Reciprocity, please:
  • Click on the unsubscribe link provided within each electronic communication, or
  • Reply to the email with the subject line “unsubscribe”

Opting out from our Marketing Calls

This Privacy Notice covers the privacy practices of Reciprocity and it does not cover the privacy practices of third parties on their websites and other features. Reciprocity is not responsible for the privacy notices and/or practices of third-parties.

Reciprocity’s Site may provide links that can take you to other websites, which may include partner websites. You should review the privacy and other policies that govern the websites you visit, since those websites are not bound by Reciprocity’s Privacy Notice, and Reciprocity has no control over the content of those Websites, nor the usage of information they gather.

Modifications to the Privacy Notice

Any changes we make to our privacy notice will be posted on this page https://reciprocitylabs.com/privacy and, in relation to substantive changes, will be notified to you by e-mail.

Contacting Reciprocity

If you would like to contact us with questions or concerns about this Privacy Policy, our privacy practices, or would like to exercise your privacy rights, you may contact us via any of the following methods:

E-mail: privacy@reciprocitylabs.com

Toll-free Number (USA): +1-877-440-7971

You may also write to us at:
Attn: Privacy Officer
Reciprocity, Inc.
755 Sansome Street
6th Floor
San Francisco, CA 94111
Our EU Representation:
Attn: Privacy Officer
Reciprocity d.o.o.
Celovška cesta 25
1000 Ljubljana
Slovenia