CODIFI – PRIVACY POLICY
1. INTRODUCTION
Codifi is a field data management company, providing a platform that enables our customers to collect data in field environments, store such data in secure environments, sync data from locations with limited connectivity, and manage and generate reports from such data. In providing these services, we may process your personal information if you (a) are interviewed, recorded, included in, or contribute to data reported and stored by our customers, (b) are or work for one of our customers or other business contacts; or (c) are a visitor to any of our websites or applications.
This Privacy Policy explains how Codifi uses and protects personal information. Codifi is committed to respecting all applicable privacy laws and ensuring your personal information is kept securely. This Policy does not apply to our processing of the personal information of Codifi employees or employment candidates, which will be provided separately where required.
Codifi is currently only working with US customers; we do not expect to receive any personal information of anyone located in European countries subject to GDPR rules. If we do, we will update this Policy.
Codifi may change this Policy from time to time by updating this page. Please check back to ensure that you are up to date with any changes.
2. WHO IS CODIFI
Codifi is a provider of field data management services. Our customers are organizations such as cultural resource management and environmental consulting firms, government agencies, and subcontractors, working, for example, in the areas of cultural resource management, research, environmental protection, or construction and real estate. Our services help our customers collect, sync, store, manage, and use the data they collect in the field. This may involve the collection of certain personal information relating to individuals, which is then processed by Codifi on our customers’ behalf.
In these cases, the “controller” or “business” (the entity that decides on the purposes of the processing and ways in which it is processed) is our customer, and Codifi is a “processor” or “service provider” that processes personal information on behalf of and on the instructions of each customer. In this Policy, we set out general information about Codifi’s personal information processing, but you should consult the relevant controller or business you have interacted with for further details.
For other personal information processing activities relating to personal information collected from or about staff working for our current or potential customers and suppliers, other business contacts, or visitors to our website, Codifi is the controller or business.
For any question or request relating to personal information processing, Codifi can be contacted as set out in Section 11.
3. CATEGORIES OF PERSONAL INFORMATION THAT WE PROCESS
A. Individuals appearing in personal information collected by Codifi customers (“Customer-provided data”): In providing our services, our customers may provide us with personal information generated during their fieldwork. Examples could be:
- personal information such as name, company name, position, mailing address, telephone numbers, e-mail addresses, professional qualifications or interests
- interviews
- reports
- audio
- videos
- photographs
B. Business contacts: If you or your employer is a current or potential Codifi customer, supplier investor, or other business contact, then we will need to collect certain personal contact information in connection with our relationship with you. This may include:
1. Identifiers such as:
- your name
- company name
- position
- e-mail addresses
- telephone numbers
- web address
- mailing address
2. Commercial information, such as:
- details of offers, products or services purchased, obtained, or considered
- contract and payment-related information
- customer support requests and follow-up
- information provided to us in the course of correspondence with you (e.g. by email, web forms, phone, or online messaging)
3. Internet or other electronic network activity information, such as:
- interactions with our website and applications (e.g. IP address, browser type, browser version, pages visited, timestamp, time spent on those pages, and other statistics)
4. Professional or employment-related information, such as:
- professional qualifications or interests
5. Account log-ins in combination with security or access codes, passwords, or credentials allowing access to your account (which may also be considered sensitive personal information)
4. SOURCES OF PERSONAL INFORMATION
A. Customer-provided data: This personal information is disclosed to us by our customers in connection with their projects and use of our services.
B. Business contacts: We obtain this information directly from you or your employer, for example, through exchanging emails or business cards, industry events, online or offline networking, business directories, publicly available information such as your organization’s website and online channels, requests for proposals, or in-person meetings. In addition, if you visit our website, we may collect personal information using web forms, cookies, and similar technologies (please also see Section 10).
5. PURPOSES FOR WHICH WE PROCESS PERSONAL INFORMATION
We collect and use personal information exclusively for the following purposes:
A. Customer-provided data:
- provision of our services, including storage, syncing, retrieval, management, and reporting on behalf of our customers
B. Business contacts:
- setting up, renewing, updating, and managing your organization’s contract or account with us
- billing and collections for our services
- making payments for products and services supplied to us
- evaluating new services and products
- recordkeeping, accounting, and meeting other legal requirements
- managing, improving, and expanding our business and resources
- communicating with you and managing our relationship with you
- answering inquiries including by email, web, telephone, and chat
- responding to customer service requests
- organizing events such as webinars
- sending promotional communications and offers
- sending PR or company information
- asking for feedback on our products and services
- understanding visitors’ navigation on our websites and applications to understand trends and visitors’ interests and requirements.
6. CATEGORIES OF RECIPIENTS AND INTERNATIONAL TRANSFERS
We may disclose information with third parties in connection with our business. Recipients may include:
- our subsidiaries and affiliates involved with the provision of our services;
- other organizations that provide services in support of our services and business, such as:
- providers of IT-related services (e.g. storage, hosting, management, maintenance, analytics);
- marketing, advertising, and communications service providers; or
- accounting, legal, compliance, insurance, or banking service providers.
These third parties have access to your personal information only to perform specific tasks on our behalf. They are obligated not to retain, use, or disclose your information for any other purpose.
Our corporate headquarters is located in Arizona, USA. All personal information we process is stored on servers located in the USA. We do not currently process any personal information of individuals that would require a transfer to us from the European Economic Area or the UK.
Occasionally, we may receive a request from a government, law enforcement agency, or regulator requesting personal information from us, and we would normally comply with such request without having to notify you.
7. DATA RETENTION PERIODS
We only retain personal information for as long as necessary for the purpose for which that personal information was collected.
For Customer-provided data, this is defined by the relevant customer, and we will retain such personal information for the period that we are providing services to such customer or as decided by them. We provide tools for our customers to retrieve and delete personal information anytime.
For business contacts, we will retain your personal information for the time that you or your organization has an account, contract, or other relationship with us and, where required, also for any limitation period for legal claims. If you have subscribed to a newsletter or other communications, we will keep your contact details until you unsubscribe.
8. SECURITY
We implement and require our third-party suppliers to implement security measures, including physical, logical, contractual, and organizational safeguards, to prevent unauthorized access to, loss, misuse, or alteration of the personal information that we process in connection with our services. We ensure these measures are reasonable, given the nature of the personal information we process, and in line with good industry standards and all applicable laws.
9. COOKIES
A cookie is a small piece of personal information sent from a website or application and stored in a user’s browser or device. Every time the user loads the website or application, the browser sends cookie information back to the server to indicate that it recognizes the user.
We use cookies when you visit our websites and applications for the purposes of analyzing the use of our websites and improving and optimizing our websites and services.
You can remove cookies from your browser by following the directions provided in your browser’s “help” or “settings” Sections. Some cookies may be essential for using different features of certain websites or applications, so if you clear all cookies, those features may not work as expected, or you may need to accept some cookies on your next visit. For mobile devices, please review the privacy controls within your mobile operating system.
10. YOUR RIGHTS
Consumers who reside in US states such as California, Colorado, Virginia, Connecticut, or Utah (and others in the future) may have additional rights under state privacy legislation. Most US States’ privacy laws apply only to consumers acting in a personal or household context, and we do not handle any personal information of consumers in that capacity. However, to the extent that US State privacy laws applicable to us also protect the personal information of individuals acting in a commercial or employment context, then you may have some or all of the following rights:
- to have inaccurate personal information corrected;
- to be informed of what categories of personal information will be collected and the purposes for which they will be used;
- to receive confirmation of whether or not your personal information is being processed, to access it, and how it is used, sold, or shared;
- to receive a copy in a portable format for transmission to another organization;
- to opt out of sales or sharing, and in some states, to opt out of personal information processing for targeted advertising and/or profiling for significant purposes;
- to request deletion of your personal information (subject to some exceptions e.g. where required for detecting security incidents, exercising free speech, protecting or defending against legal claims, or for internal uses reasonably aligned with your expectations);
- to limit the use of sensitive information to necessary uses;
- not to be discriminated against based upon your exercise of any of your legal rights relating to your personal information.
If you have interacted with one of our customers and wish to exercise any of your legal rights or have another issue or inquiry, you should contact that customer. In other cases, please contact us using the details below. If you make such a request, including through an authorized agent, we reserve the right to verify your identity and the agent’s authorization. However, we may not be able to respond to your request if it is not permitted or foreseen under applicable laws.
11. CONTACT US
For any inquiry related to our personal information processing or this Policy, please contact us at the below addresses:
Codifi, LLC (“Codifi”)
319 East Palm Lane
Phoenix, AZ, 85004
USA
Last updated: November 2, 2023
