Effective Date: October 17, 2023
Simeio Solutions, LLC and its subsidiaries and affiliates (collectively, “Simeio Solutions”, “us”, “we” or “our”) created this Privacy Statement because we take your privacy seriously and are committed to protecting your rights. This Privacy Statement describes how we collect/ receive and handle your Personal Information through our corporate websites and through the delivery of our identity and access management products and services. Furthermore, this Privacy Statement outlines our general privacy practices that are applied to the Personal Information we collect and receive from customers (current and prospective), end users of the website, job applicants, employees, partners, and other associates.
We consider Personal Information to be any information relating to an identified or identifiable natural person (‘Individual’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Types of Personal Information Collected Through the Website and Our Products and Services
Information You Provide to Us via Web Forms
As an end user of the Simeio Solutions corporate website, when you interact with us through a web form (when accessing our “Resources”, exploring our products and services via “Contact Us”, etc.), you may choose to provide us with certain Personal Information like your name, e-mail address, phone number, employer, and title that may be used to identify you as a specific Individual. In open text fields, you may provide other Personal Information as part of your web submissions to Simeio Solutions, but we expect that you limit this Personal Information to only that which is necessary and associated with the nature of your inquiry. It is our legitimate interest to offer you a means to communicate with Simeio Solutions through the website to respond to the questions and requests you may have and provide you with information about Simeio Solutions and our product and services. Your inquiries may be fielded by our corporate headquarters in the United States or another international office that may be local to you.
Information We Collect Automatically When You Access or Use the Website
We may use a variety of technologies that automatically or passively collect certain information when you visit or interact with our website (“Usage Information”). Usage Information may be collected through server log files, cookies (text files sent to and stored on your computer, mobile phone, or other device (“Device”) used to access a website), web beacons (also known as clear GIFs and pixel tags, which may be used to transmit information back to a website), and embedded scripts (programming code that is designed to collect information about your interactions with the website, such as the links you click on, and which is active only when you are accessing the website). It is our legitimate interest to collect Usage Information for the purposes of monitoring the security and health of the website and enhancing your experience. Usage Information may include, for example:
- Information about the Device used to access the website e.g., the browser and operating system you are using, geolocation, and the IP address or other unique identifier (“Device Identifier”) of your Device.
- Information about how you accessed the website, e.g., the URL or advertisement that referred you to our website, or the search terms you entered into a search engine that led you to our website (if applicable).
- Information about your visit to and interaction with the website, e.g., all of the areas within our website that you visit, and the time of day you visited.
The website is hosted by a third-party web hosting company located in the United States. In addition, Simeio Solutions works with certain third parties (such as analytics companies) also located in the United States to provide us with information regarding traffic on the website and information regarding the use of the website. We may permit these third parties to operate directly on the website, use their own technology (e.g., setting cookies or using web beacons or embedded scripts), and collect Usage Information and related information about you, on our behalf. We may also share Usage Information with these third parties for similar purposes. This Usage Information we share with these third parties is aggregated and in a non-identifying form. Some third parties may collect Personal Information about your online activities over time and across different websites when you use the website. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit;
however, please note if you do this you may not be able to use the full functionality of the website.
Please note that the website is not intended for children, and we do not knowingly collect Personal Information from children on the website. If you are the parent or guardian of anyone younger than the age of 18 or the equivalent age as specified by law in your jurisdiction, please contact us by using the Privacy Requests option under the Contact Us section. We will delete such Personal Information from our systems as soon as possible.
Simeio Solutions has also not knowingly sold Personal Information (including the Personal Information of minors as defined by law in your jurisdiction) to third parties.
Information You Provide to Us for Identity and Access Management Products and Services
As a customer of Simeio Solutions’ identity and access management products and services, we process your data at your direction and in accordance with the established services agreement. The identity and access management data we process on your behalf may include, but not be limited to, Personal Information like IP address, geolocation, name, username, business/ personal email, business/ personal phone number, home/ office address, employer, title, and in some instances national identification number or driver’s license number belonging to a customer’s employees or customers. Our identity and access management solutions may be hosted by third party service providers like Amazon Web Services, Inc., Oracle Cloud Infrastructure or Rogers Communications in countries and regions such as the United States, Canada, and Europe (or any other region depending on the terms of our services agreement). Your identity and access management products and services will be supported by dedicated Simeio Solutions teams that may be located in the United States, Canada, Costa Rica, Gulf Region, Benelux, the United Kingdom, or India.
Simeio Solutions’ Privacy Practices
Lawful, Fair, and Transparent Collection and Processing
The Personal Information we collect and process as an organization is done lawfully, fairly, and in a transparent manner in accordance with applicable legal and regulatory obligations. Our grounds for collecting and processing Personal Information may be based on obtaining consent, carrying out our responsibilities to uphold terms in a contract, compliance requirements, and other conditions and legitimate interests. When we collect Personal Information from individuals, we strive to inform those Individuals of what the collection involves and what their rights are via privacy notices. Our methods of consent and our privacy notices are presented in a fashion that is intelligible, easily accessible, in clear and plain language, and clearly distinguishable from the other matters. We offer consent only in the circumstances where it is freely given.
Data Protection by Design and by Default
Data protection is a significant consideration in all that we do at Simeio Solutions. We design and implement processes and technologies that allow us to collect personal data that is adequate, relevant, and limited to what is necessary for the related purposes of processing. We try to only allow for the collection of necessary data and prevent the intake of irrelevant data. The Personal Information we collect and need to run our business and provide identity and access management solutions and services is not further processed in a manner that is incompatible with the specified, explicit, and legitimate original purposes of collection. To us, data protection must be the default whenever we handle Personal Information and not just an optional privilege for Individuals.
Simeio Solutions has in place appropriate and reasonable technological and operational security processes designed to protect Personal information from loss, misuse, alteration, or destruction during transmission and once we receive it. Only authorized employees and contractors will have access to any data provided by you, and that access is limited by need. Each employee or contractor having access to any Personal Information is obligated to maintain its confidentiality
Transfers of Personal Information to Third Parties
Our relationships with third party service providers, partners, and affiliates allow us to stay agile and focus on developing and providing best-in-class solutions and services for identity and access management. When third parties process personal data on the behalf of Simeio Solutions or require access to the personal data we possess to perform their services, we ascertain that the third party is obligated to provide at least the same level of privacy protection as we hold ourselves to. Simeio Solutions maintains contracts with these third parties that restrict their access, use, and disclosure of Personal Information in compliance with the laws and regulations that apply. Our third parties are required to notify us if they determine they can no longer meet the level of data protection expected by Simeio Solutions, and we monitor for compliance to our data protection terms depending on the nature of the services being provided.
International Transfers of Personal Information
Personal information, including Personal Information collected, may be transferred, stored, and processed by us and our services providers, partners, and affiliates in countries whose data protection laws and regulations may be different to the laws of your country (in respect to what is permitted by the relevant services agreement). We allow transfers of Personal Information made between countries or regions, intracompany or with international third parties, only when supported by an appropriate legal agreement or an alternative provision that ensures obligations to Personal Information rights and protections are commensurate. The sufficiency of these agreements and provisions depends on the countries or regions the information is transferred from and to.
Examples of agreements and provisions that may be suitable for transfers (depending on the nature of the international exchange) include, but are not limited to, the following:
- The nation or region where Personal Information is transferred from recognizes the nation or region where Personal Information is transferred to as having adequate protections in place. This will be based on the receiving country’s or region’s rule of law, respect for human rights and fundamental freedoms, relevant legislation, etc.
- Binding corporate rules are established (for intracompany transfers).
- Standard data protection clauses are established.
- An approved code of conduct is in place that is paired with binding and enforceable commitments set upon the organization in the third country.
- An approved certification mechanism (e.g., a safe harbor) is in place that is paired with binding and enforceable commitments set upon the organization in the third country
How Long We Keep Personal Information
We keep your Personal Information only for as long as it is warranted to fulfill our commitments to you, or to adhere to legal or regulatory requirements. If you are a customer or partner, we keep the information for the duration of our relationship. Certain information may be kept for longer though, for instance contracts will be archived even when terminated. If you have requested to receive marketing communications, we will keep your Personal Information only for as long as you interact with us. When personal data is expired or is no longer needed and does not have to be retained, we may return, delete, destroy, or anonymize it, depending on what method is systematically and procedurally possible, most secure and what our related retention commitments are.
Under applicable laws and regulations, you may be able to exercise certain privacy rights depending on the territory or country you reside in (such as the European Economic Area). We will process your request in accordance with these applicable data protection laws. We may need to retain certain information for record-keeping purposes or to complete transactions that you began prior to requesting any deletion. These rights may include:
- Right not to provide consent or to withdraw consent: We may seek to rely on your consent in order to process certain Personal Information. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal. As it pertains to marketing, if at any time you prefer not to receive further communications from us in any or all forms, you will have the ability to unsubscribe from such communications by means of a link provided in every e-mail that is sent to you by us.
- Right of access: You may have the right to access the Personal Information that we hold about you.
- Right to rectification: You may have the right to require us to correct any inaccurate or incomplete Personal Information.
- Right of erasure: In certain circumstances, you may have the right to the erasure of Personal Information that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
- Right to Data Portability: You may have the right to receive the Personal Information concerning you in a structured, commonly used and machine-readable format that can be shared with another organization. The right of data portability also allows you the opportunity to have Simeio Solutions transmit that data to another organization directly where technically feasible.
- Right to object to processing: You may have the right to request that Simeio Solutions stop processing your Personal Information and/or to stop sending you marketing communications.
- Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the Personal Information, we hold about you is not accurate or unlawfully held).
When processing Personal Information gathered through our identity and access management products and services, where Simeio Solutions’ customers are data controllers, we shall work to assist our customers where necessary and able in responding to privacy requests and complaints from Individuals.
Updates and Changes to the Privacy Statement
Simeio Solutions will review and update this Privacy Statement periodically in response to changing legal, technical, and business developments. When we update this Privacy Statement, we will note the date of its most recent revision above. If we make material changes to this Privacy Statement, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes we make and in accordance with applicable laws and regulations. We encourage you to review this Privacy Statement frequently to be informed of how we are protecting your information.
Compliance with Law
Simeio Solutions complies with all applicable privacy laws and regulations. We may be compelled to surrender Personal Information to legal authorities if presented with a court subpoena or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction.
At Simeio Solutions, we have a team dedicated to upholding our data privacy responsibilities. If you have a privacy-related inquiry or complaint or require assistance in exercising your privacy rights, please click here. Our corporate headquarters are located at:
11720 Amber Park Dr. Suite 400 Alpharetta, GA 30009 Phone: 404-882-3700
We prefer to resolve your questions, complaints, and requests about how we handle Personal Information directly; however, if you are a European resident, you also have the right to lodge a complaint with the relevant data protection authorities. For the contact information of the Data Protection Authorities for each European Union Member State, please click here.
Information for California Residents
If you are a California resident, in addition to the privacy rights granted above you have additional rights granted to you under the California Consumer Privacy Act of 2018 (“CCPA”).
Your rights under the CCPA are to:
- Request that we disclose what Personal Information we collect, use, disclose, and sell;
- Request deletion of your Personal Information collected or maintained by us as a business; and
- Request to Restrict or Opt-out of the sale of your Personal Information in the event we sell Personal Information and unsubscribe from newsletters and other email communications.
If you decide to exercise one of the rights listed above, you have the right to not receive discriminatory treatment by Simeio Solutions in the form of:
- Denial of goods or services;
- Charging different prices;
- Providing a different quality of goods and services; and
- Suggestions that you may receive a different price or rate.
Please note Simeio Solutions’ services are highly customized which may result in different services thereby impacting pricing. The inability to receive or collect certain types of information may also impact specific service level processes. In the event this occurs, Simeio will explain and address those issues to the extent possible.
In the event your Personal Information is subject to unauthorized access, theft, or disclosure due to Simeio Solutions’ failure to implement and maintain reasonable security procedures and practices, you have the right to submit 30 days’ written notice identifying which specific provisions of the CCPA have been or are being violated. In the event a cure is possible, Simeio Solutions will provide an express written statement within 30 days that the violations have been cured and that no further violations shall occur.
If you would like to exercise your rights as described above, please click here.