Effective: October 22, 2024

CivilGrid, Inc. (“CivilGrid,” “us,” “we” or “our”) is a business-to-business and business-to-government Geographic Information System (“GIS”) platform vendor. We have created this privacy policy (“Policy”) to tell individuals about our privacy practices. This Policy describes how we collect, use, disclose, transfer, store, retain or otherwise process personal information, to the extent that occurs in the course of performing our GIS services including our web GIS Application and the administration of the civilgrid.com website and its sub-domains (the “Website”) (collectively, our “Services”).

When we refer to “you” or “your,” we mean the person about whom we collect personal information or data. If the person accessing the GIS Application or Website does so on behalf of, or for the purposes of, another person, including a business or other organization, “you” or “your” also means that other person, including a business organization, if applicable.

We provide our Services to governments and businesses and not to individual consumers. Our clients provide their own GIS Data and annotations, and we also obtain GIS Data from various public and publicly available sources. These are viewed and analyzed on our GIS Application. “GIS Data” means information linked to geographic references, such as geology, environment, and infrastructure at given points. The GIS data that we source ourselves does not include any information identified with an individual, family, or household. We do not perform any primary collection of GIS data.

In the course of providing our Services, we may incidentally collect personal information of individuals, as will be described in this Policy. This may include personal information that we collect about you when use our GIS Application or Website, your business contact information if we provide our Services to a company that you work with, or if you are a sole proprietorship and you engage with our Services.

Please read this Policy carefully. Our Policy includes:

1.        General Disclosures

2.        What Information We Collect From You And For What Purposes

3.        Your Information That We Receive From External Sources

4.        When And With Whom Do We Disclose Your Information

5.        Personal Information Relating To Children

6.        How Long We Retain Your Information

7.        Marketing And Promotional Communications

8.        Links To Other Sites

9.        Security

10.        California Residents

11.        Changes To This Privacy Policy

12. Cookies, Pixels, and Similar Technologies

13.        Contact Us

1.        GENERAL DISCLOSURES

Our data centers (including those holding GIS Data), our GIS Application, and our Website are hosted in the United States. If you use out GIS Application or Website from outside of the United States, please note that by providing us your information it is being stored or processed in the United States where our data center and servers are located and operated. If you are outside the United States and do not wish to allow the collection and storage of your personal information within the United States, you should not use our GIS Application or Website. We also provide a cookie banner/disclosure to help you control the collection of personal information.

This Policy applies only to CivilGrid’s GIS Application, Website and Services, and not to other companies’ or organizations’ websites, mobile applications and services to which we link. It does not apply to the collection practices of data by organizations which provide us with GIS Data. Such practices are described in those organizations’ privacy policies.

We are not responsible for the privacy practices of other businesses or the content of other websites, including any websites that may indicate (or claim) a special relationship or partnership with us (such as co-branded pages or “in cooperation with” relationships). To ensure protection of your privacy, always review the privacy policy of the companies with whom you engage.

2.        WHAT INFORMATION WE COLLECT AND FOR WHAT PURPOSES

In the course of performing our Services, we collect a variety of different kinds of personal information from a variety of different individuals. What information we collect and the purposes for which it is collected will depend on the context of our activities or the Service that is being performed. Therefore, just because this Policy lists a particular data collection practice does not mean that we have necessarily collected that data from you. Instead, please review the applicable disclosures below to learn about how we may have collected personal information from you depending on how you have interacted with us.

In the course of providing these Services, we will directly interact with you to collect personal information, but we may also collect personal information about you from other sources. For a description of the categories of sources from which we collect personal information, please see the section titled Your Information That We Receive From External Sources.

When You Use Our GIS Application or Website

When you use our GIS Application or Website, we may collect the below personal information from you for the specified purposes. Please note that with the exception of Contact Information, we do not have the capability to, or attempt to, associate the data with you by name (see Deidentified and Aggregated Information, below). Disclosures supporting our business (service providers) are also discussed in Disclosures of Personal Information to Others.

Further, we may collect personal information from you in the form of cookies. For information regarding how we collect, process and disclose personal information in the context of cookies, please see our Cookies Banner and the section of this policy addressing Cookies, Pixels, and Similar Technologies.

Sensitive Personal Information

We do not use our GIS Application or Website to collect personal information from you that is considered “sensitive” under applicable privacy laws.

Deidentified and Aggregated Information

We may process your personal information into aggregated, anonymized or de-identified form for any purpose. Aggregated, anonymized or de-identified information is information that can no longer reasonably identify a specific individual and is no longer “personal information.” We will only maintain and use this type of information in deidentified form and we will not attempt to reidentify this information, except for the purposes of validating our deidentification process

3.        YOUR INFORMATION THAT WE RECEIVE FROM EXTERNAL SOURCES

When possible, we collect personal information directly from you. However, in the course of providing our Services or administering our GIS Application or Website, we may collect personal information about you from another source. For example, if you access our Website through an external platform or click on external links, we may receive some information about you from that referring website. We also may collect information from social media platforms that may share information about how you interact with our social media content. The collection, use, and disclosure of your information and your use of those sites will also be subject to the privacy policies and other terms of such external parties and platforms. We have no control over the information collection and processing practices of such external parties and you should review such privacy policies or terms of the websites or parties to which you give your information.

4.        WHEN AND WITH WHOM DO WE DISCLOSE YOUR INFORMATION

Sale of Personal Information

We currently do not sell, and have not sold, personal information in the past 12 months.

Disclosure of Personal Information to Others

In the course of our business we may disclose your personal information to others. We will only disclose your information with the following service providers or other external entities under the circumstances described below and solely to the extent that it is necessary to accomplish the goal and purpose of the disclosure. Therefore, we may disclose your personal information:

• To our organizational service providers.  We may utilize a variety of service providers to facilitate our performance of the Services. These service providers include our: data analytics providers, payment processors, background check providers, e-mail messaging vendor, translation service providers, online presentation or webinar providers, press release vendor, and our online survey tool providers.

• To our database hosting vendors.  Like many organizations, we utilize cloud databases to host our data, including your personal information, so that we can effectively and safely operate the our GIS Application and Website and perform our Services.

• To our auditors.  We may be subject to audits from a number of entities as well as due to our own internal auditing policies. In order to accomplish an effective audit, we must provide information, which may include your personal information, to external auditors. We always ensure that your information is safely disclosed and stored and that auditors can only use your information for the purposes of completing an audit.

• To individuals or entities you authorize.  We may disclose your personal information to individuals or entities at your direction.

• Our affiliates.  We may share your personal information with our affiliates for the purposes of administering our business and providing our Services.

• In corporate transactions.  We may share all or part of your personal information with other entities in connection with the sale, assignment, merger or other transfer of all or a portion of our organization or assets to such entities (including due to a sale in connection with a bankruptcy). We will require any such purchaser, assignee or other successor organization to honor the terms of this Policy.

• For legal purposes.  We may disclose all or part of your personal information to courts, litigants, regulators, arbitrators, administrative bodies or law enforcement when we have reason to believe that disclosing this information is necessary to resolve actual or suspected claims. We may also disclose your personal information in order to identify, contact or bring legal action against someone who may be violating any agreement with us, or may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of our GIS Application or Website, or anyone else that could be harmed by such activities. We may disclose information in response to a subpoena, search warrant, in connection with judicial proceedings, or pursuant to court orders, legal process or other law enforcement measures. We may disclose or access personal information when we believe in good faith that the law requires it, to establish our legal rights or to defend against legal claims.

5.        PERSONAL INFORMATION RELATING TO CHILDREN

The Children’s Online Privacy and Protection Act (COPPA) regulates online collection of information from persons under the age of 13. It is our policy to refrain from knowingly collecting or maintaining personal information relating to any person under the age of 18. If you are under the age of 18, please do not supply any personal information through our GIS Application or Website. If you are under the age of 18 and have already provided personal information through our GIS Application or Website, please have your parent or guardian contact us immediately using the information provided under Contact Us so that we can remove such information from our files. Please delete all CivilGrid related cookies and restrict further collection of cookies using the methods outlined in the section Cookies, Pixels, and Similar Technologies.

6.        HOW LONG WE RETAIN YOUR INFORMATION

We may retain your personal information for a period of time that is consistent for us to perform our Services, as well as to comply with applicable law, applicable statute of limitations and our data retention practices. We may also retain your personal information as we believe is reasonably necessary to comply with legal process or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems, to assist with investigations, to enforce other applicable agreements or policies or to take any other actions consistent with applicable law.

7.        MARKETING AND PROMOTIONAL COMMUNICATIONS

You may opt-out of receiving marketing and promotional messages from us, if those messages are powered by us, by following the instructions in those messages. If you decide to opt-out, you will still receive non-promotional communications that are necessary in the performance of our Services.

As described in more detail in Section 12, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or online profiles. We (or service providers on our behalf) may then send communications and marketing to these emails or profiles. You may opt out of receiving this advertising, even if you have not received an email yet, by visiting https://app.retention.com/optout.

8.        LINKS TO OTHER SITES

Our Website may have links to other websites. Once you link to another site, you are subject to the privacy policy of the new site and its operator. We encourage you to carefully review the privacy policy of each entity to which you provide information.

9.        SECURITY

We take reasonable measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We hold information about you at our own premises and with the assistance of service providers. Further public disclosure here of our security measures could aid those who might attempt to circumvent those security measures. If you have additional questions regarding security, please contact us directly using the information provided under Contact Us.

10.        CALIFORNIA RESIDENTS

The California Consumer Privacy Act (“CCPA”) provides the residents of California with the right to request the data rights as described in this section. For more information, or if you have questions, you can contact us using the information provided under Contact Us.

Once we receive your request to exercise a right, we will confirm receipt and begin to evaluate, and if appropriate, process the request. We may require that you provide additional information to confirm your identity, including providing us with at least two or more pieces of personal information to match against personal information that we currently maintain about you. We reserve the right to reject your request if we are unable to verify your identity to a sufficiently high level of certainty. The information you provide to verify your identity will only be used for verification purposes, and a record of your request, including certain information contained within it, will be maintained by CivilGrid for our files.

If we reject a request for any reason, we will inform you of the basis of the rejection.

Right to Know:  California residents have the right to know what personal information CivilGrid has collected about them, including the categories of personal information, the categories of sources from which the personal information is collected in the past 12 months, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom CivilGrid discloses personal information, and the specific pieces of personal information CivilGrid has collected about them.

The categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for which we collect personal information and the categories of third parties to whom we disclose personal information are found in the general Policy under the appropriate sections:

• What Information We Collect From You And For What Purposes

• Your Information That We Receive From External Sources

• When And With Whom Do We Disclose Your Information

California residents have a right to know if we are “selling” or “sharing” their personal information, what categories of personal information are “sold” or “shared,” and to whom. We do not “sell” or “share” the personal information of California residents, including of those under the age of sixteen, as those terms are defined by California law:

• “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business a third party for monetary or other valuable consideration.

• “Share,” “shared,” or “sharing,” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.

The business or commercial purpose for which we “sell” or “share” personal information is: marketing.

If you are a California resident and would like to request to know the specific pieces of personal information that CivilGrid collected, used and disclosed about you in the past 12 months, please contact us using the information provided under Contact Us. You may further request to know the specific pieces of personal information collected by CivilGrid beyond 12 months into the past, but note that this additional time frame only applies to personal information collected by CivilGrid after January 1, 2022, and CivilGrid may have deleted your personal information in accordance with our data retention policy.

To verify any request to know specific pieces of personal information, you may be required to provide identity verification information. Failure to do so could result in CivilGrid’s inability to comply with your request.

Right to Delete:  California residents have the right to request the deletion of their personal information maintained by CivilGrid.

California residents have the right to request that CivilGrid delete the personal information that we maintain about them. We will make every effort to comply with California residents’ requests to delete their personal information, however, certain laws or other legal requirements might prevent some personal information from being deleted. If you are a California resident and would like to request the deletion of your personal information, please contact us using the information provided under Contact Us. To verify any request to delete personal information, you may be required to provide identity verification information. Failure to do so could result in CivilGrid’s inability to comply with your request.

Right to Correct:  California residents have the right to request that a business correct inaccurate personal information about them.

California residents have the right to request that a business correct inaccurate personal information maintained by the business about them. If you are a California resident and would like to request the correction of your inaccurate personal information, please contact us using the information provided under Contact Us. To verify any request to correct, you may be required to provide identity verification information. Failure to do so could result in CivilGrid’s inability to comply with your request.

You may be required to provide documentation to support your assertion that your personal information as maintained by CivilGrid is incorrect. If you fail to provide this documentation, your request may be rejected. We reserve the right to delete your inaccurate personal information instead of correcting it, if permitted by the CCPA.

Right to Non-Discrimination:  California residents have the right to not be discriminated against due to the exercise of their privacy rights under the CCPA.

California residents have the right to be free from discriminatory treatment by CivilGrid for the exercise of their privacy rights. However, the exercise of certain privacy rights by California residents may make it so that we are no longer able to provide those residents with certain services or communications. For example, if, at the request of a California resident, CivilGrid deletes all of the California resident’s personal information that it maintains, CivilGrid will no longer be able to send communications to that resident.

Right to Opt-Out: California residents have the right to opt-out of the “sale” or “sharing” of their personal information.

California residents can request that a business stop “selling” or “sharing” their personal information. To opt out of the sale or sharing of personal information, please contact us by using the information provided in the Contact Us section.

Right to Limit Use and Disclosure of Sensitive Personal Information:  California residents have the right to direct a business to limit its use and disclosure of their “sensitive” personal information.

California residents can request that a business limit its use or disclosure of their “sensitive” personal information to that use or disclosure which is necessary to perform the services or provide the goods reasonably expected by an average consumer, or to those uses or disclosures otherwise authorized by California law in CCPA regulation § 7027(m). However, we do not collect or disclose your “sensitive” personal information, as defined under California law.

Right to Make Requests Through an Authorized Agent: California residents can designate an authorized agent to make a request under the CCPA on their behalf.

California residents can designate an authorized agent to make requests under the CCPA on their behalf relating to the residents’ personal information. Only you as a California resident, or a person you have designated in writing as your authorized agent, may make a consumer request related to your personal information.

If you wish to have an authorized agent make a verifiable consumer request on your behalf, they will need to provide us with sufficient written proof that you have designated them as your authorized agent, such as a power of attorney pursuant to California Probate Code sections 4000 to 4465. We will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we have collected personal information.

We can deny any request made by a purported authorized agent who does not submit proof that they has been authorized by the California resident to act on the California resident’s behalf. For more information on submitting a request on behalf of a California resident as an authorized agent, you can contact us using the information provided under Contact Us.

Do Not Track (“DNT”): DNT is an optional browser setting that allows you to express your preferences regarding tracking across websites. Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, so we do not take any action in response to this signal. We do not have a mechanism in place to respond to DNT signals. Instead, in addition to publicly available third-party tools, we offer you the choices described in this Privacy Policy to manage the collection and use of information about you.

CCPA Consumer Request Metrics:

CivilGrid does not meet the thresholds for CCPA consumer metrics.

11.        CHANGES TO THIS PRIVACY POLICY

We may amend this Policy at any time by posting revisions linked to our GIS Application or Website. If we make any material changes in the way we collect or process your personal information, we will notify you by prominently posting notice of the changes on our Website.

12.        COOKIES, PIXELS, AND SIMILAR TECHNOLOGIES

Like many application providers and website publishers, CivilGrid and its analytics vendors use server logs and automated data collection tools, such as browser cookies, pixel tags, scripts and web beacons. These tools are used for analytics purposes to enable us to understand how users interact with the Website and for advertising our services and organization on the Internet. As noted above, you directly opt out of our website-visit-to-email campaigns by visiting https://app.retention.com/optout.

We provide a Cookie Banner that allows you to understand these cookies and other functionality as well as control them. You can adjust the settings in your browser in order to restrict or block cookies that are set by the Website (or any other website on the Internet). Your browser may include information on how to adjust your settings. Alternatively, you may visit the U.S. Federal Trade Commission’s website www.consumer.ftc.gov to obtain comprehensive general information about cookies and how to adjust the cookie settings on various browsers.

You can control and delete these cookies through your browser settings through the following:

• Google Chrome

• Mozilla Firefox

• Safari

• Opera

• Microsoft Internet Explorer

• Microsoft Edge

• Safari for iOS (iPhone and iPad)

• Chrome for Android

Please note that some cookies are necessary for the proper functioning of our Website and our GIS Application. For example, refusing cookies will not allow us to remember your login information. Additional general information about cookies, including how to be notified about the placement of new cookies and how to disable cookies, can be found at www.allaboutcookies.org.

You can also visit the U.S. Federal Trade Commission’s website www.consumer.ftc.gov to obtain comprehensive general information about cookies and how to adjust the cookie settings on various browsers.

You can opt out of the advertising-related tracking of your online activities by:

• Visiting the Network Advertising Initiative (NAI) website opt-out page: http://www.networkadvertising.org/choices.

• Visiting the Digital Advertising Alliance (DAA) opt-out page: http://www.aboutads.info/; and

• Downloading and installing the Google Analytics browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout.

• To opt out of sponsored messaging on LinkedIn, visit https://www.linkedin.com/help/linkedin/answer/a570330/opt-out-of-sponsored-messaging

13.        CONTACT US

To submit questions or to inquire about or submit a request relating to data rights, you can contact us by:

• Calling us at 415-942-1303

• E-mailing us directly at privacy@civilgrid.com