Privacy Notice - FreeClimb from Vail

Last Updated March 27, 2024

Introduction

This Privacy Policy is incorporated by reference into and governed by the Company Terms of Service (“Terms”). Before you submit information through Company Services (including API Services) and websites, review this Privacy Policy carefully, as by using Company Services (or “Services”) or submitting information through Company web portals you consent to the collection, use, and disclosure of your information as provided in this notice.

Capitalized terms that are not defined in this Privacy Policy are defined in the Terms, and the Terms take precedence over any conflicting provisions in this Privacy Policy. You, the Customer, may not use any Services without agreeing to this Privacy Policy.

Why We Collect Data

We collect personal data for the following business and commercial purposes:

To provide Company Services
To send you system alert messages and maintenance notifications
To understand how you use the product and what areas need improvement
To bill you and provide you reports on your usage of the services
To calculate taxes
To authenticate account portal and API access
To comply with laws and regulations
To help us troubleshoot issues that arise
To address your questions
To provide support
To contact you about the account
To inform you about product updates, promotions, and events.
To optimize our website

What Data We Collect

In the preceding 12 months, we have (or may have) collected the following categories of personal data:

Publicly available information from government records
Deidentified or aggregated consumer information
Identifiers such as areal name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers such as signature
Internet or electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement
Geolocation data
Audio, electronic, visual, or similar information
Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences, characteristics, and personal attributes
Account data including email, account user name, account password, phone number, company name
Customer Data as defined in the Terms of Service, which may include a variety of customer-provided content, including health and medical information
Device information
Web server access log data
Credit card (credit card numbers are provided by you directly to our payment provider without being handled by Company) or payment information
Details on how you use or intend to use Company Services and business requirements
URLs that can be invoked to communicate with customer applications
The IP address sending requests to Company Services or receiving requests from Company Services
Phone numbers
Actions performed by you while using Company Services, including portal actions, API requests made, and Company Performance Command Language (PerCL) commands used
Call detail information and your end users’ telephone numbers that you pass on to us
Company product usage information

How We Collect Data

We collect personal data directly from you, automatically from your use of our products and Services, from unaffiliated parties, and by using or combining personal data to derive additional personal data about you.

Some information, such as account information, you provide us through our portal or through a request to Company Support. We also collect some information automatically, such as product usage data, which is collected via tracking technologies, such as cookies and web beacons (to help us understand how customers are using our web portal and products so we can improve your navigation experience) and via application and system logging (to track IP address, device information, operating system, browser ID, and a risk score). Some information is collected via third parties, such as a risk score based on device and browser information collected when users sign up for the service.

Some content on the website and in our communications to you may be served by third parties, including content providers, service providers, and application providers. These third parties may use cookies, alone or in conjunction with web beacons or other tracking technologies, to collect information about you when you interact with our website and other communications, such as email news alerts. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different online services.

When We Share Data

We may share your data for the following purposes.

Credit card payment information is collected by our payment processors, which may share data with us.
Device/browser information at the time of enrollment is shared with third-party risk assessment providers to protect our platform and its users from attacks, fraud, and other abuse.
Some data is shared with and received from telephony operators to the extent necessary to route and connect communications from the sender to the intended recipient. How those telephony operators handle the data is generally determined by those operators’ own policies and local regulations.
When necessary, we may share your address with telecommunications carriers from whom we’re requesting phone numbers for your use.
Some data is shared with and received from third-party fraud prevention and security service providers to protect Company customers from malicious activity.
To acquire an SMS short code on your behalf.
We may access and disclose information to law enforcement officials, including the content of communications, if: (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or government request; (ii) to enforce our agreements and policies; (iii) to protect the security or integrity of our services and products; (iv) to protect ourselves, our other customers, or the public from harm or illegal activities; or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury.
Company may share data with its affiliated companies or third-party companies that provide and support the Services.

Security Measures

We apply appropriate security controls to protect the privacy of your data both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology.

Customer Data Access, Changes, and Deletion

You can access and make changes to certain account data via the account portal. You will also be able to access call detail information collected about usage of the services.

You may request deletion of your Company account and its data. You should know that deletion of your Company account will result in you permanently losing access to your account and all Customer Data to which you previously had access through your account.

Please note that certain data associated with that account may nonetheless remain on Company’s servers. For instance, call detail records and billing information will be retained. Similarly, data associated with your account that we are required by law to maintain will not be deleted. Data may also be retained in an aggregated or anonymized form that does not specifically identify you.

To request deletion of your Company account, please contact us at the information provided below.

Vail Systems, Inc.
Attn: FreeClimb Data Privacy
570 Lake Cook Road STE 400
Deerfield, IL 60015

Cookies and Tracking Technologies

Our site uses cookies and similar technologies to keep customers logged in and to track how customers use our portal and sites. A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.

Use of these tracking technologies enables us to provide personalized information, to remember product preferences, to keep our sites running efficiently, to help you obtain information you need and to provide a secure environment for transactions. Do-not-track signals are web browser settings that request that a web application disable its tracking of an individual user. At this time, our site does not respond to do-not-track signals and similar mechanisms.

Third Party Access

Company uses certain trusted third parties to help us provide, improve, promote, and protect the services we provide. These third parties may access, process, or store your information to perform tasks only for the purposes we’ve authorized and we require them to provide at least the same level of protection for your information as described in this Privacy Policy. We may also share with third parties aggregated or anonymized data that does not directly identify you.

Company websites may contain links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by Company Services and websites.

Data Protection Rights and Choices

Laws of certain jurisdictions, including, for example, California’s CCPA (California Consumer Protection Act) and the European Union’s (EU) General Data Protection Regulation (GDPR), provide residents, visitors, users, or others who reside, or as applicable, in those jurisdictions the following rights:

Right to Know. The right to know about the personal information a business collects about them and how it is used and shared (seealso section below, titled “Right to Know”); and/or
Right of Access. The right to know exactly what information is held about them and how it is processed; and/or
Right of Correction. The right to have personal data rectified if it is inaccurate or incomplete; and/or
Right to Deletion (also known as “the right to be forgotten”). The right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue (with certain exceptions in certain jurisdictions; see also section below, titled “Right to Delete”); and/or
Right to Limit Processing. The right to block or suppress processing of their personal data; and/or
Right to Portability. The right to retain and reuse their personal data for their own purpose; and/or
Right to Object. In certain circumstances in certain jurisdictions, the right to object to their personal data being used; and/or
Rights of Automated Decision Making and Profiling. The GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention; and/or
Right to Non-Discrimination. TheCCPA has put in place safeguards to protect individuals against discrimination for exercising their CCPA rights (see also section below, titled “Right to Non-Discrimination").

To exercise any of the above rights, please contact us at the information provided below. We will consider and process your request within a reasonable period of time. Please be aware under certain circumstances the applicable jurisdiction (for example, GDPR or CCPA) may limit your exercise of these rights.

California Residents Privacy Rights

This section is our Privacy Notice for California Residents (“Notice”) and applies to visitors, users, and others who reside in the State of California (“consumers,” or “you/your”) and use our Services. This notice is provided to comply with the CCPA and any terms defined in the CCPA have the same meaning when used in this Notice.

This California Notice does not addressor apply to: our handling of personal information that is exempt under Section1798.145 of the CCPA; personal information we collect about individuals who are not California residents; or personal information we collect about individuals acting in their capacity as representatives (“B2B contacts”) of our customers, prospective customers, vendors and other businesses that we conduct business with, to the extent we use their personal information only in the context of conducting our business relationship with the respective business.

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("Personal Information"). Personal Information does not include: Publicly available information from government records; deidentified or aggregated consumer information; or information excluded from the CCPA’s scope.

Right to Know: As a California resident you may request that we disclose to you what Personal Information we have collected, used, shared, or sold about you during the 12 months before your request, and why we collected, used, shared, or sold that information. Specifically, they may request that we disclose: ‍

The categories of Personal Information we collected about you
Specific pieces of Personal Information we collected about you
The categories of sources from which we collected Personal Information about you
Our business or commercial purpose for collecting or selling that Personal Information
The categories of third parties with whom we share that Personal Information; or
If the business sold or disclosed your Personal Information for a business purpose, two separate lists disclosing: (i) sales, identifying the Personal Information categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained

Right to Delete. As California resident you may request that we delete personal information we collected from you and to tell our service providers to do the same. However, there are exceptions that allow us to keep your personal information, such as where retention of personal information is necessary to:

Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of the Company’s ongoing business relationship with you, or otherwise perform a contract between the Company and you;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
Debug to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act;
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the Company’s deletion of the information is likely to render impossible or seriously impair the achievement of such research, which we understand you consent to absent a written notice to the contrary by you;
To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the Company;
Comply with a legal obligation; or
Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Right to Non-Discrimination. As a California resident you cannot be denied goods or services, charged a different price, or provided a different level or quality of goods or services just because you exercised your rights under the CCPA. However, if you refuse to provide your personal information, or ask us to delete or stop selling your personal information, and that personal information or sale is necessary for us to provide you with goods or services, we may not be able to complete that transaction. If you ask us to delete or stop “selling” your personal information, you may not be able to continue participating in any special deals we offer in exchange for personal information.

Please note the following on personal information requests by California residents:

You may only make a personal information request twice in a 12-month period;
Company will need to collect information from you to verify your identity;
If the Company cannot verify your identity, we may deny your request and inform you that we were unable to verify your identity; and
Company will respond within 45 days of receiving a personal information request.

Additionally, Colorado (per the Colorado Privacy Act), Connecticut (per the Connecticut Data Privacy Act), Virginia (per the Virginia Consumer Data Protection Act), and Utah (per the Utah Consumer Privacy Act) each provide their state residents with rights to:

Confirm whether we process their personal information.
Access and delete certain personal information.
Data portability.
Opt-out of personal data processing for targeted advertising and sales.

Colorado, Connecticut, and Virginia also provide their state residents with rights to:

Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose
Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

Nevada further provides its residents with a limited right to opt-out of certain personal information sales.

EU - GDPR Privacy Policy

This section is our Privacy Notice for individuals in the European Economic Area (EEA). This notice is provided to comply with the GDPR and any terms defined in the GDPR have the same meaning when used in this Notice. Regarding Processing Personal Data under the GDPR, we may process Personal Data under the following conditions:

Consent: You have given your consent for processing Personal Data for one or more specific purposes
Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof
Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which we are subject
Vital interests: Processing Personal Data is necessary in order to protect your vital interests or of another natural person
Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company
Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.

You have the right under this Privacy Policy, and by law if You are within the EU, to:

Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You
Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected
Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes
Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it
Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automate information which You initially provided consent for Us to use or where We used the information to perform a contract with You
Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service

Exercising of Your Privacy Rights

You may exercise your rights of access, rectification, cancellation and opposition by contacting us at privacy@freeclimb.com with “Privacy Request – GDPR.” Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.

Under the GDPR, EU individuals have the right to complain to a Data Protection Authority about our collection and use of their Personal Data. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

To exercise the access, data portability, and deletion rights described above, as a California or other state resident, please submit a verifiable request to us by either:

emailing us at privacy@freeclimb.com with “Privacy Request” in the subject line; or
writing to us at:

Vail Systems, Inc.
Attn: FreeClimb Data Privacy
570 Lake Cook Road STE 400
Deerfield, IL 60015

Accessing and Uploading Personal Information and Opting-Out

If you would like to access, update, or modify your Personal Information or request us to delete your Personal Information, you may do so by contacting us at the contact information listed above. Further, if you would like to opt-out of receiving emails or other communications directly from us, you may do so by following any instructions included in the email or other communication or by contacting us at the contact information listed below. Opting-out from our communications or modifying, updating, or deleting your Personal Information will not result in the modification, updating, or deletion of any Personal Information that may reside in back-up or disaster-recovery storage.

Do Not Track Signals

Certain web browsers and other devices you may use to access the website may permit you to indicate your preference that you do not wish to be “tracked” online. Our website may not respond to "Do Not Track" signals at this time.

Children’s Data

We do not knowingly collect any personal information directly from children under the age of 13. If we discover we have received any information from a child under the age of 13, we will take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about a child under the age of 13, please contact us at compliance@freeclimb.com.

Links

Our website may contain links to third-party websites, including links that enable you to share the contents of our website through various social media platforms. If you click on one of those links, you will be taken to websites we do not control and to which this Privacy Policy does not apply. We are not responsible for such third-party websites, and encourage you to carefully read the privacy policies and statements of those websites

Business Transfers

In the event of any sale, merger, reorganization, restructuring, dissolution or similar event involving our business or assets, personal data may be part of the transferred assets.

Dispute Resolution

If you have any complaints regarding our compliance with this privacy policy, you should first contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this privacy policy. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please see our Terms & Conditions for further information.

Notifications About Changes to this Privacy Policy

We may update this Privacy Policy as necessary to reflect changes we make and to satisfy legal requirements.

If we decide to make changes to our privacy policy, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We will use information in accordance with the privacy policy under which the information was collected.

If, however, we are going to use users’ personally identifiable information in a manner different from that stated at the time of collection we will notify users via email. However, if users have opted out of all communication with the site, or deleted/deactivated their account, then they will not be contacted.

In addition, if we make any material changes in our privacy practices that do not affect user information already stored in our database, we will post a prominent notice on our website notifying users of the change. In some cases where we post a notice we will also email users, who have opted to receive communications from us, notifying them of the changes in our privacy practices.

Contact Us

If you have questions or concerns regarding this statement, you may send an email to privacy@freeclimb.com with “Privacy Policy Inquiry” in the subject line. Or, if you prefer, please write to us at:

Vail Systems, Inc.
Attn: FreeClimb Data Privacy
570 Lake Cook Road STE 400
Deerfield, IL 60015