At Fusion, your trust is our top priority. This Privacy Notice describes how Fusion collects, uses, shares or otherwise processes information relating to individuals (“Personal Data”) and the rights associated with that processing.
1. Responsible Fusion entity and Relationships
1.1 Responsible Fusion Entity
Fusion Risk Management, Inc. and/or its affiliated entity, Fusion Risk Management UK, Ltd. are responsible for the processing of your Personal Data as described in this Privacy Notice, unless specified otherwise, and act as the controller of such Personal Data. A reference to “Fusion,” “we,” “us” or the “Company” is a reference to Fusion Risk Management, Inc. and Fusion Risk Management UK, Ltd.
This Privacy Notice does not apply to the extent we process Personal Data in the role of a processor or service provider on behalf of our customers, including where we offer to our customers various products and services through which our customers (or their affiliates): (i) create their own risk and resilience management program(s) on our Software as a Service (“SaaS”) application; (ii) sell or offer their own products and services; (iii) send electronic communications to others; or (iv) otherwise collect, use, share or process Personal Data via our products and services.
For detailed privacy information related to a Fusion customer or a customer affiliate who uses Fusion products and services as the controller, please contact our customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those explained in this Privacy Notice. For more information, please also see Section 10.3 below.
1.2 Relationship to Salesforce.com
Fusion is an application for risk and resilience management, built on the most connected platform on the planet, Salesforce.com, Inc. and its subsidiaries. (“Salesforce”) hosts the SaaS application that we sell to our third-party customers, as well as some of the systems we use internally to store and process information we receive from website visitors and individuals with whom we interact through email, other messaging systems, or telephone. This means that information submitted to our services, and some other information Fusion receives from you, is stored and maintained in accordance with Salesforce’s Privacy Notice, which can be viewed here. Our Privacy Notice is solely our own and does not reflect or imply any other relationship with or by Salesforce.
1.3 Relationship to Vista Equity Partners
Fusion is a portfolio company of Vista Equity Partners (“Vista”). Accordingly, Fusion may share your information with Vista, and Vista may process such data based on its legitimate interests based on its relationship with Fusion.
1.4 Relationship to Other Websites
Please note that this Privacy Notice only applies to this website and activities expressly outlined herein. When using this website, you may find links to third-party websites, apps, services, or tools that enable you to share information with them to enhance your relationship with Fusion. Fusion is not responsible for the privacy practices of third-party applications, services, sites, or tools, and we strongly recommend that you review such parties’ privacy policies prior to using them.
2. Processing activities covered
This Privacy Notice applies to the processing of Personal Data collected by us when you:
- Visit our websites that display or link to this Privacy Notice
- Visit our branded social media pages
- Visit our offices
- Receive communications from us or otherwise communicate with us, including but not limited to emails, phone calls in connection with our services
- Register for, attend or take part in our events, webinars, programs, or trainings
- Act as or work for a service provider or supplier to Fusion, to the extent Fusion acts as a controller with respect to your Personal Data
- Participate in Fusion community exchanges (Fusion Engage Program)
- Participate in surveys, research or other similar data collection facilitated by us.
Our websites and services may contain links to other websites, applications, platforms and services maintained by third parties. The information practices of these third parties, including the social media platforms that host our branded social media pages, are governed by their privacy statements, which you should review to better understand their privacy practices.
In some circumstances, we also collect, or our partners provide us with, publicly available information which may contain Personal Data that you have published or that has been made available online. The way in which our partners collect this is detailed in their own privacy policies, available on their websites.
3. What Personal Data do we collect?
3.1 Personal Data we collect directly from you
The Personal Data we collect directly from you may include identifiers, professional or employment-related information, commercial information, visual information, and internet activity information, among others. We may collect such information in the following situations:
| Situations | Categories of Personal Data |
|---|---|
| If you express an interest in obtaining additional information about our services; request customer support; use our “Contact Us” or similar features; register to use our websites or to receive communications; sign up for an event, webinar; participate in a program, training, survey; use our products and services; download certain content; or are employed by a customer of our products and services where your information has been shared with us | Contact information, such as your name, job title, company name, phone number, email address, other information you have voluntarily chosen to share |
| If you attend an event | Attendee badge information which may include name, title, company name, address, country, phone number and email address, image and video |
| If you register with us for a variety of purposes, including joining a community that we host or participating in a program, or training | Username, photo, video or other biographical information, such as your occupation, location, social media profiles, company name, areas of expertise and interests |
| If you interact with our websites or emails | Information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers), which may qualify as Personal Data (please see Section 4 below) using cookies, web beacons, or similar technologies |
| If you use and interact with our products and services | If you use and interact with our products and services |
| If you communicate with us via a phone call | Any personally identifiable information you provide to us telephonically which may include Personal Data, to the extent you voluntarily choose to provide it |
| If you visit our offices | Name, email address, phone number, company name, time and date of arrival, image or video During the Covid-19 pandemic, this may also include an attestation related to your health status |
| If you voluntarily submit certain information to us, such as filling out a survey, responding to a questionnaire or participating in other forms of research | Information you have provided as part of that request, which may include Personal Data , to the extent you voluntarily choose to provide it |
| If you are a supplier or service provider to Fusion (or work for a supplier or service provider) | Contact information, payment and billing information |
3.2 Personal Data we collect from other sources
We also collect information about you from other sources including partners from whom we collect or purchase Personal Data or who provide us with publicly available information which may contain Personal Data. We may combine this information with Personal Data provided by you.
Provision of the services:
The Personal Data we collect to provide our products and services may include information you have made publicly available online (such as when using social media sites) or that is published by third parties and contains information about you (such as news articles). For a select number of services, we collect this Personal Data from partners who may receive this data when you visit or use their services or through the third parties they work with. We analyze this information to enable our customers to assess the success of their brands.
Advertising:
The Personal Data we collect from other sources for the purposes of tailored advertising includes identifiers, professional or employment-related information, education information, commercial information, visual information, internet activity information, and inferences about preferences and behaviors. We, collect this from third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs and custom profiles for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information. This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you.
Additional sources: In addition to the aforementioned, we collect Personal Data from the following sources:
Another individual at your organization who may provide us with your personal information, which may include Personal Data, to the extent you consent to providing it and sharing it.
4. What Usage Data do we process?
We use common information-gathering tools, such as tools for collecting data, cookies, web beacons, pixels, and similar technologies to collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you.
4.1 Device and Usage Data
As is true of most websites, we gather certain information when individual users visit our websites. This information may include (i) identifiers, such as user ID, organization ID, username, email address and user type; (ii) commercial information; and (iii) internet activity information such as IP address (or proxy server information), device and application information, identification numbers, location, browser type, Internet service provider or mobile carrier, user interactions such as the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system type and version, system configuration information, date and time stamps associated with your usage and details of which of our products and product versions you are using. This information is used for the purposes set out in section 5 of this Privacy Notice below.
In addition, we gather certain information automatically as part of your use of our products and services (“Usage Data”). This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system type and version, system configuration information, date and time stamps associated with your usage and details of which of our products and product versions you are using. This information is used for the purposes set out in detail in section 5 of this Privacy Notice below. In addition, we may use aggregate and deidentified Usage Data for other internal business purposes, such as to identify additional customer opportunities and to ensure that we are meeting the demands of our customers and their users. Please note that this Usage Data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.
4.2 Cookies, web beacons, and other tracking technologies on our website and in email communications
We use technologies such as web beacons, pixels, tags, JavaScript, and Google Analytics alone or in conjunction with cookies, to gather information about the use of our websites and how people interact with our emails.
When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.
We use both session-based and persistent cookies on our websites. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off. To change your cookie settings and preferences for one of our websites, click the Cookie Preferences gear icon located on the left-hand side of the page. You can also control the use of cookies on your device, but choosing to disable cookies on your device may limit your ability to use some features on our websites and services.
We also use web beacons and pixels on our websites and in emails. For example, we may place a pixel in a marketing email that notifies us when you click on a link in the email. We use these technologies to operate and improve our websites and marketing emails.
The following describes how we use different categories of cookies:
| Cookie | Domain | Type | Description | Duration |
|---|---|---|---|---|
| moove_gdpr_popup | .fusionrm.com | Marketing | When this Cookie is enabled, these Cookies are used to save your Cookie Setting Preferences. | Session |
| sliguid | .fusionrm.com | Analytics | Salesloft cookie for use in live website tracking to help identify and qualify leads. | 5 years |
| Slirequested | .fusionrm.com | Analytics | Salesloft cookie for use in live website tracking to help identify and qualify leads. | 5 years |
| fpestid | .fusionrm.com | Third-Party | Fpestid is a ShareThis cookie ID set in the domain of the website operator. | 1 year |
| _fbp | .fusionrm.com | Marketing | This cookie is set by Facebook to deliver advertisements when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website. | 3 months |
| _biz_sid | .fusionrm.com | Marketing | This cookie is related to our use of the marketing attribution service Bizible. We use these first-party cookies to create profiles for users of the Website and to track their activity across the Website. This allows us to better understand which marketing content is connecting with our customers. This particular cookie sets the session id. | 30 minutes |
| _biz_uid | .fusionrm.com | Marketing | This cookie is related to our use of the marketing attribution service Bizible. We use these first-party cookies to create profiles for users of the Website and to track their activity across the Website. This allows us to better understand which marketing content is connecting with our customers. This particular cookie sets the user id on the current domain. | 1 year |
| _biz_nA | .fusionrm.com | Marketing | This cookie is related to our use of the marketing attribution service Bizible. We use these first-party cookies to create profiles for users of the Website and to track their activity across the Website. This allows us to better understand which marketing content is connecting with our customers. This particular cookie sets the user id on the current domain. Sequence number that Marketo Measure includes for all requests, for internal diagnostics purpose | 1 year |
| _biz_flagsA | .fusionrm.com | Marketing | This cookie is related to our use of the marketing attribution service Bizible. We use these first-party cookies to create profiles for users of the Website and to track their activity across the Website. This allows us to better understand which marketing content is connecting with our customers. This is a single cookie that stores multiple information, such as whether or not the user has submitted a form, performed a crossdomain migration, sent a viewthrough pixel, opted out from tracking, etc. | 1 year |
| _biz_pendingA | .fusionrm.com | Marketing | This cookie is related to our use of the marketing attribution service Bizible. We use these first-party cookies to create profiles for users of the Website and to track their activity across the Website. This allows us to better understand which marketing content is connecting with our customers. This particular cookie sets the user id on the current domain. Temporarily stores analytics data that has not been successfully sent yet. | 1 year |
| _ga_XXXXXX | .fusionrm.com | Analytics/Marketing | The unique ID used for the Google Analytics service to enable us to anonymously track your use of the Website and measure the Website’s performance. Google’s privacy policy is available at: http://www.google.com/intl/en/policies/privacy/. You can find out how to opt out of being tracked by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout. | 1 year |
| _ga | .fusionrm.com | Analytics/Marketing | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookie stores information anonymously and assign a randomly generated number to identify unique visitors. | 2 years |
| _gid | .fusionrm.com | Analytics/Marketing | This cookie is installed by Google Analytics. The cookie is used to store information on how visitors use a website and helps in creating an analytics report of how the website is doing. The data is anonymous and includes the number visitors, the source where they have come from, and the pages visited. | 1 day |
| _gat_UA-*-* | .fusionrm.com | Analytics/Marketing | This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites. | 1 day |
| _uetsid | .fusionrm.com | Marketing | This is a cookie utilized by Microsoft Ads. Used to track visitors on multiple websites, in order to present relevant advertisements based on the visitor’s preferences. | 1 day |
| _uetvid | .fusionrm.com | Marketing | This is a cookie utilized by Microsoft Ads. Used to track visitors on multiple websites, in order to present relevant advertisements based on the visitor’s preferences. | 13 months |
| slireg | .fusionrm.com | Analytics | Salesloft cookie for use in live website tracking to help identify and qualify leads. | 1 week |
| _clck | .fusionrm.com | Analytics | Used by Microsoft Clarity. The cookie is set by embedded Microsoft Clarity scripts. The purpose of this cookie is for heatmap and session recording. | 1 year |
| _CEFT | .fusionrm.com | Marketing | Stores page variants assigned to visitors for A/B performance testing. | 1 year |
| _clsk | .fusionrm.com | Analytics | Connects multiple page views by a user into a single Clarity session recording. | |
| cebsp | .fusionrm.com | Analytics | Tracks the individual sessions on the website, allowing the website to compile statistical data from multiple visits. This data can also be used to create leads for marketing purposes. | Session |
| cebs | .fusionrm.com | Analytics | This cookie is set by CrazyEgg and is used to determine when the visitor last visited the different subpages on the website. | Session |
| _ce.s | .fusionrm.com | Analytics | This cookie is set by CrazyEgg and records anonymous usage activity on the site to help define common user patterns to improve functionality and content development in the future. | 5 years |
| insent-user-id | .fusionrm.com | Marketing | Used by Zoom Info, allows live chat and is used to identify and initiate conversations with users, when they are onsite. | 2 years |
| 6senseWebTag | .fusionrm.com | Marketing | This cookie is used by 6sense to identify accounts that show buying intent on our website. | 1 year |
We use the services of Google Analytics, a web analytics service provided by Google, Inc. (“Google”). This analytical tool uses cookies and other similar technologies to help analyze how visitors use our website. For more information about the collection and use of data through Google Analytics, please refer to www.google.com/policies/privacy/partners. Google offers the ability to opt-out from tracking through Google Analytics cookies. Go here for more information. Google has developed the Google Analytics Opt-out Browser Add-on to provide website visitors with more choice on how their data is collected by Google Analytics. The addon communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services.
See Section 4.3, below, to learn more about these and other advertising networks and your ability to opt out of collection by certain third parties.
4.3 Notices on behavioral advertising and opt-out for website visitors
As described above, we or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks, please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here.
To manage the use of targeting and advertising cookies on this website, click the Cookie Preferences link in the footer of the page or consult your individual browser settings for cookies. To learn how to manage privacy and storage settings for Flash cookies, click here. Various browsers may also offer their own management tools for removing HTML5 local storage.
4.4 Opt-Out from the setting of cookies on your individual browser
In addition to the Cookie Preferences setting, in many cases you may opt-out from the collection of non-essential device data on your web browser (see Section 4.1 above) by managing your cookies at the browser or device level. In addition, if you wish to opt-out of interest-based advertising, please contact us by the same medium in which you received such interest-based advertising.
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard adopted by industry groups, technology companies, or regulators. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites. Fusion takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
Further information about managing cookies can be found in your browser’s help file or through sites such as www.allaboutcookies.org or www.cookiecentral.com.
4.5 Social Media Features
Our websites may use social media features, such as the “Tweet” button and other sharing widgets (“Social Media Features”). Social Media Features may allow you to post information about your activities on our website to outside platforms and social networks. Social Media Features may also allow you to like or highlight information we have posted on our website or our branded social media pages. Social Media Features are either hosted by each respective platform or hosted directly on our website. To the extent the Social Media Features are hosted by the platforms themselves, and you click through to these from our websites, the platform may receive information showing that you have visited our websites. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile.
Your interactions with Social Media Features are governed by the privacy policies of the companies providing them.
4.6 Telephony log information
If you use certain features of our services on a mobile device, we may also collect telephony log information (like phone numbers, time and date of calls, duration of calls, SMS routing information and types of calls), device event information (such as crashes, system activity, hardware settings, browser language), and location information (through IP address, GPS, and other sensors that may, for example, provide us with information on nearby devices, Wi-Fi access points and cell towers).
5. Purposes for which we process Personal Data and the legal bases on which we rely
We collect and process your Personal Data (including, where legally permissible, special categories of Personal Data) for the following purposes and relying on the following legal bases:
| Purpose | Description | Legal basis |
|---|---|---|
| Websites and social media branded pages | ||
| Providing our websites (including our social media pages) | We process your Personal Data to operate and administer our websites and to provide you with the content you access and request | Our legitimate interest in providing online content to our customers and prospective customers regarding our service offering and related information |
| Improving our websites | We process your Personal Data to analyze overall trends and help us improve the user experience on our websites | Our legitimate interest in providing a relevant and well-functioning website for the benefit of our website visitors |
| Promoting the security of our websites | We process your Personal Data by tracking use of our websites and verifying and investigating activity | Our legitimate interest in promoting the safety and security of our websites and in protecting our rights and the rights of others |
| Displaying personalized advertisements and content | We process your Personal Data to conduct market research, advertise to you, provide personalized information about us on and off our websites and to provide other personalized content based upon your activities and interests | Our legitimate interest in advertising our products and services or, where necessary, to the extent you have provided your prior consent Please see Section 10 below, to learn how you can control the processing of your Personal Data by Fusion for personalized advertising purposes |
| Office visitors and events | ||
| Registering visitors | We process your Personal Data, including registration information and associated non-disclosure information, for security reasons | Our legitimate interest in protecting our offices, staff, visitors and our confidential information against unauthorized access |
| Managing event registrations and attendance | We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you | Performance of a contract or where we receive your consent |
| Ensuring the health and safety of our visitors and employees | We process your Personal Data (which may include special categories of Personal Data) (where legally permitted) during office visits and at events during the COVID-19 pandemic to ensure the health and safety of our visitors and employees | Consent and explicit consent or in our legitimate interest to ensure the health of our employees and visitors where necessary for reasons of public interest in the area of public health |
| Communications | ||
| Sending communications | We process your Personal Data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS or push notifications, information about our products, news or events) about us, our affiliates and partners | Our legitimate interest in conducting direct marketing or where you have provided your prior consent (please see Section 10 below to learn how you can control the processing of your Personal Data by Fusion for marketing purposes) |
| Recording phone calls | We process your Personal Data, including recording phone calls (in accordance with applicable laws) for training, quality assurance, and administration purposes If required under applicable law, we will not record a call without your consent | Consent or our legitimate interest in maintaining the high quality of our phone calls with users |
| Handling contact and user support requests | We process your Personal Data, if you fill out a “Contact Me” web form or request user support, or if you contact us by other means including but not limited to via phone | Necessary for the performance of a contract or our legitimate interest in fulfilling your requests and communicating with you |
| Fusion products and services | ||
| Provision of services | We process your Personal Data to perform our contract with you for the provision of our services and to satisfy our obligations under the applicable terms of use | Necessary for the performance of a contract or our legitimate interest to provide and administer our services |
| Optimizing the performance of the services | We process your Personal Data to optimize or improve the performance of the services | Legitimate interest to ensure that the service is performing in line with customer expectations; if special categories of Personal Data are processed, where the Personal Data is manifestly made public by the data subject |
| Billing and account management | We process your Personal Data (including Usage Data) to bill for our services and manage customer accounts generally | Necessary for the performance of a contract or our legitimate interest in the management of customer accounts |
| Usage and licensing compliance | We process your Personal Data (including Usage Data) to assess and manage usage and licensing compliance with the applicable terms of use of our services | Necessary for the performance of a contract or our legitimate interest in managing the provision of our services to customers |
| Internal reporting and business modeling | We process your Personal Data (including Usage Data) for internal reporting and business modeling purposes (e.g., forecasting, revenue, capacity planning, product strategy) | Our legitimate interest in the management of our business operations |
| Improving core functionality | We process your Personal Data (including your Usage Data) for the purposes of improving the core functionality of accessibility, privacy or energyefficiency | Our legitimate interest to offer innovative services to our users and customers, or where we seek your consent |
| Security | We process your Personal Data (including your Usage Data) for the purposes of maintaining Fusion’s own security, including investigating, detecting and preventing suspicious activity, fraud and cybercrime that may affect Fusion or its services | Our legitimate interest in promoting the safety and security of Fusion generally and to protect our rights and the rights of others |
| Compensation | We process your Personal Data (including your Usage Data) for the purposes of determining compensation for Fusion employees, such as commission | Necessary for the performance of a contract with an employee or our legitimate interest in fairly compensating our employees |
| Financial reporting | We process your Personal Data (including your Usage Data) for the purposes of financial reporting | Our legitimate interest in meeting our obligations associated with the reporting of our finances |
| Aggregating data | We process your Personal Data (including your Usage Data) for the purposes of aggregating this information to ensure that it is no longer identifying | Our legitimate interest in minimizing the amount of Personal Data processed as part of the noted processing activity |
| Webinars, programs, and trainings | ||
| Managing, and participating in, webinars, programs, training,or promotions | We process your Personal Data if you register for a webinar, contest, promotion, training, certification or a program. Some webinars, contests, programs, trainings, certifications and promotions have additional rules containing information about how we will process your Personal Data | Necessary for the performance of a contract or where we seek your consent |
| Other data collection | ||
| Managing payments | If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you | Necessary for the performance of a contract |
| Administering surveys and conducting research | We process your Personal Data (including, where legally permitted, special categories of Personal Data) in order to meet the goals set out in surveys or research as well as to analyze our compliance with internal policies | Consent or explicit consent (if required under applicable law) or our legitimate interest in conducting the survey or research based on its stated goals (where no special categories of Personal Data are in scope) |
| Participating in a Fusion community | We process your Personal Data, such as your username associated with your community account, in order to host and maintain the community for the benefit of its members | Our legitimate interest in hosting and maintaining such a community for the benefits of its members, as well as in order to inform you of program changes that are important to your participation or relate to additional security measures |
| Collection of diversity information | We process your Personal Data (including special categories of Personal Data) to the extent you voluntarily consent to provide it to meet our broader community goals related to diversity and equality of opportunity | Consent or explicit consent (if required under applicable law) |
| Compliance with legal obligations | We process your Personal Data (including Usage Data) when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights | Legal obligation or our legitimate interest in protecting against misuse or abuse of our websites or services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, responding to lawful requests, or for auditing purposes |
We process your Personal Data (including Usage Data) when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights.
Legal obligation or our legitimate interest in protecting against misuse or abuse of our websites or services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, responding to lawful requests, or for auditing purposes.
If we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you.
6. Who do we share Personal Data with?
We may share your Personal Data as follows:
- Service providers: With our contracted service providers, who provide services such as IT and system administration and hosting, research and analytics, marketing, customer support and data enrichment for the purposes and pursuant to the legal bases described above in Section 5;
- Fusion affiliates: With affiliates within the Fusion and Vista corporate group and companies that Fusion or Vista may acquire in the future, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for customer support, marketing, technical operations, event registration and account management purposes;
- Event sponsors: If you attend an event or webinar organized by us, or download or access an asset on our website, we may share your Personal Data with sponsors of the event. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy statements. If you do not wish for your information to be shared, you may choose to not opt-in via event/webinar registration or elect to not have your badge scanned, or you can opt-out in accordance with Section 10 below;
- Partners: With specific partners that offer supplementary services to those provided by Fusion, to the extent you consent to such sharing (where required by applicable law);
- Third-party networks and websites: With third-party social media networks, advertising networks and websites, so that Fusion can market and advertise on third party platforms and websites;
- Professional advisers: In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers - including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data; and
- Third parties involved in a corporate transaction: If we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by a third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.
Anyone using our communities, forums, blogs, or on our websites may read any Personal Data or other information you choose to submit and post.
For more information on the recipients of your Personal Data, please contact us by using the information in Section 13 below.
7. International transfer of Personal Data
Your Personal Data may be collected, transferred to and stored by us in the United States via Fusion Risk Management, Inc., in the United Kingdom via Fusion Risk Management UK, Ltd., and by our affiliates and third-parties disclosed in Section 6, above, that are based in other countries.
Therefore, your Personal Data may be processed outside your country or jurisdiction, including in places that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses. Where required by applicable law, we will only share, transfer or store your Personal Data outside of your jurisdiction with your prior consent.
8. Children
Our websites and services are not directed at children. We do not knowingly collect Personal Data from children under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions, unless (a) we have obtained consent from a parent or guardian, (b) such collection is subject to a separate agreement with us or (c) the visit by a child is unsolicited or incidental. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in Section 13 below and we will take steps to delete their Personal Data from our systems.
9. How long do we keep your Personal Data?
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see Section 5 above) or as long as required to fulfill our legal obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
For more information on data retention periods, please contact us by using the information in the Section 13 below.
10. Your rights relating to your Personal Data
10.1 Your rights
You may have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:
- Access your Personal Data held by us;
- Know more about how we process your Personal Data;
- Rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete;
- Erase or delete your Personal Data;
- Restrict our processing of your Personal Data;
- Transfer your Personal Data to another controller, to the extent possible;
- Object to any processing of your Personal Data;
- Opt out of certain disclosures of your Personal Data to third parties;
- If you’re under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions, opt in to certain disclosures of your Personal Data to third parties;
- Not be discriminated against for exercising your rights described above;
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"); and
- Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.
Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
Please note that Automated Decision-Making currently does not take place on our websites or in our services.
10.2 How to exercise your rights
To exercise your rights, please contact us by using the information in Section 13 below. Your Personal Data may be processed in responding to these rights. We try to respond to all legitimate requests within one month unless otherwise required by law, and will contact you if we need additional information from you in order to honor your request or verify your identity. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. If you are an employee of a Fusion customer, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.
To update your billing information, discontinue your account or request return or deletion of your Personal Data and other information associated with your account, please contact us by using the information in Section 13 below.
10.3 Your rights relating to customer data
As described above, we may also process Personal Data submitted by or for a customer to our products and services. To this end, if not stated otherwise in this Privacy Notice or in a separate disclosure, we process such Personal Data as a processor on behalf of our customer (and its affiliates) who is the controller of the Personal Data (see Section 1 above). We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those explained in this Privacy Notice. If your data has been submitted to us in our role as a processor by or on behalf of a Fusion customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. Because we only access a customer’s data upon their instructions, if you do make your request directly to us, we will only refer your request to that customer.
10.4 Your preferences for email marketing communications
If we process your Personal Data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from Fusion by clicking on the “unsubscribe” link located on the bottom of Fusion marketing emails.
Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements or security information.
10.5 Your preferences for telemarketing communications
If you want your phone number to not be used for telemarketing purposes, please contact us by using the information in Section 13 below. Please include your first name, last name, company and the phone number.
Alternatively, you can always let us know during a telemarketing call that you do not want to be called again for marketing purposes.
10.6 Career applicant personal data
If you apply for a job at Fusion in the Careers section of this site, we will collect personal information from you, subject to our Employee and Applicant Data Protection Notice.
11. How we secure your Personal Data
We take appropriate precautions including organizational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the Personal Data we process or use.
While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us by using the information in Section 13 below.
12. Changes to this Privacy Notice
We will update this Privacy Notice from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we do, we will update the “effective date” at the top. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a notice on our website or by contacting you directly, or where required under applicable law and feasible, seek your consent to these changes.
We encourage you to periodically review this Privacy Notice to stay informed about our collection, processing and sharing of your Personal Data.
13. Contacting us
If you have questions regarding this Privacy Notice or our privacy practices please email us at [email protected] or write to us at:
Fusion Risk Management, Inc.
Attn: Fusion Privacy Team
2 N Riverside Plaza, Ste 1000
Chicago, IL 60606, USA
When you contact us, please indicate in which country and/or state you reside. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority. If you work or reside in a country that is a member of the European Union or that is in the EEA, you may find the contact details for that appropriate data protection authority here.
14. Additional Disclosures for California Residents
The California Consumer Privacy Act requires businesses to disclose whether they sell Personal Data. As a business covered by the CCPA, we do not sell Personal Data. We may share Personal Data with third parties or allow them to collect Personal Data from our sites or services if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data.
California law requires that we detail the categories of Personal Data that we disclose for certain “business purposes,” such as to service providers that assist us with securing our services or marketing our products, and to such other entities as described in Sections 5 and 6 of this Privacy Notice. We disclose the following categories of Personal Data for our business purposes:
- Identifiers;
- Commercial information;
- Internet activity information;
- Professional and employment-related information; and
- Inferences drawn from any of the above information categories.
California law grants state residents certain rights, including the rights to access specific types of Personal Data, to learn how we process Personal Data, to request deletion of Personal Data, and not to be denied goods or services for exercising these rights.
If you are a California resident under the age of 18 and have registered for an account with us, you may ask us to remove content or information that you have posted to our website(s). Please note that your request does not ensure complete or comprehensive removal of the content or information, because, for example, some of your content may have been reposted by another user.
For information on how to exercise your rights, please refer to Section 10.2 of this Privacy Notice. If you are an authorized agent wishing to exercise rights on behalf of a California resident, please contact us using the information in the “Contacting Us” section above and provide us with a copy of the consumer’s written authorization designating you as their agent.
We may need to verify your identity and place of residence before completing your rights request.
