Global Data Protection and Privacy Notice
Last updated: October 2, 2024
Rocket Software, Inc. and its affiliates (“Rocket Software,” “we,” “us,” or “our”) have issued this Global Data Protection and Privacy Notice (“Privacy Notice”) to help you understand our practices surrounding the collection, use, and disclosure of your personal data.
We respect the privacy of individuals and are committed to handling personal data responsibly and in accordance with applicable law. This Privacy Notice sets out the types of personal data that we collect and process about you (including personal data collected via our websites or portals, our products, our services, or personal data collected directly or indirectly in the course of our business), the purposes of the processing and the rights that you may have in connection with our processing, depending on your location.
This Privacy Notice addresses the following topics:
- Categories of Personal Data We Collect About You
- How We May Use Your Personal Data
- How We May Disclose Your Personal Data
- Retention of Your Personal Data
- Security of Your Personal Data
- International Transfers of Your Personal Data
- Jurisdiction-Specific Information
- Changes to this Privacy Notice
- Inquiries and Concerns
This Privacy Notice does not apply to any processing of personal data by or on behalf of Rocket Software: (a) that is covered by a more specific privacy notice, including in respect of our employees and employee applicants; or (b) to the extent we process your personal data in the role of a processor or service provider on behalf of our customers.
If you are located in: (a) the European Union, United Kingdom or Switzerland, or (b) California, you should also refer to the section entitled “Jurisdiction Specific Information,” below, for a description of additional information and rights that you may have. In all other jurisdictions, this Privacy Notice is provided on an informational basis only, and your rights may vary according to applicable local data privacy laws.
Categories of Personal Data We Collect About You
A. Categories of Personal Data
The categories of personal data collected may include, but is not limited to, the following:
- Basic identifiers and contact information, such as first name, last name, preferred name, job title, employer, contact information, including work email address, work address, and work telephone number, preferred language, and preferences , and signature.
- Commercial data, such as purchase history, information relevant to customer surveys and/or offers, and other information pertinent to fulfilling business transactions.
- Customer access data, such as usernames and other information needed to create user accounts and provide access to our products and services.
- Device/IP data, such as IP address, device ID, domain server and type of device/operating system/browser used to access our products and services.
- Internet or other network activity data, such as browsing or search history, web page interactions, referring webpage/source through which you accessed our products or services, non-identifiable request IDs, statistics associated with the interaction between device or browser and the products or services, and other data collected through cookies.
- Data required in connection with our SaaS products, such as identifiers and company contact information, user names, ENGDAT (Engineering Data Message) routing address for OFTP (Odette File Transfer Protocol) based file exchanges, time zone and date/time preferences for SaaS product usage, IT information required to provide access to systems and networks such as IP addresses, log files and login information, encryption generation keys, meta data, such as logs, for usage information and activity logs, with identifying characteristics such as creator or author of a transaction, names of individuals who have accessed or downloaded file(s), the time file(s) were accessed or downloaded, IP addresses of users and SaaS product administration activity such as adding and deactivating users, management of the generation of encryption keys.
- Images, such as photographs taken at Rocket Software events.
- Information received through communications with us, such as information provided by yourself through telephone calls and other verbal communications, chats (as may be the case, for example, by interacting with the Rocket Software “Chatbot” (as that term is defined below) and provide information to the Chatbot), live chats with Rocket’s Customer Technical Support, or emails.
- Marketing and communications information collected about you or that you provide to us, such as your preferences in receiving marketing information from us and/or our third parties, and/or your communication preferences.
- Inferences drawn from other personal data collected, such as profiles reflecting user attributes and profiles reflecting user behavior.
- Other information, such as information obtained through publicly available external websites in certain circumstances or that you provide via our complaints or whistle-blower hotline.
We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning health or sexual orientation. However, please note, that you might choose to voluntarily make available to us such sensitive personal information when reporting an issue to support your concern if you file a whistle-blower complaint.
B. How We Collect Your Personal Data
We collect personal data about you from the following sources:
- Information you provide to us, such as information you may choose to provide us with when you visit our websites or interact with us, for example when you purchase products or services from us, when you email us, contact us via our “Contact Us” page, visit our offices, or when you communicate with us over email or the telephone (including via our whistle-blower hotline).
- Through use of cookies, such as when you visit our websites or use our products or services. Our websites use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our products and services, analyze trends, learn about our user base and operate and improve our websites, products or services. Cookies are small pieces of data – usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our websites, products or services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Most browsers allow you to turn off cookies or to receive a warning before a cookie is stored on your hard drive. Find out more about our cookies in our Cookie Notice.
- Through use of the Chatbot. Rocket Software’s website includes an artificial intelligence-enabled chatbot feature, which is operated by third-party service providers, including Marketo and Drift (collectively, the “Chatbot”). The information that has been received by the Chatbot is governed by its respective privacy policy. Rocket Software uses the Chatbot to collect user chat data, which generates a transcript of your communication with us after our conversation has concluded. Data collected may also include technical and usage data. The Chatbot that Rocket Software uses to collect user chat data records your conversation with us. Rocket Software’s use of this data including the conversation transcript is strictly limited to providing information you have requested and/or scheduling a meeting with a Rocket Sales executive at your request, helping Rocket Software understand how users interact with its services, and to design a better user experience for you. The Chatbot uses the information it collects to help train and improve the artificial intelligence models that power the Chatbot. The Chatbot may aggregate or de-identify your personal data so that it may no longer be used to identify you. This aggregated and de-identified data can then be used (i) to analyze the effectiveness of the Chatbot, (ii) for qualitative purposes to improve responses from the Chatbot when presented with similar topics in the future, and (iii) to improve or add features to the Chatbot. The Chatbot will maintain and use de-identified information in anonymous or de-identified form and it will not attempt to reidentify the information, unless required by law.
- Information provided by third parties or publicly available sources, such as personal data we collect:
- from third parties, such as when we receive information about you from our vendors who assist us with analytics, customer support, lead generation, marketing or promotional services;
- if you represent one of our vendors or business partners, we may collect your personal data (i.e., basic identifying and business contact information, including your name, title, work email address, work postal address, job title and/or work telephone number, as appropriate) from the entity that you work for where this is necessary to receive products or services from, or otherwise conduct business with, such third party;
- in relation to companies that we are evaluating in connection with a corporate transaction or potential investment (e.g., depending on the context, your name, title, email address, postal address, job title, telephone number, passport or other government-issued identification, financial information and/or job and benefits information, as appropriate);
- from public internet sources, such as social media, job boards, public profiles, and other public online sources;
- by surveillance or recording technologies, such as passive video surveillance in common areas of Rocket Software facilities to prevent or detect crime, voicemail technologies, webcams, and audio/video recording technologies with consent, to the extent required by law;
- from public records and governmental agencies, such as court records, and credentialing and licensing organizations and public health authorities;
- via automated technologies on our electronic resources, such as to track logins and activity on our sites; and
- from acquired companies, such as where we acquired another company and collected personal data from that company regarding acquired employees, customers or prospective customers.
C. Data that is Not Personal Data
We may create aggregated, de-identified or anonymized data from the personal data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve our websites, products or services and promote our business, provided that we will not share such data in a manner that could identify you. We may also use such aggregated, de-identified or anonymized data to train AI models and algorithms.
D. Personal Data of Children
We do not knowingly collect or solicit personal data about children under 18 years of age. If you are a child under the age of 18, please do not attempt to register for or otherwise use our websites, products or services or send us any personal data. If we learn we have collected personal data from a child under 18 years of age, we will delete that information as quickly as possible. If you believe that a child under 18 years of age may have provided personal data to us, please contact us at the email address at the end of this Privacy Notice, including in the subject line “Use of Child’s Personal Information.”
How We May Use your Personal Data
To the extent that you provide us with any personal data, or we otherwise collect your personal data (e.g., through or in connection with our websites) we may use your personal data for the following purposes (which shall be considered “business purposes” for purposes of the California Consumer Privacy Act of 2018 (as amended, along with any implementing regulations, the “CCPA”)):
Purpose | Legal Basis |
---|---|
To conduct business with you or to provide you with the services you have requested | Contractual necessity; and/or our legitimate interest in operating our websites and business |
To support and communicate with you and to administer your participation in any of our events | Our legitimate interest in operating our websites and business |
To keep a record of your relationship with us | Our legitimate interest in operating our websites and business; and/or legal requirement |
To administer, support, develop, and protect our business and our websites | Our legitimate interest in operating our business and our websites |
To help maintain the safety, security, and integrity of our websites, products and services, databases and other technology assets, and business | Our legitimate interest in operating our websites and business; and/or legal requirement |
To verify your identity or to evaluate a potential business partner or supplier | Legal requirement; and/or our legitimate interests in operating our business |
To conduct due diligence activities in connection with an actual or prospective corporate transaction or investment which is evaluated by Rocket Software or which we are party to | Our legitimate interest in operating our business; contractual necessity; and/ or legal requirement |
Corporate transaction and investment reporting | Legal requirement |
Litigation management and conducting internal audits and investigations, including as a result of a whistle-blower complaint | Legal requirement; and/or our legitimate interest in operating our business |
To obtain advice from our professional advisors, including lawyers and accountants | Our legitimate interest in operating our business |
To personalize your experience and make suggestions and recommendations to you, or to provide you with updates or other information, about our business and services that may be of interest to you | Our legitimate interest in operating our business |
For statistical analysis and market research | Our legitimate interest in operating our business |
To comply with applicable laws, rules, and regulations, including responding to law enforcement requests and as required by applicable law, court order, or governmental regulations | Legal requirement |
For any other purpose that has been notified, or has been agreed, in writing | Consent |
We may process your personal data on more than one legal basis depending on the specific purpose for which we are using your personal data. No automated decision-making, including profiling, is used when processing your personal data.
We may send you direct marketing communications (e.g., marketing newsletters, updates, and alerts) where we have obtained your prior consent to keep you informed of our services in which you might be interested, or based on our legitimate business interests where permitted by law, such as where we have an existing relationship with you and we wish to contact you about similar products or services in which you may be interested. You may request that we stop sending you marketing communications by clicking the unsubscribe link in the marketing email. Alternatively, you can manage your email preferences at https://info.rocketsoftware.com/update-preferences or unsubscribe from Rocket Software emails at /unsubscribe.
How We May Disclose Your Personal Data
Your personal data may be shared with and processed by our affiliates and certain service providers and business partners as necessary to fulfil the purposes set out in this Privacy Notice. We use a number of service providers that provide a wide range of services, including legal and financial professional advisors, IT and data security providers, data hosting providers and website managers and other IT service providers, meetings and conference vendors, auditors, marketing agencies, HR firms, and data software providers. We make sure anyone who provides a service to, or for us, enters into an agreement with us and meets our standards for data security.
We reserve the right to disclose your personal data as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator, national security, for the purposes of public importance or any other legal or investigatory process involving us. Should we, or any of our affiliated entities, be the subject of a corporate transaction, including any divestment or acquisition, we may disclose your personal data to the new owner of the relevant business and their advisors (including as part of any preliminary diligence process).
Retention of Your Personal Data
We will keep your personal data only for as long as is reasonably necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required by applicable law, legal process or administrative needs. We will not keep more personal data than we need for those purposes. For further information about how long we will keep your personal data, please contact us at the email address at the end of this Privacy Notice including in the subject line “Request for Personal Data Retention Information.”
Security of Your Personal Data
We are committed to ensuring that your information is secure and confidential. Unfortunately, the transmission of information and data via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of any information or data transmitted to or through our websites.
We have put in place appropriate technical, physical and administrative procedures and means to safeguard and secure the information we may collect or might receive from you in order to prevent unauthorized access or disclosure. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality and required to keep your personal data secure.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
International Transfers of Your Personal Data
As we operate at a global level, we may need to transfer personal data to countries other than the ones in which the information was originally collected. When we export your personal data to a different country, we will take steps to ensure that such data exports comply with applicable data privacy laws.
If you are located in the European Union (“EU”), Switzerland, or the United Kingdom (“UK”), we have taken steps to ensure an adequate level of protection for your transferred personal data through Standard Contractual Clauses, to which Rocket Software, Inc., its U.S. subsidiaries and its subsidiaries in the EU, India, Switzerland, the UK and other geographies are parties. If you are located in another country with restrictions on cross-border data transfers, such as Brazil, we may rely on your consent for the transfer of your personal data outside your country of residence.
Jurisdiction-Specific Information
The following jurisdiction-specific information may apply to you based on where you reside or are located:
A. California
This section applies only to individuals who reside in the state of California in the United States (“California residents”). In addition, this section applies to personal information collected through our websites and in any other way, such as when California residents visit our offices.
California Notice at Collection
We collect the categories of personal information identified in the “Personal Data We Collect About You” section, above, for the purposes identified in the “How We May Use Your Personal Data” section, above, and retains personal information for the period described in the “Retention of Your Personal Data” section, above. We do not, and will not, sell your personal information or disclose it to third parties for cross-context behavioral advertising. We also do not collect or process sensitive personal information for the purpose of inferring characteristics about you.
Additional Information Regarding Disclosures of Personal Information
The CCPA and California Privacy Rights Act (“CPRA”) require that we provide you with the following information about disclosures of your personal information to third parties for “business purposes,” as that term is defined in the CCPA:
- Service providers: We may disclose to service providers any of the categories of personal information they collect for the business purpose of performing services on our behalf and, in particular, for the specific purposes described in the “How We May Use Your Personal Data” section, above.
- Auditors, lawyers, consultants, and accountants engaged by us: We may disclose the categories of personal information listed in the “Categories of Personal Data We Collect About You” section, above, to these services providers or contractors for the business purpose of auditing compliance with policies and applicable laws, in addition to performing services on our behalf.
- Affiliated companies: We may disclose any of the categories of personal information listed in the “Categories of Personal Data We Collect About You” section, above, to other companies within our family of companies for the business purposes of (a) auditing compliance with policies and applicable laws, (b) helping to ensure security and integrity, (c) debugging, (d) short-term transient use, (e) internal research, and (f) activities to maintain or improve the quality or safety of a product or service.
No Sales or Sharing
We do not sell or “share” (disclose for cross-context behavioral advertising) your personal information.
Your California Privacy Rights
Subject to applicable exceptions, California residents have the following rights under the CCPA and CPRA:
- Right to Know: You have the right to submit a verifiable request for specific pieces of your personal data and for information about our collection, use, and disclosure of categories of your personal data.
- Right to Delete: You have the right to submit a verifiable request to delete personal data that we have collected from or about you.
- Right to Correct: You have the right to submit a verifiable request to correct inaccurate personal data about you maintained by us, taking into account the nature of the personal data and the purposes of processing the personal data.
Marketing
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at the email address at the end of this Privacy Notice including in the subject line “California Marketing Information Request.”
Non-Discrimination
We will not unlawfully discriminate against you for exercising your privacy rights under the CCPA or CPRA.
How to Exercise Your California Privacy Rights
We will respond to request to know, delete, and correct in accordance with applicable law if we can verify the identity of the requestor. You can exercise these rights in the following ways:
- Call 1-800-890-4254
- Complete the request form available under “How to Exercise Your Rights,” below
B. European Union, United Kingdom, and Switzerland
This section applies only if our collection, or your provision, or personal data under this Privacy Notice is subject to the European Union (EU), United Kingdom (UK) or Swiss data privacy laws, such as the EU GDPR or the UK or Swiss equivalent.
Rocket Software is a controller of any personal data collected or processed by us when you interact with us in the ways described above (e.g., when you visit our website, etc.). The types of personal data we collect, and our legal bases for doing so, is set out above.
Your Rights
You may have the right to access the personal data we hold about you and control the way in which and what personal data we store and process about you, as set out below. To exercise these rights and controls, please see “How to Exercise Your Rights,” below.
- Access: You have the right to ask for a copy of the personal data that we hold and process about you free of charge, however we may charge a ‘reasonable fee,’ if we think that your request is excessive, to help us cover the costs of locating the information you have requested.
- Correction: You may notify us of changes to your personal data if the information we hold and process about you is inaccurate or it needs to be updated.
- Deletion: If you think that we should not be holding or processing your personal data any more, you may request that we delete it. Please note that the right to deletion is not absolute and it may not always be possible to delete personal data on request, including where the personal data must be retained to comply with a legal obligation. In addition, deletion of personal data may result in the inability for us to fulfil the purposes described in the Privacy Notice.
- Restrictions on use: You may request that we stop processing your personal data (other than storing it), if: (i) you contest the accuracy of it (until the accuracy is verified); (ii) you believe the processing is against the law; (iii) you believe that we no longer need your personal data for the purposes for which it was collected, but you still need your personal data to establish or defend a legal claim; or (iv) you object to the processing, and we are verifying whether our legitimate grounds to process your personal data, override your own rights.
- Object: You have the right to object to processing, including: (i) for direct marketing; (ii) for research or statistical purposes; or (iii) where processing is based on legitimate interests.
- Portability: If you wish to transfer the personal data that we hold and process about you on the legal ground of contractual necessity to another organisation (and certain conditions are satisfied), you may ask us to do so, and we will send it directly if we have the technical means.
- Withdrawal of consent: If you previously gave us, and we rely on, your consent (by a clear affirmative action) to allow us to process your personal data for a particular purpose not specified in this Privacy Notice, but you no longer wish to consent to us doing so, you can contact us to let us know that you withdraw that consent.
More on the Right to Lodge a Complaint: If individuals located in the EU, Switzerland and/ or UK believe that their personal data has been processed in violation of applicable data privacy laws, they may follow the “How to Exercise Your Rights” process below but they also have the right to lodge a complaint with the competent supervisory authority in the country where they reside, where they work, or where the alleged violation occurred.
C. All other locations
To the extent provided by applicable law and subject to any relevant exceptions, you may be able to exercise the following rights and any other rights afforded under applicable law:
- Access: The right to request access to your personal data maintained by Rocket Software.
- Rectification: The right to request that Rocket Software update or correct your personal data that is outdated or inaccurate.
- Deletion: The right to request that Rocket Software to delete/erase your personal data.
- Restrict Processing: The right to request restriction of processing of your personal data in certain situations, such as while a dispute concerning the accuracy of personal data is being resolved.
- Withdraw Consent: The right to withdraw your consent to the processing of your personal data, at any time, where you previously consented to the processing of your personal data.
- More on the right to withdraw consent: Any withdrawal shall not affect the lawfulness of processing based on your consent before its withdrawal, and Rocket Software will continue to retain the personal data that you provided us before you withdrew your consent for as long as allowed or required by applicable law.
If you believe that your personal data has been processed in violation of applicable data privacy laws, you may also have the right to lodge a complaint with the data protection authority where you live, where you work, or where you believe the violation occurred. Individuals in India may make a complaint to Rocket Software by the complaint procedure provided by the Data Protection Board of India.
D. How To Exercise Your Rights
To exercise the rights described above, you or your validly-appointed authorized agent (“Authorized Agent”) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use personal data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within the timeframe provided by the laws applicable to your location. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request. You may submit a Valid Request by completing this Form, or, in the case of California residents, calling 1-800-890-4254. The more risk entailed by the request (e.g., a request for specific pieces of personal data), the more items of personal data we may request to verify your identity. If we cannot verify your identity to a sufficient level of certainty to respond securely to your request, we will let you know promptly and explain why we cannot verify your identity.
You may also authorize an agent to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf. You can obtain an “Authorized Agent Designation” form by contacting us at the email address at the end of this Privacy Notice, including in the subject line “Authorized Agent Request.”
We will respond to requests to exercise individual data rights in accordance with applicable law. We will recognize any additional rights you may have under applicable law, but we may not grant you more rights than applicable law provides.
Changes to this Privacy Notice
We may change this Privacy Notice from time to time in our sole discretion. If we decide to change our Privacy Notice, we will post those changes so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please check periodically for changes to this Privacy Notice, and especially before you provide any personal data to us.
Inquiries and Concerns
Please direct any questions or concerns you may have about this Privacy Notice to [email protected], including in the subject line “Privacy Notice Inquiry.”