INTRODUCTION

Archipelo, Inc. and our affiliates (together, “Archipelo”, “we”, “our” or “us”) provides software supply chain security services (the “Services”). As part of its Services, Archipelo provides its customers with a dedicated source code control, vulnerability detection and response platform (the “Platform”).

Archipelo respects the privacy of its customers, partners, vendors, service providers, Platform users, website visitors, and employment candidates, and is committed to protecting the personal information that is shared with us (these and any others with respect to whom we collect personal data, shall collectively be referred to as “you” or “Data Subjects”).

In order to ensure transparency and give you more control over your Personal Data, this privacy policy (“Privacy Policy”) describes how we process, use, collect and store Personal Data (defined below) that we receive from or about you in different scenarios.

For instance, when you browse or visit our website,www.archipelo.com (“Website”) and use its various offerings (like booking a demo, requesting a free trial, downloading resources, and subscribing to newsletters), create an account and log in to our Platform, and any other software application that we license, show interest in our Services, take part in our marketing activities, interact with us on our social media profiles, or apply for a job with us, as well as when we acquire your Personal Data from third-party sources for marketing, process your Personal Data, all as detailed below.

Please read this Privacy Policy carefully, so you can fully understand our practices in relation to Personal Data. Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.

“Personal Data” means any information that can be used, alone or together with other data, to uniquely identify any living human being and any information deemed as Personally Identifiable Information by applicable privacy laws.

Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, the legal basis discussed below is only relevant to individuals protected by the European Union General Data Protection Regulation (also, as it forms part of the laws of England and Wales, Scotland and Northern Ireland, the “GDPR”)). For the purposes of the GDPR and other applicable privacy laws, Archipelo is a data controller (“Controller”) in relation to the Personal Data of the representatives of our customers and prospective customers, partners, vendors, website visitors, and employment candidates.

For the purposes of the GDPR and other applicable privacy laws, Archipelo is a data processor (“Processor”) in relation to the processing of the Personal Data of our customers’ Platform users, or any other Personal Data processed on behalf of our customers as part of the provision of the Services through our Platform. If you are a registered user of the Platform, or if we may otherwise process your Personal Data on behalf of our customers as part of our Services, please contact our applicable customer in order to receive additional information regarding the processing of your Personal Data on the Platform as part of our Services.

We may update this Privacy Policy from time to time and therefore we ask you to check back periodically for the latest version. If we implement any significant changes to the use of your Personal Data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website or by other means.

This Privacy Policy forms part of our Website Terms of Service. Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Terms.

WHAT INFORMATION WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED

We collect and use the following information:

(i) When you browse or visit our website

1. Personal Data we may collect: We may use analytics tools, cookies and log files on our Website which may collect Personal Data such as IP address, pages clicked, search and browser history, and device information.
2. For what purposes: We use such information to analyze usage trends of the Website, maintain and improve the Website’s functionality and our marketing and promotional efforts. We may
3. Legal basis (GDPR only, if applicable): Legitimate interest (e.g., essential cookies required for the operation of the Website) or Consent (e.g., non-essential cookies, such as marketing or analytics cookies, to the extent required under applicable law).
4. Consequences of not providing the Personal Data: Certain Website features may not be available, and we may not be able to use the Personal Data for the purposes described above (e.g. analytics or marketing).

(ii) When you book a demo

1. Personal Data we may collect: Full name, business email address, as well as any other Personal Data that you decide to provide us with.
2. For what purposes: To receive and respond to your request, to provide you with a product demo, and to send you marketing communications via email. We may also record the demo and/or follow-up sessions, if you agree, for the purposes of business intelligence and improving our Services.
3. Legal basis (GDPR only, if applicable): Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering a contract and/or legitimate interest (to provide you with a demo, marketing) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We will not be able to provide a demo and/or send you marketing communications.

(iii)When you request a free trial and during the trial period

1. Personal Data we may collect: Full name, job title, business email address, and any other Personal Data that you decide to provide us with.
2. For what purposes: To provide you with a free trial period and to send you marketing communications
3. Legal basis (GDPR only, if applicable): Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract, legitimate interest or consent (for marketing, if required by applicable law).
4. Consequences of not providing the Personal Data: We will not be able to provide you with a free trial and/or send you marketing communications.

(iv)When you download our online resources

1. Personal Data we may collect: Full name, business email address.
2. For what purposes: To provide our Services and to send you marketing communications.
3. Legal basis (GDPR only, if applicable): Legitimate interest (provide your requested materials) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We will not be able to provide you with the requested online resources and/or send you marketing communications.

(v) When you subscribe to our blog, newsletter(s), or distribution list(s)

1. Personal Data we may collect: Full name, business email address.
2. For what purposes: To subscribe you to our blog or newsletter and send you updates about Archipelo, including marketing communications.
3. Legal basis (GDPR only, if applicable): Legitimate interest (in the context of B2B marketing) or consent (for marketing, if required under applicable law).
4. Consequences of not providing Personal Data: We cannot provide you with updates or send you marketing communications.

(vi)When you contact us regarding our Services (e.g. via submitting a request or similar forms):

1. Personal Data we may Collect: Full name, business email address, job title, work telephone number, as well as any other Personal Data that you decide to provide us with.
2. For what purposes: To process and answer questions and to contact you upon your request, to provide support and to send you marketing communications.
3. Legal basis (GDPR only, if applicable): Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract (i.e., the subscription agreement) and/or legitimate interest (e.g. respond to a query sent by you, marketing) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We cannot answer your questions or send you marketing.

(vii) When you attend a marketing event or webinar, exchange business cards with us or otherwise provide us with your Personal Data for marketing purposes:

1. Personal Data we may collect: Full name, business email address, job title, business address and phone number, as well as any other Personal Data you decide to provide us with.
2. For what purposes: To establish a business relationship with you, contact you about our Services and send you marketing communications.
3. Legal basis (GDPR only, if applicable): Legitimate interest (in the context of B2B marketing) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We cannot establish a business relationship or send you marketing communications.

(viii) When we use Personal Data of our customers/end-users (e.g. when you create an account, log-in to and use our online products and Services):

1. Personal Data we may collect directly from you or from your employer who provides us with your contact details: Full name, business email address, phone number, company, country, data relating to your use of our Services, Archipelo password (if you have a Archipelo account), job title, role, company, business address, country, payment information (if applicable and only to the extent that includes Personal Data), Personal Data received from third party software applications, products or services you (or your employer) choose to integrate with, or engage via, our Services, as well as any other Personal Data you decide to provide us with (e.g. any feedback you provide). Personal Data we collect automatically when you use our services: When you access or use the Services we automatically collect information about you, including data relating to you use of our Platform and services (e.g. pages visited, IP address, access times).
2. For what purposes: (i) To allow you to register for and log-in to our Platform, (ii) to provide our Services and perform our agreements with our customers (iii) for monitoring and security purposes, including for user authentication, logging and debugging and to prevent Platform abuse, (iv) to provide support (e.g. ticketing and chat functions), (vi) to maintain and improve our Services, (vii) to communicate with you and allow you to provide feedback on our Services (viii) for billing (if applicable) and account management, (ix) to send you marketing communications via email; (x) to collect analytics information on use of the Services.
3. Legal basis (GDPR only, if applicable, regarding data processing as Controller): Performance of a contract to which the customer is party, compliance with legal obligations (e.g. tax laws, bookkeeping laws, etc.), legitimate interest (to provide our Services, send you contract-related communication, marketing or updates about our Services) or consent (for marketing, if required under applicable law). Data processed on the Platform on behalf of customers (such as Platform user data and other data provided on behalf of customers) is processed by Archipelo as a Processor and is governed by a Data Protection Agreement with our customers.
4. Consequences of not providing the Personal Data: We cannot provide the Services, grant you access to the Platform, perform our obligations, or communicate with you.

(ix)When we acquire your Personal Data from third-party sources for marketing:

1. Personal Data we may collect: Full name, business email address, job title, business address, business telephone number, country.
2. For what purposes: To establish a first business connection and to send marketing communications.
3. Legal basis (GDPR only, if applicable): Depending on the context, legitimate interest (in the context of B2B marketing), consent (for marketing, if required under applicable law) or pre-contractual discussions.
4. Consequences of not providing the Personal Data: We cannot contact you regarding our Services and establish a business relationship.

(x) When we use the Personal Data of our service providers or distributors:

1. Personal Data we may collect: Full name, business email address, business phone number, job title, business address, country, payment information, and any other Personal Data that you provide us.
2. For what purposes: (i) to perform our agreements with our service providers and distributors and communicate with them, and to comply with our legal obligations and record-keeping requirements.
3. Legal basis (GDPR only, if applicable): Performance of a contract to which the service provider or distributor is a party, compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.), and/or legitimate interest (e.g. send you contract-related communications. to perform our agreement with your employer).
4. Consequences of not providing the Personal Data: We cannot perform our agreement with you or communicate with you.

(xi)When you interact with us on our social media profiles (e.g. Facebook, Instagram, Twitter, LinkedIn):

1. Personal Data we may collect: Full name, business email address, any other Personal Data that you decide to share with us.
2. For what purposes: To respond to your questions or request, establish a business relationship and send you marketing communications.
3. Legal basis (GDPR only, if applicable): Legitimate interest (e.g. responding to your request, marketing, and business development) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We can’t respond to your requests, establish and business relationship and send you marketing communications.

(xii) When we undertake social media marketing, including via the use of audiences or list-based advertising:

1. Personal Data we may collect or receive: Full name, business email address, job title, telephone number, IP address, pages clicked, search and browser history, device information and any other Personal Data you or third parties provide us
2. For what purposes: We may use your Personal Data to contact you via social media platforms in order to establish a business relationship with you and contact you about the Services. If you’re outside the EU, we may also use your Personal Data in order to create lists of individuals that we would like our advertising about our Services to target via social media channels, including via direct messaging marketing solutions. You may be included in such a list (in which case you will see advertising related to Archipelo when you visit those social media platforms) or we may use your Personal Data to ask social media platforms to compile a list of other individuals who we think will be interested in our products so that those individuals can be presented with advertising about Archipelo.
3. Legal basis (GDPR only, if applicable): Legitimate interest (marketing, advertising, and business development) or Consent (if required by applicable law)
4. Consequences of not providing the Personal Data: We can’t establish a business relationship with you via social media platforms; you will be excluded from advertising and marketing campaigns on social medial platforms.

(xiii) When you apply for a job with us:

1. Personal Data we may collect: Full name, email address, any Personal Data contained in your resume (c.v.), your responses to any assessment, background check results (in accordance with applicable law), any other Personal Data that you decide to provide us with. Please note that, in most cases, we receive the information directly from you, but we may also receive information from recruitment companies, references or background check companies
2. For what purposes: To assess you as a candidate, review and examine your job application and communicate with you.
3. Legal basis (GDPR only, if applicable): In order to take steps at the request of the data subject prior to entering a contract (employment contract) and legitimate interest (e.g. to assess you as a candidate, recruitment).
4. Consequences of not providing Personal Data: We cannot process your application or communicate with you.

Finally, please note that some of the abovementioned Personal Data will be used for detecting, taking steps to prevent, and prosecuting fraud or other illegal activity, identifying and repairing errors, conducting audits, and for security purposes. Personal Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, for law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may anonymize or de-identify your Personal Data. “Anonymous Information” means information that does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties for our business purposes and further use such anonymized data for internal business purposes, including, without limitation, to improve our Services and for research and development purposes.

HOW WE PROTECT YOUR PERSONAL DATA

We have implemented appropriate technical, organizational, and security measures designed to protect your Personal Data. Archipelo implements, enforces, and maintains security measures, technologies, and policies to prevent unauthorized or accidental access to or destruction, loss, modification, use, or disclosure of Personal Data. We also take steps to monitor compliance with such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we encrypt data in transit and at rest. Likewise, we take industry-standard steps to ensure our Website and Services are safe and to prevent unauthorized access to our databases. Other security safeguards include but are not limited to, firewalls, s, access logs, breach detection systems and physical access controls to buildings, systems, and files.

However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device, or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.

Within Archipelo, we endeavor to limit access to Personal Data to those of our personnel who: (i) require access in order for Archipelo to fulfill its obligations, including also under its agreements, and as described in this Privacy Policy, and (ii) have been appropriately and periodically trained with respect to the requirements applicable to the processing and security of the Personal Data, and (iii) are under confidentiality obligations as may be required under applicable law.

Archipelo shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities and data subjects in the event that any Personal Data processed by Archipelo is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. Archipelo shall promptly take reasonable remedial measures.

HOW WE RETAIN YOUR PERSONAL DATA

We may store your Personal Data for as long as such Personal Data is necessary for accordance with the purpose for which we collected it, and as long as necessary to fulfill your requests or inquiries or provide services or until we proactively delete it or you send a valid deletion request. In certain circumstances, we may store your Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements, and to meet any audit, compliance, and business best-practices, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. We maintain a data retention policy that we apply to Personal Data in our care. Regarding the retention of cookies, you can read more in our cookies policy. Data that is no longer retained will be anonymized or deleted. Likewise, some metadata and statistical information concerning the use of our Website and Services are not subject to the deletion procedures in this policy and will be retained by Archipelo. We will not be able to identify you from this data. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy and their retention policy, and in our backups until overwritten.

HOW WE SHARE YOUR PERSONAL DATA

Depending on the context described in Section 2 above, we may share your Personal Data with the following categories of third parties:

1. Third-party service providers. Archipelo has partnered with a number of selected service providers, whose services and solutions complement, facilitate, and enhance our own (“Third Party Service Providers”). These may include service providers of the following services: hosting / storage, email distribution and monitoring, authentication, support and ticketing, logging and monitoring, CRM, data enrichment, sales and marketing engagement and automation, analytics and business intelligence, in-app notification and feedback, data and cyber security services, billing and payment processing services (only if applicable), fraud detection and prevention services, session recording and remote access services, and our legal and financial advisors, document management, only in case you are applying for a job with us- automation/management of HR and job application, and only in case of jobs in certain jurisdictions, and only with your consentbackground checks. Depending on the context, we may share the following categories of Personal Data with such Third Party Service Providers for business purposes: identifiers, including name, alias, unique personal identifiers, online identifiers, IP addresses, business email addresses, or other similar identifiers, as well as information regarding services purchased, obtained, or considered.
2. Archipelo-affiliated companies. We may share your Personal Data internally within our affiliated companies, to the extent necessary to fulfill the purposes listed above. Sharing Personal Data between of data subjects from the European Union, the United Kingdom, and Switzerland between Archipelo’s subsidiaries located outside these regions will always take place under an approved transfer mechanism, such as the relevant Standard Contractual Clauses (if required).
3. Law enforcement, legal requests, and duties. To the extent necessary and subject to applicable law, Archipelo may disclose or otherwise allow access to any categories of Personal Data described in this Privacy Policy, with or without notice to you, to regulators, courts, or competent authorities, pursuant to valid legal requests (such as a subpoenas, legal proceedings, search warrants or court orders), to comply with applicable laws, regulations, and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order.
4. In connection with a change in corporate control. Should Archipelo or any of its affiliates undergo any change of control, including by means of merger, acquisition, or purchase of substantially all of its assets, or in the event of bankruptcy or a comparable event, your Personal Data (to the minimum extent required) may be shared with the parties involved in such event.
5. Social media platforms. For the purposes mentioned above.
6. With your consent or upon your further direction. Our Services enable you, through different techniques, to engage and procure different optional third-party services, products, and tools (for instance, log in using an account you maintain with a third-party platform). If you choose to use such third-party services, they may have access to and process your Personal Data. In addition, we may share your Personal Data where you have provided your consent to us sharing or transferring your Personal Data, or where you directed us to do so (e.g., where you opt-in to optional additional services or functionalities or applicable third-party services available on our Services). Please note that in such instances Archipelo merely acts as an intermediary at your direction, allowing you to procure such third-party services with which you are interacting directly, at your discretion and risk.

WHERE WE STORE YOUR PERSONAL DATA AND ADDITIONAL INFORMATION ABOUT TRANSFERS OF GDPR-PROTECTED PERSONAL DATA

1. Generally, and unless you are an end user of a customer with which we’ve agreed otherwise in a separate customer agreement, your Personal Data is stored in data centers of our cloud-hosting third-party service providers that are located in the United States of America and the European Economic Area (EEA).
2. Personal Data collected in the EU and UK is transferred to, stored, and processed at destinations outside the EEA and the UK. This includes transfers to our headquarters, located in Israel, a jurisdiction deemed adequate by the EU Commission and the UK, and transfers to our staff and certain third-party service providers in the USA, not currently deemed adequate. We transfer Personal Data to such locations in order to:
   • store or backup the information;
   • enable us to provide you with the Services and fulfill our contract with you;
   • fulfill any legal, audit, ethical, or compliance obligations that require us to make that transfer
   • facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
   • to serve our customers across multiple jurisdictions; and
   • to operate our affiliates in an efficient and optimal manner.
3. Where your Personal Data is transferred outside of the EEA or UK, we will take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, including entering into contracts that require the recipients to adhere to data protection standards that are considered satisfactory under the GDPR and other applicable laws, and that it is treated securely and in accordance with this Privacy Policy.
4. Transfers from the EEA to Israel are made based on an adequacy ruling by the EU Commission. Transfers from the EEA to the USA are made based on the Standard Contractual Clauses published by the EU Commission. Transfers from the UK to the EEA and to Israel and made based on UK’s Adequacy Regulations. Transfers from the UK to the USA are made based on the UK’s International Data Transfer Addendum to the EU Commission Standard Contractual Clauses.

YOUR PRIVACY RIGHTS; HOW TO DELETE YOUR DATA

1. Rights: The following rights (which may be subject to certain exemptions or derogations) may apply to certain individuals (some of which only apply to individuals protected by the GDPR or other applicable data protection laws):

1. .You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however, we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
2. You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
3. You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise, or defense of legal claims;
4. You have the right to object, to or to request restriction, of the processing;
5. You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and that you have the right to transmit that data to another controller;
6. You have the right to object to profiling;
7. Where you have consented to the processing of your Personal Data, you have the right to withdraw your consent at any time and prevent further processing by contacting us as described in this Privacy Policy. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular, if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
8. You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
9. You have a right to lodge a complaint with your local data protection supervisory authority
10. (i.e., your place of habitual residence, place of work, or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
11. .If you may have certain additional rights under local privacy laws applicable in your jurisdiction. To the extent such privacy laws apply to you, we will respect your rights and comply with such laws.

You can exercise your rights by contacting us at support@archipelo.com Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.

Deleting your Platform user account and Personal Data: Please note that if you are a registered user of the Platform (as an employee or agent operating on behalf of a customer of Archipelo), or if we may otherwise process any of your Personal Data on behalf of a customer as part of the provision of the Services through our Platform, please contact our applicable customer with any deletion or other data subject rights requests. You can also contact us by emailing support@archipelo.com, and we, as a Processor of such customers, will do our best to assist, in accordance with our agreement with the customer and per the customer’s instructions.

Deleting other (non-platform user) Personal Data: Should you ever wish to delete your Personal Data that Archipelo processes as a Controller (e.g. Personal Data of the representatives of our customers and prospective customers, partners, vendors, website visitors, and employment candidates), you may submit your request by emailing support@archipelo.com.

USE BY CHILDREN

Our Services and Website are not intended for children under the age of eighteen (18), so we do not knowingly collect Personal Data from, of, or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not use our Services or Website and do not provide any Personal Data to us without the involvement of a parent or a guardian. If you believe that we have such information, please contact us at support@archipelo.com.

LINKS TO AND INTERACTION WITH THIRD PARTY SERVICES

Our Services may enable you to interact with, contain links to, or allow integration with your, or your employer’s, third-party accounts and other third-party websites, software applications, and products or services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service that you choose to use or interact with.

USE OF COOKIES, LOG FILES, ANALYTICAL TOOLS AND SIMILAR TECHNOLOGIES

Cookies. We and our Third Party Service Providers use cookies and other similar technologies (“Cookies”) to provide our Services and ensure that they perform properly, analyze our performance and marketing activities, and to track your use of the Website, and personalize your experience. Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from browsers; however, most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a Cookie, or you may choose to block Cookies with your browser.

Please also note that social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). The social media platforms are responsible for how they handle your Personal Data. Information about how they collect and use Personal Data (and how they use cookies and similar technologies, including instructions on how you can disable these) can usually be found in their respective privacy policies and cookies policies on their websites.

Log files. Our Services collect and stores information that your browser automatically transmits to us in "server log files", which may include (but are not limited to): IP addresses, browser type, and version, operating system used, referring/exit pages URL, clicked pages, date/time stamp of the server request. We use such information to analyze trends, administer our Services, and track the use of our Website.

Analytic tools. We use the analytical tools listed below in order to improve our Services.

• Google Analytics. The Website uses “Google Analytics” to collect information about the use of the Website. Google Analytics collects information such as how often users visit this Website, what pages they visit, and what other websites they used prior to visiting our Website. We use this Google Analytics information to maintain and improve our Services. e do not combine information we receive through Google Analytics with Personal Data we collect. Google’s ability to use and share information collected by Google Analytics about your visits to this Website is restricted by the Google Analytics Terms of Service, available at https://marketingplatform.google.com/about/analytics/terms/us/,and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.
• Google reCaptcha. Our Platform uses “Google reCaptcha” (“reCAPTCHA”) solely for protection against unauthorized access to, and abusive automated crawling and spam of, our Platform by bots and other automated means. reCAPTCHA analyzes the behavior of visitors to the Platform’s log-in page based on various characteristics. This analysis starts automatically as soon as a Platform user reaches the log-in page, and it involves the evaluation of various information (e.g., device and application data, mouse movements and time spent on the log-in page, and the results of integrity checks). Such information is also share with Google. We do not combine reCaptcha data with Personal Data we collect. For more information about Google’s use of information processed by reCaptcha and Google’s privacy practices, please visit: https://www.google.com/recaptcha/about/ and https://policies.google.com/privacy

SPECIFIC PROVISIONS APPLICABLE UNDER CALIFORNIA PRIVACY LAW

Do Not Track Signals. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers to inform websites that they do not want to be tracked. We do not respond to or honor DNT signals.

California Consumer Privacy Rights (CPRA). Archipelo does not meet the threshold of the California Privacy Rights Act of 2020 (“CPRA”), and therefore its data processing activities as a Business (such as regarding Website visitor data) are not governed by the CPRA. Archipelo acts as a Service Provider (as defined in the CPRA) on behalf of its customers and, where the CPRA is applicable to its customers, Archipelo is committed to processing Personal Information on their behalf in accordance with the CPRA.

CONTACT US; EU REPRESENTATIVE

If you have any questions, concerns, or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at support@archipelo.com.