Privacy Policy

Last Revised: March 31, 2024

Introduction

Varolio Ltd ("Varolio", "we", "us", or "our") places a high priority on the privacy of our users ("Users", "you", “your”, "data subjects", or "Visitors") and clients ("Clients"), ensuring the protection of your privacy and personal information. This Privacy Policy applies to the information you provide to us through our website (https://varolio.io), referred to as the "Website" or "Site", and our Varolio web and mobile application, known as "Software" or "App". These, along with our marketing campaigns, social media engagements, community interactions, and any other services we offer, are collectively identified as the "Services".

Varolio is a dynamic software platform designed to empower organizations and individuals by facilitating the creation of internal tools, enhancing workflow management, and enabling system integrations through AI and low-code solutions (e.g., inbox management platform). We hold your privacy in high regard and are dedicated to safeguarding your personal information. This Privacy Policy details our approach to collecting, using, sharing, storing, and protecting the personal information of you across our Services. By engaging with our Services, you consent to the collection and utilization of your personal information as outlined in this Privacy Policy.

By visiting our Site or registering our Services, you consent that we will collect and use your information under the terms of this Privacy Policy.

Please read this Privacy Policy and contact us if you have any questions at: team@varolio.io.

About This Privacy Policy

We have crafted this Privacy Policy to underscore our dedication to the privacy rights of our Users and Clients. The use of our Site and Services involves the submission of Personal Data, a step that remains entirely at your discretion. Our Services are tailored for our Users or Clients, with certain features necessitating registration and the provision of specific Personal Data as outlined in this Privacy Policy. For instance, Personal Data submission is required when you elect to utilize our Services. We commit to retaining the Personal Data you share through our Site and Services in adherence to the stipulations of this Privacy Policy.

Our services, designed to enhance workflow management, system integrations, and to provide support through artificial intelligence assistant services, may interact with your organization's information. In light of this, we have deployed the most sophisticated and effective data security measures available to guarantee the utmost protection of our Clients' data. It is important to note that we have no control over, nor do we possess knowledge of, the specific data you choose to share with us. The selection and sharing of data are the sole responsibilities of the Client. We encourage our clients to be mindful of the information they share and to ensure that it aligns with their own privacy and security protocols.

This Privacy Policy was designed with the EU & UK General Data Protection Regulation (GDPR), US privacy laws, and additional applicable privacy laws in mind. However, given the country of your residency, other rules may apply to your Personal Data (see defined below “Applicable Privacy Laws”).

If you would like to learn more about Varolio's region-specific processing of personal data, you can go directly below to the applicable notices for individuals in the EEA and California.

Please read the Privacy Policy carefully to ensure you understand it and agree with its terms before using the Site & Services. You have no legal requirement to provide us your Personal Data. We collect, process, and retain your Personal Information only if you choose to access and engage with our Site and/or our Services and in accordance with this privacy policy. You can always avoid providing us certain Personal Data; however, you acknowledge that it may prevent us from providing you certain Services or use our Site. If you do not agree with any of the terms provided in this Privacy Policy, and the choices we provide do not mitigate your concerns, please do not access or use our Services and avoid accessing and using our Website.

Preliminary Notes

Binding Agreement - This Privacy Policy constitutes an integral part of our Terms of Use and unless explicitly mentioned otherwise in another agreement with you, is part of our legal engagement (“Agreement”).

Content - Our Services do not contain inappropriate content. Nevertheless, we use appropriate technical and organizational measures to ensure the protection and retention of data subjects.

Varolio provides this Privacy Policy, as will be updated from time to time to inform you of our policies and procedures regarding the collection, use, and disclosure of Personal Information we receive when you use the Website and our Services.

Changes and updates to this Privacy Policy - We reserve the right to modify or update this Privacy Policy, reflect changes in our Site services, data processing practices, or conform to a regulatory requirement. Such changes will be effective immediately upon the display of the revised Privacy Policy. The last revision date will be reflected in the "Last Updated" heading. If we make material changes to this Privacy Policy, we will do our best to notify you by email or through a notice on our website.

Definitions

• Applicable Privacy Laws means any applicable privacy or other law to the extent applicable to our operation, including the General Data Protection Regulation (EU) 2016/679 (GDPR); European Union Member State laws, rules and guidelines implementing or supplementing the GDPR, as amended from time to time and to the extent applicable to our Company’s operation and our Services; the California Privacy Right Act of 2020, Cal. Civ. Code §§ 1798.100 et. Seq, (CPRA) as amending the California Consumer Privacy Act (CCPA), to the extent applicable; the Israeli Privacy Law – 1981 and any regulations enacted thereunder including the Privacy Protection Regulations (Transfer of Data to Databases Abroad), 5761-2001 and Privacy Protection Regulations (Data Security), 5777-2017 and any applicable guidelines, standards and/or instructions published by the Israeli privacy authority in effect from time to time relating to data security and data privacy.

• Minor refers to a data subject underage (under 16 years or less depending on the legal jurisdiction applicable), which processing his/her personal data is only lawful if parent or guardian consent has been obtained.

• Data Controller refers to the person, organization, public authority, agency, or other body who, either alone or with others, determines the purposes for which and the manner in which any Personal Data is to be processed, and defines the controls required for such processing.

• Data Processor refers to any person or organization (other than an employee of the Data Controller) who undertakes the processing of Personal Data on behalf of the Data Controller.

• Data Subject refers to an individual who is the subject of Personal Data.

• Data Subject Consent refers to the Data Subject’s approval or agreement for an activity to take place, having considered the benefits and risks of the activity. For consent to be valid, the data subject needs to be informed, have the capacity and knowledge to decide, and to have given their consent voluntarily.

• Personal Data refers to information about a living individual, which means that they can be identified (a) from that data, or (b) from that data and any other information which is, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or could in the future, come into the possession of the data controller, and as provided in this Privacy Policy below.

• Non-Personal Data means information that does not personally identify you and does not reveal your specific identity as an individual, such as anonymized information.

• Processing refers to any operation which is performed upon or applied to personal data, whether undertaken manually or by automated means, including its acquisition, organization, storage, retrieval, consultation, amendment, availability, disclosure, erasure, or destruction.

• Subprocessor shall mean any entity appointed by us or by one of our sub-processors, to Process Personal Data on our behalf or on behalf of that sub-processor, excluding any employee of or of our sub-processor or of any such appointed person but including any contractor or affiliate of the foregoing.

The terms "Controller", "Processor", “Sub-Processor”, "Data Subject", "Personal Data", "Processing" (and/or "Process"), “Personal Data Breach”, the “Union”, “Member State” and "Special Categories of Personal Data" shall have the meanings given in the EU Data Protection Law. The terms “Business”, “Business Purpose”, “Consumer”, “Service Provider”, “Third Party” or “Contractor” shall have the same meaning as in the CPRA. To the extent that CPRA applies, the term “Controller” shall also mean “Business”, and “Processor” shall also mean “Service Provider”, “Contractor” or “Third Party”.

This Policy was originally written in English. If you are reading a translation and it conflicts with the English language version, please note that the English language version prevails.

Roles and Responsibilities

Data Controller:Under the Applicable Privacy Laws, Varolio is the Data Controller concerning Personal Data processing through the Website.

Data Processor:Concerning Varolio’s Software, Varolio is the Data Processor.

Personal Data We Collect

In this Privacy Policy, "Personal Data” or “Personal Information” means any personal information about you that can identify you (by itself or in combination with other data), such as your name, address, email address, credit information, other means of identification, or your Internet Protocol (or 'IP').

We collect personal information about you in several different ways. In this section, we will explain the various ways in which we collect personal information about you and how this information will be used.

This Policy refers to information of the first nature and can be collected in one of the following ways:

Data you provide us directly

Submitting information to us is optional in certain cases and required in others, depending on the Service you choose to use or access and whether you are a Customer or a User. This category includes one or more of the following data categories:

Contact Details: If you reach out to us about our Services or seek support, we may process your contact details, which include your name, email address, and phone number.

Purpose: We use this information to respond to your inquiries and provide the support or information you request, based on either your consent or our legitimate interest.

Retention: This information is retained as long as necessary to fulfill your request or as required by law. It may be shared with third-party services for processing, tracking, and addressing your request.

Signing Up and Registration: Registering for an account with our Software may require you to submit information such as your Gmail or GitHub single sign-on (SSO) credentials or, alternatively, you have the option to open an account with us directly by providing the required information through our registration form. This facilitates both authentication and authorization processes.

Purpose: This information is used for account creation, security, and to provide access to your activities and account management options.

Retention: We keep your account information as long as you remain a user and as required to provide you with our Services or by law.

Providing the Services: Setting up a user account is necessary to use our Software Services. We collect data such as your name, email, and phone number.

Purpose: This information is kept for as long as you use our Product and as needed to provide our Services or as mandated by law.

Retention: This information is kept for as long as you use our Product and as needed to provide our Services or as mandated by law.

Purchasing and Payment Information: When you make a purchase or register for our App, we collect payment information, which may include your name, credit card details, bank account information, billing address, and activation code.

Purpose: This information is used to fulfill orders and process payments, with some data possibly handled by third-party payment processors.

Retention: We retain payment information as necessary to complete transactions and as required by law.

Inbox Model: In our Inbox model, we additionally collect and store the contents and metadata of emails, which include the sender, thread, date, subject, body, attachments, and any other information received from the emailing service. This data collection is crucial to facilitating and enhancing our Services.

Purpose: The primary goal of Varolio is to provide AI-powered automations that leverage the rich data within employees' organizational inboxes and additional integrations of internal business messaging apps (e.g., Slack or Monday) to significantly benefit organizations.

Retention: The retention of data collected through the Inbox model is subject to client discretion, allowing organizations to determine how long their data should be kept in line with their own policies and regulatory requirements.

Workflow Builder: Varolio provides users with the ability to create custom workflows using a "canvas" interface, connecting various services and actions using a low-code approach. Personal data collected within this feature may include user account details such as name, email address, and user ID, as well as configurations, settings, data inputs, outputs, and usage data related to workflow creation and execution.

Purpose: To enable users to build and manage workflows within the Varolio platform, including integrating third-party services and internal Varolio services like assistants, forms, and notifications.

Retention: Data retention for Workflow Builder is aligned with the usage of our Product and Services, ensuring that information is retained for as long as necessary to support workflow functionalities and comply with legal requirements. Users have the option to delete or modify their workflows, which may impact data retention periods based on user actions.

Webforms: Varolio provides clients with the ability to create custom webforms. Clients may choose at their discretion to include various details within these forms.

Purpose: These forms are designed to capture information directly relevant to the client's needs, facilitating a more tailored interaction with our services.

Retention: The information collected through these webforms is retained according to the purpose for which it was collected or as required by applicable law.

Inbox Expert AI Assistant: Engage with our AI assistant, trained on your message history, for intelligent, context-aware support and suggestions.

Purpose: This AI assistant aims to enhance your experience by providing smart, personalized support based on the contents of your interactions.

Retention: Data used by the Inbox Expert AI Assistant is treated with the highest confidentiality and is retained as necessary to continually improve the service or as mandated by law.

Data we collect when you use our Services

This category refers to the means we use to improve our Clients' experience and our process performance for our Services.

When you access our Platform, or otherwise use the Services, certain information about your actions in connection with the Services, your device, and Site visit may be processed in order to provide the Services, maintain them, understand User’s usage, improve them with further versions and features, supporting them and protecting them.

Online identifiers: When you use the Websites or Software, or Services, we may process one or more of the following online identifiers: the IP address that your internet provider assigned to your device and access to the web, cookies information, or upon landing on our Website or the App. Such information, like any other digital service, is collected through cookies, pixel tags, and log files and includes online usage data, login data (when applicable), and IP address.

Purposes: We obtain information from server log files and use tracking technologies, like pixel tags, on our Websites to collect Online Identifiers. We use online identifiers for various purposes: (i) As part of our legitimate interest, we use certain online information for analytics and statistical purposes (ii) We also use IP addresses many times as part of our legitimate interest to monitor, detect and prevent fraud or any automated non-human actions across our Websites and Services. The IP address also serves our legitimate interest to learn the country from which you access the Services and make sure we serve the Products and Services in the right language and in compliance with the jurisdiction in which we offer our Products and Services. (iii) In certain cases, and upon your consent, third-party cookies and tags will be used for advertising and marketing purposes of our Products and Services, including by using retargeting.

Retention: We retain online information for as long as necessary to achieve the purpose for which it is processed, to begin with, or, until we make it Non-Personal Information, in which case, we reserve the right to retain the information without any time limitation, based on our discretion and commercial necessities.

Device Information: We may collect certain information about the device from which you access the Services, such as user-agent (that includes the browser type and version, IP address, operating system type and version), device type (mobile/tablet/desktop), type and version of your operating system (MAC/PC address), and the language you use on your device.

Purposes: Based on your consent, and in certain cases, our legitimate interest, we may process device information for the purpose of the Platform’s compatibility purposes, to the right device type, the relevant operating system’s version and features.

Retention: We retain device information for as long as necessary to provide the Service’s functionality, to maintain a record of your license key and usage of the product, to associate license terms and renewals.

Online activity: We also collect certain online activity information from Visitors. Under this category, we may also document in log files your clicks on actions and buttons across our Website or Services, if provided, as described under the category of “Online Identifiers”.

Purpose: We use this information for the following purposes: (i) Software usage (ii) Based on your consent for advertising, marketing and retargeting of our Services. (iii) Based on our legitimate interest - to make the Website, Platform and Services responsive and functional, to measure and calculate our payments to advertisers and to monitor and prevent ad fraud concerning our Products and Services.

Software and Website Activity: we automatically record and process activities related to the Software’s usage and functionality in order to be responsive to them or allow you to revert certain actions you took such as your Site and Platform use, including but not limited to performance and frequency of use, or the number of times you visit or use the Site or Platform and the time you spend using it.

Data we collect from third parties

This category refers to data we may receive from third parties concerning the Services we provide to you.

Services Support: Data from companies that offer their products or services in relation to our Services or whose products or services may be linked from our service or whose products or services may be linked to their service.

Marketing: Information for marketing operations is provided by third-party marketing services. We may share or receive information about you with/from third parties, including advertising and remarketing providers or similar partners, to personalize or understand how you engage with ads or other content. The purpose of sharing or receiving information with/from third-party advertisers/remarketers is to tailor, target, analyze, report on, and/or manage advertising campaigns or other initiatives. These third parties may use cookies, pixel tags, or other technologies to collect information in furtherance of such purposes.

Purpose: The processing purpose for sharing or receiving information with/from third-party advertisers/remarketers is to tailor, target, analyze, report on, and/or manage advertising campaigns or other initiatives.

Retention: We retain information shared or received with/from third-party advertisers/remarketers for as long as necessary to provide you with the Services or as required by applicable law. When you access and use our Services, you consent to the processing of data about you by these third party providers in the manner and for the purposes set out in this Privacy Policy.

Social Networks: We may collect information when you interact with our social media accounts, such as liking, commenting, or sharing our content. This information helps us understand and improve engagement on social platforms, enabling us to better serve our audience and enhance our social media strategies.

Purpose: To understand and improve engagement on social platforms, enabling us to better serve our audience and enhance our social media strategies.

Analytical information: We use one or more third-party analytics services, to evaluate your use of the Services by compiling reports on activity (based on their collection of IP addresses, Internet service provider, browser type, operating system, and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website or Platform you visit, number of links clicked, search terms and other similar usage data) and analyzing performance metrics. These third parties use cookies and other technologies to help collect, analyze, and provide us with reports or other data. By accessing and using the Services, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy.

Legal Obligations: Additional information as required from us to comply with legal obligations.

Any data obtained by any of the above means may be associated with other data you have previously provided to us.

Cookies

At Varolio, we use cookies and other tracking technologies to enhance user experience and improve our services. Cookies are small data files that are transferred to your device via your web browser, allowing our systems to recognize your browser and capture certain information.

Cookies may be collected by us or by third-party vendors, such as PostHog, to analyze how you interact with and use our Website and the App. The information collected by these cookies includes your IP address, time of visit, tracking sessions and users over time, user segmentations, App pages, whether you are a return visitor, any referring Website or App, URL, referrer, device and browser characteristics, funnels, retention analysis, and timestamp.

The data collected by these cookies is transmitted to and stored by the third-party vendors and is subject to their respective privacy policies.

We also use other tracking technologies, such as flash cookies, embedded scripts, eTags, and web beacons, to collect and store information about your visit, such as your browser type, operating system, mobile device information, and clickstream data.

We use cookies to allow you to use the site without having to re-enter your login information, enhance or personalize your website usage, monitor website usage, manage the Website, and improve our products and services. Cookies may be session cookies, which expire once you close your browser, or persistent cookies, which stay on your device until you delete them.

Cookies opt out option:

Your ability to opt out from Varolio’s cookie collection.

You can control and/or delete cookies as you wish. You can delete all cookies already on your computer and set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences whenever you visit a site, and some services and functionalities may not work. Some of the features that make your Website experience more efficient by turning cookies off may not function properly.

You can always change your cookie preferences based on which we collected your cookies, including accepting or rejecting the cookie collection via our cookie preference feature located in our Website.

You may also choose to disable or delete cookies through your cookie banner settings, but please note that doing so may affect your user experience on our App.

Your browser or device may include “Do Not Track” functionality. We do not respond to “Do Not Track” signals.

Please keep in mind that, if you delete your Cookies or if you set your browser or device to decline Cookies, some functions of the Site and/or the CraneView System may not function as designed or at all.

How We Use Personal Data (Purposes of Processing)?

Personal Data is utilized for the following primary purposes (as may be updated from time to time): to provide and operate the Website, the Software, or any of our Services; to monitor, study, and analyze usage of the Website, the Software or any of our Services and their functionalities; to provide, personalize, and improve our Services. This information aids us in presenting features and promotions from our partners that may be of interest to you and us. Additionally, it is used for ongoing customer assistance, technical support, and maintenance of the Website and Services; to provide service announcements, notices, promotional messages, and market our Services subject to applicable laws; to enforce our Terms of Use, policies, and other contractual arrangements and prevent misuse of the Website and/or Services; to comply with court orders and warrants and to take any action in any legal dispute and proceeding; to better understand your needs, both on an aggregated or inferred basis, and on an individualized basis, in order to further develop, customize, and improve our Website and Services based on Visitors’, Users', and Clients' preferences, experiences, and difficulties; to communicate with you and obtain feedback regarding the Services and Site; to disclose to third-party vendors, service providers, contractors, or agents who perform functions on our behalf with respect to the Website and Services; and as otherwise authorized by you.

The Legal Basis for Personal Data Use

When Varolio collects information directly from you, it occurs when you visit our website (for example, when you register for our services or contact us for support) or when you use our software (for example, when cookies are collected for operating the product). We undertake these actions only with your consent, in accordance with legal requirements. When providing services to our clients and within the software services, Varolio will process data as part of contract engagement. The legal basis for using your Personal Data to provide our Services is grounded in our obligations as the Data Processor under the appropriate Data Processing Agreement (DPA) with the relevant Data Controller, as applicable. We will only process your Personal Data where we have a legal basis to do so, which depends on the reasons we collected and need to use your Personal Data.

Third Parties

Sharing Personal Data With Third Parties

We do not sell, rent, or lease your Personal Data. We may share your Personal Data with service providers and other third parties to the extent necessary to fulfill our Services. However, in order to provide, operate, maintain, serve, and improve our Website and Services, and to offer additional products and features, we utilize third-party services. These services include payment processors, feedback features, support tools, operational tools, analytics, statistical tools, and more. The categories of these services include the following:

(I) Hosting services and storage: We use third-party host and storage services to host our Site and Software, and respective data and retain your Information. Such Processors may be based (and their servers may be located) in the EU (Frankfurt, Germany), depending on your preference. We require each such Processor to maintain strict privacy protection and data security policies and ensure their compliance with applicable data protection laws. However, their practices and activities are fully governed by their own privacy policies.

(II) Analytics: If you are a User and visiting our Site and Software, we may use analytics services to help us understand how Users interact with our Services.

(III) Support services: We may use, from time to time, support and help desk services to provide better and faster support, whether online or, when you contact customer support.

(IV) Authentication and security: In cases where you open an account with us, we may integrate over time certain authentication services and SSO services.

(V) Payment processors: When you choose to purchase one or more of our products, we may use payment processing services carrying strict security standards.

(VI) CRM and mailing lists: If you are a Client or a User, we may use services to manage and secure your Personal Information, or, manage subscriptions and notifications lists.

(VII) Technology partners: Some of our products and Services may include third-party technologies, widgets, automation, or features in order to enhance a product’s functionality and expand it to include more features for you.

(VIII) Advertising and Retargeting: Some of our third-party services may collect non-identifiable information about your interaction with our Site. Third parties may use such information to serve and display ads when browsing other websites across the web (“Retargeting”). You can opt-out at any time of such type of advertising directly from the Ad when you encounter it.

(IX) Legal Proceeding or law requirement: we may share your Personal Information with any third party if we believe that disclosure of such information is helpful or reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or governmental request; (b) enforce our license agreement, terms of service or this privacy policy, including investigations of potential violations thereof; (c) detect, prevent, or otherwise address fraud or security issues; and/or (d) protect against harm to the rights, property or safety of NI, our affiliated entities, our users, yourself, and/or the public.

(X) Merger, Sale, or Bankruptcy: In the event that we or one of our affiliated entities is acquired by, or merged with, a third party entity or otherwise sells all or part of our/its assets, we may (and hereby reserve the right to) transfer or assign the Personal Information and other information we have collected or received. In such a case, we will require the acquiring entity to post its data practices and provide you with any of your rights as per the jurisdiction of your residency.

Third-Party Links and Responsibilities

Our Services may connect with third-party services and products essential for workflow management and integration. While Varolio securely stores credentials and connection information, we do not have access to, nor are we accountable for, the data exchanged between these third-party services. The management of such data adheres to the terms of use and privacy policies of the respective third-party services.

Information Shared With Third-Party AI Tools

To deliver specific functionalities like utilizing AI Assistants in automations, engaging in chat interactions with AI Assistants, web scraping, and deploying other AI plugins, our Services may share your data with third-party AI tools and companies such as OpenAI, among others. By default, our AI Assistants use the GPT and Claude models, but users can view and, in certain cases, modify the models each assistant uses through the assistant configuration screen. Furthermore, when opting to use other AI tools within the apps/canvas, these tools are explicitly identified by their respective names. Any data sent to these third-party AI tools is processed in accordance with their terms of service and privacy policies, which may include using the data for analytical purposes and improving AI models.

Google User Data Management Practices

At Varolio, we prioritize the secure handling of Google user data and adhere to stringent practices to safeguard privacy and confidentiality. Specifically addressing how we manage Google user data, we adhere to the following practices:

1. Data Collection: We only collect necessary Google user data essential for enhancing our services, ensuring minimal intrusion into user privacy.

2. Data Usage: Google user data is strictly used for service improvement and provision, enhancing user experience while maintaining privacy standards.

3. Data Sharing and Disclosure: We do not share Google user data except as required for service provision or by legal obligations, ensuring user data remains protected and confidential.

4. Data Protection: Our robust security measures ensure the protection of Google user data from unauthorized access. This includes encryption of data in transit and at rest, secure storage of passwords with routine updates, and implementation of other standard security protocols.

5. Data Retention and Deletion: We retain Google user data only as long as necessary for operational purposes and facilitate its deletion promptly upon user request, giving users control over their data.

6. Policy Updates: Users will be promptly informed of any significant changes to policies regarding the handling of Google user data, ensuring transparency and accountability in data management practices.

Data Security

We take the safeguarding of the Personal Data and non-Personal Data very seriously, and use a variety of industry standard systems, applications and procedures to protect the Data from loss, theft, damage or unauthorized use or access. However, although we make efforts to protect your privacy, we cannot guarantee that the Website or our Platform will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and for further enhancing the security of our Website and Services and protection of our Visitors’ and our Users’ privacy.

Furthermore, we retain and store your personal information, including email contents collected through our Inbox model, for as long as you are registered to use our Services. To ensure the security of this data, we implement stringent security measures such as encryption and access controls. Our dedicated team ensures that email information is accessible only to authorized personnel and solely for legitimate business purposes. This information may be processed and stored in Frankfurt, Germany, with all necessary measures taken to ensure its security and confidentiality.

Data Retention

We retain different types of information for varying periods, depending on the purposes for processing the data. We may retain Personal Data for as long as necessary to support our legitimate business purposes and Services. This includes storing data, documentation, cyber-security management purposes, legal proceedings, and tax issues. Aggregated or anonymized Non-Personal Data may be stored without a time limit. However, as long as you use the Website and Services, we will keep information about you as outlined in this Policy, unless legally required to delete it or to the extent applicable under Applicable Law — if you exercise your rights to delete the information, subject to our legal requirements.

Age Restrictions

Our Services are specifically designed for corporate use and are not aimed at minors. Consequently, we do not intentionally collect personal information from individuals under the age of 16. If you are below 16 years of age, we strongly advise against submitting any personal details to us. Should we inadvertently come into possession of personal information from someone under the age of 16, we are committed to taking prompt action to remove such information upon discovery.

Varolio’s Region-Specific Processing of Personal Data

A Notice for EEA Residents

Depending on your country of residency, and on the type of your use of our Website, Software or Services, certain rights concerning your Personal Data may be available to you. If you are located in the European Economic Area (“EEA”) including UK, you have certain rights with respect to your Personal Data, including:

1. the right to be informed

2. the right of access

3. the right to rectification

4. the right to erasure

5. the right to restrict processing

6. the right to object to processing

7. the rights in relation to automated decision making and profiling.

Please contact us at: team@varolio.io with your detailed request and sufficient information to allow us to verify you and your request, and we will process your verifiable request within the timeframe indicated in the applicable regulation and within 30 days. Please note, that when handling these requests, we may ask for additional information from you. We will make good-faith efforts to locate the data that you request to access.

Transfer of Data Outside of Your Territory

If you are a resident of the EEA (including UK), it is possible that your data will be transferred outside the EEA, to third parties who can assist us in our Services. We may process your Personal Data in any country in which we do business, currently mainly the member states of the EU, Israel (a country declared by the EU Commission as an adequate country) or the US. If we shall transfer the Personal Data of an EU resident outside of Israel or the EU, we shall comply with Applicable Laws in relation to such transfer and according to our commitment under a Data Processing Agreement/Addendum (“DPA”) with the Data Controller (our Distributors).

We are subject to the provisions of the GDPR that protect your Personal Data. We will ensure that certain safeguards are in place to provide a similar degree of security for your Personal Data. Each transfer of data outside the EEA, such as to Israel where our offices are based, will be subjected to the Commission Implementing Decision (EU) 2021/915 given on 4 June 2021 (hereinafter: "SCC" and/or "Standard Contractual Clauses").

In any case, our transfer, storage, and handling of your Personal Data will continue to be governed by this Privacy Policy transfer and according to our commitment under the DPA with the Data Controller.

A Notice for California Residents

We hereby inform Visitors and Users that are California residents (in this section “You”, “Your”), of the following rights (by virtue of the CPRA amending the CCPA) with respect to the Processing of your Personal Data:

To learn more about the Personal Data we collect, including the specific Personal Data categories collected, sources of collection, our purposes for collection, and the categories of service providers with whom we share Personal Data, please see the headlines above.

We do not sell Personal Data for business or commercial purposes, but we may share personal information or aggregated information with a third party for a business purpose. When we do so, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose except the agreement.

Consumer Rights

- The CPRA grants California consumers specific rights in connection with the Personal Data collected by businesses, as described below:

- Right to Know: You have the right to know the categories and specific pieces of Personal Data we have collected about you in the previous 12 months.

- Right to Deletion: You have the right to request that we delete any Personal Data we have collected about you.

- Right to Request Information: You have the right to request information about our collection, sale, and disclosure of your Personal Data from the previous 12 months.

- Right to Opt-out of the Sale of Personal Data: You have the right to opt-out of the sale of Personal Data we have collected about you. As of the date of this Policy, we do not sell the Personal Data we have collected about you.

- Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CPRA rights. We will not treat you differently for exercising any of the above rights.

Exercising Your Rights

To exercise any of the CPRA rights above, don't hesitate to contact us by emailing at team@varolio.io. We will fulfill your request within 45 days of receiving your request. Some of these rights may be subject to limitations and qualifications, such as where fulfilling the request would conflict with federal, state, or local law, regulatory inquiries, subpoenas, or our ability to defend against legal claims. We will verify your request using your email address. If you've created an account with us, we will also verify your request using the information associated with your account, including billing information.

Note that we cannot respond to your request if we cannot verify your identity and confirm the Personal Data related to you. Making a verifiable consumer request does not require you to create an account with us. If you wish to use an authorized agent to submit a request to opt-out on your behalf, you must provide the authorized agent with written permission signed by you. We may deny a request from an authorized agent if the agent cannot provide to us your signed authorization demonstrating that they have been authorized to act on your behalf.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our privacy practices or applicable laws. If we make any significant changes, we will notify you through email or by posting a notice on our website or app. We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices.

Contact Us

For further information about this Policy, please contact us at: team@varolio.io

If you have any concerns relating to this Policy, please contact us and we will make good-faith efforts to address your concerns. We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.