Effective as of May 22, 2020.
We provide important information for individuals located in Europe below.
Table of Contents
- Personal Information We Collect
- Cookies and Similar Technologies
- How We Use Your Personal Information
- How We Share your Personal Information
- Your Choices
- International Transfer
- Other Websites and Services
- Contact us
- Notice to European Users
- Notice to California Residents
- Online Tracking Opt-Out Guide
Personal Information We Collect
Information you give us
Personal information that you may provide through the Services or otherwise communicate with us includes:
- Contact data, such as your first name, last name, postal address, email address, telephone number, and organization name;
- Profile data, such as your username, and password, and any additional information we collect from source code repositories as described below;
- Feedback, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with the Sites, receive customer support or otherwise correspond with us;
- Transaction data, such as details about purchases you make through the Sites, registrations you make through the Sites, and billing details;
- Usage data, such as information about how you use the Sites and interact with us;
- Marketing data, such as your preferences for receiving marketing communications and details about how you engage with them;
Information automatically collected. We, our service providers, and our business advertising partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Services. Our service providers and advertising partners may collect this type of information over time and across third-party websites. The information that may be collected automatically includes:
- Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, and general location information such as city, state or geographic area; and
- Online activity data, such as the website you visited before browsing to our website, and information about your use of and actions on the Services, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access.
On our webpages, this information is collected using cookies, browser web storage (also known as locally stored objects, or "LSOs"), web beacons, and similar technologies, and our emails may also contain web beacons. Please refer to the Cookies and Similar Technologies section for more details.
Cookies and Similar Technologies
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience.
Our Sites may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them).
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third party cookies, which are served by service providers or business partners on our Sites, and can be used by these parties to recognize your computer or mobile device when it visits other websites. Third party cookies can be used for a variety of purposes, including site analytics, advertising and social media features.
We may also use web beacons (which are also known as pixel tags and clear GIFs) on our Sites and in our HTML formatted emails to track the actions of users on our Sites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of the Sites, so that we can manage our content more effectively.
Online Advertising and Opting Out
Some of the partners that collect information about users' activities on or through our Sites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. Please visit our Online Tracking Opt-Out Guide for information about opting out of targeted advertisements, and for information about blocking cookies and similar technologies on our Sites. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked to in our guide. If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included on those lists, so you may still receive some cookies and tailored advertisements from companies that are not listed.
Do Not Track Signals
Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not currently respond to do not track signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.
How We Use Your Personal Information
Operations. We use your personal information to:
- provide, operate and improve the Services
- provide information about our products and services
- communicate with you about the Services, including by sending you announcements, updates, security alerts, and support and administrative messages
- understand your needs and interests, and personalize your experience with the Services and our communications
- provide support and maintenance for the Service
- to respond to your requests, questions and feedback
Research and development. We analyze use of the Service to analyze and improve the Service and to develop new products and services, including by studying user demographics and use of the Service.
Marketing. We may send you Code Climate-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing communications section below.
To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention and safety. We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
With your consent. In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes.
How We Share Your Personal Information
Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
Advertising partners. We may enable third-party advertising partners to collect information directly from our Sites for advertising purposes.
Compliance. We may share your personal information to comply with law and for the compliance, fraud prevention and safety purposes described above.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
Access, update, correct or delete your profile information. All Code Climate account holders may review, update, correct or delete the personal information in their registration profile by logging into their Code Climate account and/or updating the information in their linked SCR account.
Cookies and Targeted Advertising. For information on how you can disable or opt out of cookies and targeted advertising, visit our Online Tracking Opt-out Guide. Please note that if you set your browser to disable cookies, the Sites may not work properly.
If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.
Opt out of marketing communications. You may opt out of marketing-related emails by clicking on a link at the bottom of each such email. You may continue to receive service-related and other non-marketing emails.
Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.
The security of your personal information important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
Our Sites are not directed to children under 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable.
Code Climate is headquartered in the United States and has service providers in other countries, and your personal information may be transferred to and accessed from the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.
European Union users should read the important information provided below about transfer of personal information outside of the European Union.
Other Websites and Services
The Sites may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.
Code Climate Inc. Attn: Privacy Rights 155 W. 23rd Street, 5th Floor New York, NY 10011
Notice to European Users
The information provided in this "Notice to European Users" section applies only to individuals in Europe.
Legal bases for processing
Details regarding each processing purpose and its legal basis listed below are provided in the section above titled "How we use your personal information".
Operations. Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. We also process your personal information based on our legitimate interest in providing the Services you access and request.
Research and development. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Marketing. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
For compliance, fraud prevention and safety. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To create anonymous, aggregated or de-identified data. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with law. Processing is necessary to comply with our legal obligations.
With your consent. Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.
Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us.
Generally, we retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
European data protection laws give you certain rights regarding your personal information. If you are an individual user of the Services located within the European Union, you may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information.
You can submit these requests by email to email@example.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
If you are an enterprise user of the Services, your employer is the data controller of your personal information. As the data controller, your employer is responsible for receiving and responding to your requests to exercise any rights afforded to you under applicable data protection law. Code Climate will assist our customers in responding to such requests as set forth in the customer contract.
Cross-Border Data Transfer
Whenever we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with European data protection laws.
Notice to California Residents
We are required by the California Consumer Privacy Act of 2018 ("CCPA") to provide to California residents an explanation of how we collect, use and share their personal Information, and of the rights and choices we offer California residents regarding our handling of the personal information. This notice does not apply to information related to our business contacts, or to enterprise users of our Services. Code Climate is a service provider under the CCPA in relation to our enterprise Services, and our business customers are responsible for addressing CCPA compliance with respect to enterprise users of our Services.
- Contact data, Feedback, Transaction data:
- CCPA-defined categories (click here for details). Identifiers, Online Identifiers, Commercial Information
- Sources of personal information. You
- Purposes for which we may collect and use the personal information. Operations, Research and Development, Marketing
- Data sharing. None
- Profile data:
- CCPA-defined categories (click here for details). Identifiers, Online Identifiers
- Sources of personal information. You, Source Code Repositories
- Purposes for which we may collect and use the personal information. Operations, Research and Development, Marketing
- Data sharing. None
- Usage Data, Marketing Data, Device Data, Online Activity Data:
- CCPA-defined categories (click here for details). Identifiers, Online Identifiers, Inferences, Internet or other network activity information
- Sources of personal information. You, Automatic Collection
- Purposes for which we may collect and use the personal information. Operations, Research and Development, Marketing, Advertising
- Data sharing. Collected directly by advertising partners
California Residents' Privacy Rights
Except as excluded from the scope of this notice above, the CCPA grants California residents the following rights.
- Information. You can request information about how we have collected, used and shared and used your personal information during the past 12 months. We have made this this information available to California residents without having to request it by including it in this notice, in the above chart.
- Access. You can request a copy of the personal information that we maintain about you.
- Deletion. You can ask us to delete the personal information that we maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
You are entitled to exercise the rights described above free from discrimination.
How to Submit a Request
To request access to or deletion of personal information:
- Email: firstname.lastname@example.org
- Visit: Contact us
Identity verification. The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. We may attempt to verify your identify by asking you to confirm information that we have on file about you or your interactions with us, or by asking you to submit the request through your Code Climate account. Where we ask for additional personal information to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
Authorized agents. California residents can empower an "authorized agent" to submit requests on their behalf. We will require the authorized agent to have written authorization confirming such authority.
Below a list of statutory categories and the data element within each category:
- Commercial Information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Identifiers. Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
- Inferences. The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
- Internet or Network Information. Browsing history, search history, and information regarding a person's interaction with an Internet website, application, or advertisement.
- Online Identifiers. An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.
Online Tracking Opt-Out Guide
Like many companies online, we may use services provided by Google, Facebook and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. In addition, we use Google Analytics for analytics purposes. You can find out more information about Google Analytics cookies here and about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a browser plugin available here.
- Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
- Platform opt-outs. The following advertising partners offer opt-out features that let you opt-out of use of your information for interest-based advertising:
- Google: https://adssettings.google.com
- Twitter: https://twitter.com/settings/account/personalization?lang=en
- FullStory: https://www.fullstory.com/optout/
- Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
- Digital advertising Alliance: http://optout.aboutads.info
- Network Advertising Initiative: http://optout.networkadvertising.org/?c=1
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.