Privacy Notice


Privacy Notice

Effective November 4, 2024

cedig media’s mission is to help you schedule better. To do so, we need personal information from you and the people scheduling time with you – there’s no way around it. But we don’t take this responsibility lightly. We recognize the importance of privacy and your rights, and we want you to feel confident about using our services and in your interactions with us. We want you to love cedig media as much as we do, but if you do not agree with this policy then please do not access or use the Website.

The sections below contain the information you may want to know about this topic. We’ve tried to make them as straightforward as possible, but we realize it’s a lot of information. If you still have any questions, please reach out to

[email protected]

.

Introduction

This privacy notice (“Privacy Notice”) describes how cedig media, LLC and its affiliate Interview Schedule, Inc. d/b/a Prelude (“cedig media”, “we”, or “us”) collect, use, and disclose your Personal Data. Throughout this document, we will use a few defined terms “Personal Data” when used in this Privacy Notice means any data relating to an identified or identifiable natural person that is processed by cedig media as described in this Privacy Notice when such information is protected as “personal data” or “personal information” or a similar term under applicable data protection laws. All other defined terms used in this Privacy Notice will have the meanings associated with them in our Terms.

Applicability

This Privacy Notice applies to Personal Data cedig media collects when you visit or use our Website and Services as described in the “Information We Collect” section of this Privacy Notice below. cedig media is the controller of that Personal Data. This Privacy Notice does not apply to personal data within Customer Data (as that term is defined in your agreement with cedig media), such as information a User collects about an Invitee when an Invitee books a meeting or interview using our Services. We process Personal Data within Customer Data on our customers’ behalf as a processor or service provider. If you are an Invitee and have questions about how your data is processed by our customers or wish to exercise your rights with respect to that data, you must reach out to the User who collected your information. If you contact us about Personal Data within Customer Data and are able to identify the Entity or User with whom you have interacted, we will promptly notify the relevant Customer who collected your data of your inquiry.

Information We Collect

We collect information about you directly from you and automatically through your use of our Website. To help you protect yourself and your information, we encourage you to provide and collect only that information that is necessary for your use of our Website or Services. For example, to schedule a meeting, the only information that may be necessary is names, email addresses, date, and time. Please note that if you choose not to share certain Personal Data with us, or refuse certain contact permissions, we might not be able to provide certain parts of the Services.

cedig media is not directed to children under eighteen (18) years of age, and we do not knowingly collect personal Data from children under 18. If we discover that a child under 18 has provided us with Personal Data, we will promptly delete such Personal Data from our systems. For educational service providers and schools, please see our FERPA and COPPA Privacy Policy and Notice.

cedig media collects the following information, either directly from Users, Invitees, or Visitors, or through third parties regarding Users, Invitees, or Visitors.

A User may voluntarily give us certain information when scheduling and setting up appointments. This can include name, email address, phone number; email addresses of other people and/or Invitees; the subject of the meeting; and any other information a User provides or collects upon scheduling, pursuant to the cedig media Terms or an executed agreement with cedig media. cedig media processes the information an Invitee provides to a User when scheduling with the User on the User’s behalf as a processor or service provider.A User may connect their calendar with cedig media. In most instances, our calendar integration only uses and displays the duration and free/busy status of the events in your calendar so that we don’t book you when you’re busy. A few of our features also use and display the meeting titles in your calendar (these are currently our one-off meeting feature, or if you are booking with another cedig media user). In all cases, however, no details about the appointments in your connected calendar are stored in cedig media, such as who you are meeting with, their email address, or the meeting title. Although connecting your calendar to our Services makes the scheduling process much more efficient, you are not required to connect your calendar to use our Services. More information about access to the cedig media app and extensions to have your calendar connected is available here. cedig media processes the calendar information on the User’s behalf as a processor or service provider. (The Prelude service works a bit differently. cedig media will have access to the duration, free/busy status of the events in your calendar, attendees, start time, and the title of these events. We need this information in order to understand which events are movable on a User’s calendar so interviews may be scheduled more seamlessly.)If you participate in a recorded virtual meeting where we use meeting assistant functionality, we will collect a recording of the meeting. We use third party partners to assist us with recording and creating a transcription of the meeting. You may opt out of recording at any time. When recording a virtual meeting you attend, we will gather audio and visual information of you as applicable and as you appear in the meeting (for example, if you do not turn on your video at a meeting, we will not record visuals of you). We will also gather any of your personal information shared on screen during the meeting (for example, by using a “screen share” feature to present materials).If you choose to connect your account to your account with a third-party service, we may receive or be granted access to information from such third-party service, including Personal Data. For example, if you use the Prelude service and enable applicant tracking systems integrations for the recruiting use case within Prelude, your ATS may send to Prelude certain Personal Data as determined by you. You can stop sharing your information from a third-party service with us by removing our access to that service. cedig media processes that information on the User’s behalf as a processor or service provider.

Users provide cedig media with certain information, including name, email address, username, and password, when you set up your account. If you purchase a premium version of cedig media, our third party payment processors will collect and store your billing address and credit card information. We store the last four digits of your credit card number, card type, and the expiration date. (The payment and billing information will be processed as established in the services agreement between cedig media and your organization.)

If you engage with our virtual chatbots, we will collect the information you provide during the chat, including transcripts of your conversation with the chatbot.Users, Invitees, or Visitors interested in cedig media’s Services may contact us through forms made available on the Website and voluntarily give information such as name, work email, phone number, company, and role. Users, Invitees, or Visitors interested in our newsletter may also submit their name and email addresses to join our mailing list. We also receive other similar information provided by you if you participate in an event hosted by or attended by cedig media or its partners (such as webinars, conferences, and trade shows) and in your interactions with our social media accounts.We may also receive certain Personal Data as you interact with cedig media through activities such as surveys, focus groups, customer support tickets, or any other product education initiatives aimed at receiving User, Invitee or Viewer feedback.

We and our authorized third parties use Cookies, pixels, web beacons, and other technologies (such as local storage) to receive and store certain types of information when you interact with us through your computer or mobile device (subject to your consent, opt-out preferences or other appropriate legal basis where legally required). Using these technologies helps us customize your experience with our Website and Services, improve your experience, tailor marketing messages, and help us detect and prevent fraud and security risks. Here is more specific information about the types of information we collect:

When you access the Website or the Services, we and our authorized third parties may automatically record certain information (“log data”), including information that your browser sends whenever you visit our Website. This log data may include the web address you came from or are going to, your device model, operating system, browser type, unique device identifier, IP address, mobile network carrier, and time zone or approximate location. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. For example, different types of information are available depending on whether you’re using a Mac or PC, or an iPhone or an Android phone. To learn more about what information your device makes available to us, please check the policies of your device manufacturer or software provider.

Depending on how you’re accessing our Services and subject to your consent, opt-out preferences, or other appropriate legal basis where legally required, we and our authorized third parties may use “Cookies” (a small text file sent by your computer each time you visit our Website, unique to your cedig media account or your browser) or similar technologies such as pixels, web beacons or local storage to record log data. When we use Cookies, we may use ‘session’ Cookies (that last until you close your browser) or ‘persistent’ Cookies (that last until you or your browser deletes them). For example, we may use Cookies to keep you logged into cedig media. Some of the Cookies we use are associated with your cedig media account (including Personal Data about you, such as the email address you gave us), and other Cookies are not. cedig media provides a centralized cookie management service across the entire cedig media Website. When visiting the cedig media Website or a booking page for the first time, Users, Invitees and Visitors will see a cookie banner in accordance with their region. Cookie preferences can be adjusted at any time. Users can find the link to manage their cookie preferences by accessing “Cookie Settings” under “Account Settings” within their cedig media account. Invitees can click on “Cookie Settings” within any booking page they receive. Users, Invitees and Visitors can also navigate to the footer of the cedig media Website at any time and change their Cookie preferences under “Cookie Settings” or “Your Privacy Choices.” We may also use your browser’s local storage under “localStorage” to store certain information that enables us to recognize you when you return to our website. You may erase the local storage objects by deleting your browser's history. (You can opt out through the “Cookie Preferences” link made available to you on the booking page you receive from a Prelude User.)

When you use our Services either as a User or an Invitee, we and our authorized third parties collect certain information about how you use the Services. For example, we collect information on the meeting types our Users use most often, and how many meetings are scheduled each day. We aggregate this information and use it to help us monitor and improve the Services, such as to determine which features are most popular amongst our Users, and which features could be added or improved.

We may disclose information to third parties or allow third parties to directly collect information using these technologies on our Website, such as social media companies, advertising networks, companies that provide analytics including ad tracking and reporting, security providers, and others that help us operate our Services and Website. We use such third-party tools subject to your consent, opt-out preferences, or other appropriate legal basis where legally required. For example, we use third-party providers such as Google Analytics to provide certain analytics and Visitor interactions services to cedig media in connection with our operation of our Website, including the collection and tracking of certain data and information regarding the characteristics and activities of Visitors to the cedig media Website. To learn how Google Analytics collects and processes data, please visit: “How Google uses data when you use our partners’ sites or apps” located at

www.google.com/policies/privacy/partners

. We also use session replay, session recording, and similar tools provided by third party Service Providers (as defined below) to record your interactions with our Website, such as how you move throughout our Website and engage with our webforms. In addition to analytics, this information helps us improve our Website and Services, our marketing activities, and identify and fix technical issues visitors may be having with our Website.

Certain third-party tools may not be opted out of and are essential to our service. For example, cedig media has implemented Google reCAPTCHA Enterprise to help prevent spam and abuse. reCAPTCHA Enterprise collects hardware and software information, such as device and application data, and sends it to Google for purposes of providing, maintaining, and improving reCAPTCHA Enterprise and for general security purposes. This information is not used by Google for personalized advertising. Your use of reCAPTCHA Enterprise is subject to Google’s Privacy Policy and Terms of Use.
How We Use Your Information

We may use information that we collect about you, including Personal Data, to:

. We will use your information to provide our Services to you, including to facilitate scheduling; create and manage your account; respond to your inquiries; prevent or address service errors, security, or technical issues; analyze and monitor usage; prevent spam, fraud and abuse on the Services; investigate potential violations of our Terms, verify your identity; and for other customer service and support purposes. We use the payment information you provide to us in order to alert you of past, current, and upcoming charges, to allow us to present the billing history to you on your billing page in your account, and to perform internal financial processes, such as looking at the status of a credit card charge. In the event of a credit card dispute, we also share account information with your bank to verify the legitimacy of a charge.

We will perform research and analysis about your use of, or interest in, our products, Services, or content, or products, services or content offered by others. We do this to help make our products better and to develop new products.

We may send you service and administrative emails to ensure the service is working properly. We will also email you regarding your calendar appointments. These messages are considered part of the Services and you may not opt out of these messages.

Subject to your opt-out preference and subscription, we may send you emails about new product features or other news about Cedig Media or on topics we think would be relevant to you. You may opt out of receiving these communications at any time. Visit the ‘Your Rights and Choices’ section below. For Cedig Media Invitees, please be assured that we do not use the email addresses that you enter to schedule a meeting with a Cedig Media User to send any type of direct marketing. However, you may receive marketing communications if you have used the same email address to sign up for them previously or to manage your account as a Cedig Media User.

We will also use your information to respond to your questions or comments.

We may contact you to inform you about changes to your account, our Services and other important service-related notices, such as changes to the Terms or Privacy Notice or about security or fraud notices.

We will use your information to protect our rights and interests as well as the rights and interests of our Users and any other person, as well as to enforce this Privacy Notice or our Terms.

We may use your information to comply with applicable legal or regulatory obligations, including complying with requests from law enforcement or other governmental authorities, or in legal proceedings involving Cedig Media.

We also may use your information to manage our business or perform functions as otherwise described to you at the time of collection subject to your consent where legally required.

With Whom We May Share Your Information

We may share information we collect about you, including Personal Data, in the following ways:

We use other companies, agents, or contractors (“Service Providers”) to perform services on our behalf or to assist us with providing services and communicating with you. We may engage Service Providers to process credit card transactions or other payment methods. We may also engage Service Providers to provide services such as monitoring and developing Cedig Media services; aiding in communications, infrastructure, and IT services; customer service; debt collection; analyzing and enhancing data. These Service Providers may have access to your Personal Data or other information to provide these functions. In addition, some of the above-listed types of information that we request may be collected by third-party Service Providers on our behalf. Microsoft is one of Cedig Media’s Service Providers. You may review Microsoft’s Privacy statement here. We may share information with Service Providers and government entities for legal, security, and safety purposes. This includes sharing information to enforce policies or contracts, address security breaches, and assist in the investigation of fraud, security issues, or other concerns. We require Service Providers to agree to take reasonable steps to keep the Personal Data that we provide to them secure. We do not authorize them to use or disclose your Personal Data except in connection with providing their services. You may find the list of Cedig Media’s Service Providers who are also platform subprocessors here.

We may disclose information to current or future affiliates or subsidiaries for purposes consistent with this Privacy Notice.

We may share your data if we believe that disclosure is reasonably necessary to comply with a law, regulation, legal, or governmental request; to respond to a subpoena, court order, warrant, or other legal process; to enforce applicable Terms or this Privacy Notice, including investigation of potential violations thereof; to protect the safety, rights, or property of the public, any person, or Cedig Media; to detect, prevent, or otherwise address, security or technical issues, illegal, or suspected illegal activities (including fraud); or as evidence in litigation in which we are involved, as part of a judicial or regulatory proceeding. In this process, Cedig Media is committed to maintaining individuals’ privacy, and all such disclosures are carefully reviewed to ensure their legitimacy, and if disclosure is required, that only the necessary information is provided or that the request is challenged accordingly. Unless prohibited by law, Cedig Media will inform you of a government request it has received.

If you are using Cedig Media as a member of an organization or with your organization’s email domain (thereby representing yourself as a member of the organization), we may share your email address, plan information, and data within your account with an authorized agent of your company upon your company’s request for them to administer the account for the company.

We may, as a result of a sale, merger, consolidation, change in control, transfer of assets, reorganization, or liquidation of our company (a "Reorganization Event"), transfer or assign your Personal Data to parties involved in the Reorganization Event. You acknowledge that such transfers may occur and are permitted by and subject to this Privacy Notice.

Your Rights and Choices

Depending on your relationship with Cedig Media, you may exercise your rights and choices in the following ways:

If you are a User, you may keep your Personal Data accurate and complete by logging into the Services to review and update your account information, including contact and billing information, via your account settings page.

As described above, if you do not wish to receive promotional emails from us, you may opt out at any time by following the opt-out link contained in the email itself. Please note that it may take up to ten (10) days to process your request. Please also note that if you opt out of receiving marketing communications from us, we may continue to send to you service-related emails which are not available for opt-out. If you do not wish to receive any service-related emails from us, you have the option to delete your account.

You may also refrain from providing or may withdraw your consent for nonessential Cookies via your browser settings. Your browser’s help function should contain instructions on how to set your computer to accept all Cookies, to notify you when a Cookie is issued, or to not receive Cookies at any time. Please keep in mind that certain Cookies are required to authenticate Users as well as perform some actions within Cedig Media (such as to pay for an event as an Invitee via Cedig Media), so to use the Website, some strictly necessary Cookies are required. You may also manage the use of targeting, performance, and functional cookies on this website by clicking the “Cookie Settings” or “Your Privacy Choices” link located on the footer of this page.

Some of the Service Providers we use provide the ability to opt-out.

You may opt out of Google Analytics’ services using the Opt-Out feature on their website. The Google Analytics service is provided by Google Inc. You can opt-out from Google Analytics service from using your information by installing the Google Analytics Opt-out Browser tool:

https://tools.google.com/dlpage/gaoptout

. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

https://policies.google.com/privacy

.

You may opt out of Clearbit’s services using their opt-out feature:

https://preferences.clearbit.com/privacy

. For more information on the privacy practices of Clearbit, please visit their privacy policy:

https://clearbit.com/privacy

.

You may opt out of Facebook Pixel’s services using their opt-out feature:

https://facebook.com/help/568137493302217

. For more information on the privacy practices of Facebook, please visit their Data Policy:

https://facebook.com/about/privacy

You may opt out of TV advertising using their opt-out feature:

https://mountain.com/opt-out/

. For more information on the privacy practices of MNTN, please visit their privacy policy:

https://mountain.com/privacy-policy/

Depending on where you live, you may have the following rights, subject to any applicable exemptions or limitations:

The right to know and access your Personal Data, such as the categories of Personal Data we have collected, the sources of Personal Data, the purposes of collection, and how we used, disclosed, sold, or shared Personal Data;

The right to correct inaccurate Personal Data that we maintain about you;

The right to delete your Personal Data under specific circumstances;

The right to opt out of the sale or sharing of your Personal Data, as such terms are defined by applicable laws;

The right to object or opt out of certain types of processing, such as targeted advertising, direct marketing, and certain types of profiling and automated decision-making;

The right to request the restriction of processing of your Personal Data;

The right to data portability, which means requesting a copy of your Personal Data in an accessible format;

The right to withdraw your consent under certain circumstances; and

The right to lodge a complaint with the relevant data protection supervisory authority. Where applicable, you can find contact information for your data protection supervisory authority on the European Data Protection Board’s website,

https://edpb.europa.eu/about-edpb/about-edpb/members_en

, or through other publicly available sources.

If you are located in California and access the Website, our use of certain cookies could be considered a “sale” or “share” under the CCPA/CPRA. If you are a California, Virginia, Colorado, Connecticut or Utah resident, you may opt out of use of cookies and other technologies for targeted advertising purposes by navigating to the “Your Privacy Choices” or “Cookie Settings” link in the footer of the Website or clicking through the option in the banner that appears when you first visit our website to opt out of targeting cookies. In addition to opting out with Cedig Media, there are other mechanisms generally available by advertising groups for consumers to opt out of interest-based advertising from a large number of advertising providers at once, including but not limited to, using the following links:

http://optout.networkadvertising.org/

and

http://www.aboutads.info/choices

. Please note that these mechanisms are not managed by Cedig Media and Cedig Media is not an advertising provider.

To the extent any of the above rights are applicable, you may exercise your rights by contacting us at

[email protected]

. We will take steps to verify your identity before processing certain requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Data. If you have an Account with us, we will use our existing Account authentication practices to verify your identity. If you do not have an Account with us, we may request additional information about you to verify your identity. We will only use the Personal Data provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose. Calendly will retain the relevant records associated with your request to demonstrate our compliance in accordance with reasonable retention periods.

Based on your jurisdiction, you may be able to use an authorized agent to submit a rights request on your behalf. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Data, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

Certain laws may give you a right to appeal any denials of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us at

[email protected]

.

Our Website may contain links to third-party websites and applications. Subject to your opt-out or consent preferences, we may also use third-party advertisers, ad networks, and other advertising, marketing, and promotional companies, to serve advertisements on our Website. Any access to and use of such linked websites and applications is not governed by this Privacy Notice but instead is governed by the privacy policies of those third parties. We do not endorse these parties, their content, or any products and services they offer, and we do not endorse these parties, their content, or any products and services they offer, and we are not responsible for the information practices of such third-party websites or applications.

Security and Storage of Information

Given the nature of communications and information processing technology, there is no guarantee that Personal Data will be absolutely safe from access, alteration, or destruction by a breach of any of our physical, technical, and managerial safeguards. However, Calendly takes the security of your Personal Data very seriously. We work hard to protect the Personal Data that you provide from loss, misuse, unauthorized access, or disclosure and we have taken reasonable steps to help protect the Personal Data we collect. We have obtained industry-recognized certifications and audits such as the ISO/IEC 27001, which affirm our commitment to our security program (certification not applicable to the Prelude service). More information on Calendly security and storage practices is available here.

You should also take steps to protect against unauthorized access to your device and account by, among other things, choosing a unique and complex password that nobody else knows or can easily guess and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

We retain the Personal Data we collect for so long as is reasonably necessary to fulfill the purposes for which the data was collected, to perform our contractual and legal obligations (including any exemptions or exceptions contemplated by law), and for any applicable statute of limitations periods for the purposes of bringing and defending claims.

Users Outside the USA

Our application and database servers are located here in the United States.

If you are an individual located in the European Economic Area, the United Kingdom, Canada or another jurisdiction outside of the United States with laws and regulations governing Personal Data collection, use, and disclosure that differ from United States laws, please be aware that information we collect (including through the use of methods such as Cookies and other web technologies) will be processed and stored in the United States or in other countries where we or our third-party Service Providers have operations. By submitting your Personal Data to Calendly and using Calendly, you expressly consent to have your Personal Data transferred to, processed, and stored in the United States or another jurisdiction which may not offer the same level of privacy protection as those in the country where you reside or are a citizen. (For a list of applicable jurisdictions, you may check our subprocessors list.)

In connection with the operation of its Website, Calendly may transfer your Personal Data to various locations, which may include locations both inside and outside of the European Economic Area. We rely on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses and the UK Addendum to legally transfer Personal Data submitted relating to individuals in the European Economic Area, the United Kingdom and Switzerland.

Calendly has designated representatives in the European Economic Area and in the United Kingdom in accordance with the applicable requirements in the GDPR and UK GDPR. If you are located in these jurisdictions, you can contact our representatives at any time with any questions you may have about data protection. Their contact details are found in the “Contacting Us” section below.

EU-U.S. Data Privacy Framework Notice

Calendly, LLC and its affiliate Interview Schedule, Inc. d/b/a Prelude (collectively referred to in this section as “Calendly” or “we”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Calendly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Calendly has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit

https://www.dataprivacyframework.gov/

.

In compliance with the DPF principles, when we transfer Personal Data to a third party acting as our agent, we will be liable under the Principles if our agent processes such Personal Data in a manner inconsistent with the Principles unless we prove we are not responsible for the event giving rise to the damage. We may be required to disclose your Personal Data in response to a lawful request made by public authorities, including to meet national security or law enforcement requirements.

The Federal Trade Commission has jurisdiction over Calendly’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Calendly commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Calendly at the contact methods set out in the “Contacting Us” section at the end of this Privacy Notice. Our goal is to address your complaint and make it right. However, if we can’t resolve your complaint, you may contact JAMS, our U.S.-based third-party dispute resolution provider at

https://www.jamsadr.com/DPF-Dispute-Resolution

(free of charge). You may also contact your local data protection authority within the European Economic Area, United Kingdom or Switzerland (as applicable) for unresolved complaints. It is also possible, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Please see the Data Privacy Framework Annex I for more information on this option.

Additional California Resident Privacy Disclosures

Under the California Consumer Privacy Act of 2018 and any subsequent amendments including the California Privacy Rights Act of 2020 (collectively, “CCPA”), California residents are entitled to the following additional disclosures about our data processing. These disclosures apply solely to Users, Visitors, and Invitees who live in the State of California (“California Residents”). All terms used in this section have the same meaning as when used in the CCPA. California Residents may also review our Notice at Collection for our Website here.

In the preceding 12 months, we have collected the categories of Personal Data: identifiers, personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); commercial information; and internet or other similar network activity. The purposes for which we have collected Personal Data and the sources of that information are described above in the Information we Collect and the How We Use Your Information sections above.

In the preceding 12 months, we have disclosed Personal Data for a business purpose as detailed in the With Whom We May Share Your Information section above.

We may also sell or share information to the extent our use of cookies and tracking technologies for targeted advertising constitutes a “sale” under the CCPA/CPRA. Your opt-out rights are described in the Your Rights and Choices section above. In the preceding 12 months, we have sold or shared the following categories of Personal Data with our targeted advertising service providers and partners: identifiers and internet or other similar network activity.

We do not knowingly sell the Personal Data of minors under age 18.

For an explanation of the rights you may have as a California resident, please see the Your Rights and Choices section above. We will attempt to respond to California Resident requests in as timely a fashion as possible. In the event of delays over 45 days, we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. Any disclosures we provide will only cover the 12-month period preceding the verifiable receipt of a California Resident’s request unless you request otherwise and that time period meets the regulatory requirements. The response we provide will explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before fulfilling your request.

This Privacy Notice describes how we may share your information, including for marketing purposes. California residents are entitled to request and obtain from us once per calendar year information about any of your Personal Data shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us at

[email protected]

.

Changes to this Privacy Notice

This Privacy Notice is current as of the Effective Date set forth above. This Privacy Notice may change if there is a material change to the way information is handled at Calendly, or to clarify our Notice or adjust clerical errors. If any changes are made, we’ll post them on this page, so please be sure to check back periodically. If you continue to use Calendly after those changes are in effect, you agree to the revised Privacy Notice.

This Privacy Notice was updated on:

January 2023 – to improve flow, include required information to comply with newer requirements (e.g., CPRA), add clarification on scope, correct mailing and email addresses and expand on GDPR-specific information (e.g., clarity on the legal bases Calendly uses to process information).

March 2023 – to include EU and UK representative contact information.

May 2023 - to clarify terms, integrate processing details around the Prelude service in the notice, add reference to the ISO/IEC 27001 certification, and update Calendly’s entity information.

June 2023 - to add information about opting out of MNTN, add links to advertising organizations that allow consumers to opt out of targeted advertising, and adding reference to Colorado and Connecticut privacy laws

November 2023 - updates to comply with Calendly’s certification to the EU-U.S., UK, and Swiss Data Privacy Framework

March 2024 - to clarify how Users, Invitees and Visitors can opt out of cookies, to clarify access request details on retention and timelines from California, to add reference to Utah privacy law, to align definitions with updated Terms, and to add information about Personal Data collected in virtual meetings.

April 2024 - to include information about how to delete local storage.

November 2024 - Updates to the JAMS dispute resolution link and DPF’s binding arbitration page link.