Privacy Policy | SimplyAgree

AGREEMENTS

Privacy Notice

NAMMU TECHNOLOGIES INC.

1. Our approach to privacy

Nammu Technologies Inc. ("SimplyAgree", "we", "our", or "us") is committed to protecting and respecting your privacy. This privacy notice sets out how we collect, store, process, transfer, share and use data that directly or indirectly identifies you ("personal information"), when you access and browse our website ("Website"), or use our SimplyAgree application, including SimplyAgree Sign, our signature tool (the "SimplyAgree App") (together our "Services") together with information regarding our use of cookies and similar technologies.
Before accessing or using our Services please ensure that you have read and understood our collection, storage, use and disclosure of your personal information as described in this privacy notice.

2. Who is responsible for your personal information?

We receive personal information from or on behalf of our customers as part of our Services. Specifically, our customers or their own clients and/or signatories may provide:
- user authentication details, such as name, email address, job role, username and password; and
- details of signatories as part of a transactions, such as name, contact details such as email address.
The personal information that we receive from our customers is processed by us, on their behalf, according to their instructions. In such circumstances, we act as a data processor and our customers act as the data controller. If you are a client and/or signatory of one of our customers, it is the is the privacy policy of our customer that will govern the processing of your personal information.
We also collect and use certain personal information in the course of providing our Services that we process as a controller, as described in this privacy notice. This means that we determine and are responsible for how your personal information is used.

3. Personal information we collect about you and how we use it

Personal information you submit to us

We collect the following personal information that you submit directly to us via our Website or which you input into the SimplyAgree App:
- Contact information, such as your name, email address, the organisation you work for and your role within that organisation.

Purpose for which we use your personal information	Legal basis we rely on for processing
We use this information to respond to the questions and queries you submit to us about the SimplyAgree App.	The processing is necessary for our legitimate interests, namely communicating and responding to queries from users, prospective customers and signatories.
We use this information to send you promotional and marketing communications.	We rely on your consent, where required under applicable law. Otherwise, we rely on our legitimate interests, namely promoting our services to existing customers or professional users.
If you are our point of contact at one of our customers, we use this information to manage our relationship with the relevant customer, such as sending renewal reminders and invoices and otherwise communicate with you about the customer's use of our Services.	The processing is necessary for our legitimate interests, namely managing our customer relationships.

- Comments and queries that you submit to us.

Purpose for which we use your personal information	Legal basis we rely on for processing
We use this information to respond to the questions, comments and queries you submit to us about the SimplyAgree App.	The processing is necessary for our legitimate interests, namely communicating and responding to queries from users, prospective customers and signatories.
We use this information to improve our Services.	The processing is necessary for our legitimate interests, namely informing our product and service development and improvement.

- Preferences, such as preferences set for notifications, marketing communications or how the SimplyAgree Website is displayed.

Purpose for which we use your personal information	Legal basis we rely on for processing
We use this information to display our Services and send you service-related communications in accordance with your settings.	The processing is necessary for our legitimate interests, namely tailoring our Services to users' preferences.
We use this information to ensure that our marketing communications to you reflect your selected preferences.	The processing is necessary to comply with a legal obligation to which we are subject, namely legislation implementing the European ePrivacy Directive 2002/58/EC.

If you are a signatory to a document signed through the SimplyAgree Sign functionality of our Services, we will also collect and use your contact information, such as your name and email address as follows:

Purpose for which we use your personal information	Legal basis we rely on for processing
We use this information to send you service-related communications, such as signature certificates and confirmations.	The processing is necessary for our legitimate interests, namely providing service-related information and confirmations to signatories.
We use your name to generate a digital certificate authenticating your electronic signature.	The processing is necessary for the legitimate interests of the signatories to the document signed through SimplyAgree Sign, namely providing evidence of valid signature.

We will indicate to you if the provision of certain personal information is mandatory in connection with the receipt of the Services, or optional. If you choose not to provide any personal information which is mandatory, we may not be able to provide our Services to you.

Personal information we collect automatically

We automatically collect the following personal information about how you use our Services from your device, including the date and time you access the Services, how long you use the Services for, how frequently you access the Services, the actions you take on the Services (such as the pages you view and the links you click), the IP address of the device you use to access the Services, the approximate location from which you access the Services, the device and browser you use to access the Services, the site you are going to when you leave the Services.

Purpose for which we use your personal information	Legal basis we rely on for processing
We use this information to provide the features and functionalities of the Services to you and present the Services to you in the correct format for your device and browser.	The processing is necessary for our legitimate interests, namely providing the Services as requested by you.
We use this information to maintain the security of the Services and protect against fraudulent use of the Services.	The processing is necessary for our legitimate interests, namely ensuring the security and integrity of the Services.
We use this information to analyse the performance of the Services in order to: · monitor and maintain the performance of the Services; · identify errors and ways in which we can improve the Services, including developing and testing new features.	We will only use your personal information in this way to the extent you give us your consent to do so.

If you are a signatory to a document signed through the SimplyAgree Sign functionality of our Services, we will also collect:
- The IP address of the device you use to sign document electronically.

Purpose for which we use your personal information	Legal basis we rely on for processing
We use your name to generate a digital certificate authenticating your electronic signature.	The processing is necessary for the legitimate interests of the signatories to the document signed through SimplyAgree Sign, namely providing evidence of valid signature.
We use this information to identify potentially fraudulent signatures submitted through SimplyAgree Sign.	The processing is necessary for our and the signatories' legitimate interests, namely ensuring the security and integrity of the Services.

- Information about your location at the time you sign the document and the exact time that you sign the document.

Purpose for which we use your personal information	Legal basis we rely on for processing
We use your name to generate a digital certificate authenticating your electronic signature.	We rely on your consent.
We use this information to identify potentially fraudulent signatures submitted through SimplyAgree Sign.	We rely on your consent.

4. Cookies and similar technologies

We use cookies and similar tracking technologies. Cookies are pieces of code that we transfer to your device for record-keeping purposes. This helps us to provide certain functionalities on our Website, and the SimplyAgree App, as well as to understand engagement with our Services and to make improvements. Some of these cookies are provided by third party service providers that provide services such as website analytics.
We use the following types of cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our Services such as cookies that allow you to log in to your account on the Website and the SimplyAgree App. Without these cookies, certain elements of our Services would not work.
- Analytical cookies. These allow us to recognise and count the number of visitors, to see how visitors move around our Services and to monitor performance of certain features on our Services which helps us to improve our Website and the SimplyAgree App.
- Functionality cookies. These are used to recognise you as you move around our Services and to remember information that you enter on the Website or SimplyAgree App, such as when you fill out a form.
The Annex contains more information about the cookies we use and how long they remain on your device.
Other than the cookies that are strictly necessary to operate our Services, we will only place cookies on your device with your consent. If you would like to withdraw your consent to non-essential cookies, you can do this by deleting the cookies for the SimplyAgree website or App from your device through your browser settings or mobile device settings and rejecting non-essential cookies the next time you access our website. The following links contain further information about how to delete cookies from popular browsers:
Most browsers will also allow you to disable all cookies through your browser or mobile settings. These settings will typically be found in the "options" or "preferences" menu of your browser. Please note that if you choose to refuse cookies you may not be able to use the full functionality of our Services.
You can also withdraw your consent at any time using our cookie consent management tool.

5. How long we keep your personal information

We will store the personal information we collect for no longer than necessary for the purposes set out and in accordance with our legal obligations and legitimate business interests. Unless a longer period is required or permitted by law, we will only hold your personal information on our systems for the following periods:

Personal information	How long we keep it
Contact information about customer contacts	For the duration of our relationship with the customer, and for up to 7 years thereafter.
Contact information about prospective customers	Up to 2 years from the last contact with the prospective customer.
Contact information about signatories	Until the expiry of the statutory limitation period for claims under the document signed.
Comments and queries	Up to 2 years from the date the comment or query was submitted.
Preferences	For as long as the user is authorised to access the Services.
Information about how you use our Service and the device you access it from	For the duration of the user's browsing session on the Service, and then until expiry of relevant cookie or similar tracker through which that information was collected.
Information about signatories' device and location	Until the expiry of the statutory limitation period for claims under the document signed.

6. Recipients

As required in accordance with how we use your personal information, we may share your personal information as follows:

Recipient	Why we share it
Service providers. We may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, including: · HubSpot (product marketing emails, transactional emails, customer relationship management), · Custify (customer success management), · AppCues (in-app product communication and NPS collection), · HelpScout (user support), · Slack (user support), · SendGrid (email delivery) · FusionAuth (authentication) · Sentry, DataDog	They will process your personal information as processors on our instructions.
Our own corporate transactions: We may share limited personal information in the context of corporate transactions (mergers, sale, restructuring, etc.) in which we are involved. Such data would be disclosed to the relevant counterparty and their professional advisors.	These recipients will use your personal information to assess the potential transaction with us, and otherwise only as disclosed in this privacy notice. The lawful basis we rely on for transferring this personal information is that the processing is necessary for our and the third party's legitimate interests, namely assessing and executing a potential transaction with us.
Law enforcement, regulators and other parties for legal reasons. We may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements; and/or (iii) exercise or protect the rights, property, or personal safety of SimplyAgree, its users or others.	These recipients will use your personal information in the performance of their regulatory or law enforcement role, or to advise us in connection with a potential claim or regulatory enforcement action. The lawful basis we rely on for sharing personal information with these recipients is that the processing is either necessary to comply with a legal obligation to which we are subject or is necessary for our legitimate interests, namely enforcing our rights or complying with requests from regulatory authorities.

7. Storing and transferring your personal information

Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on our secure servers.
International Transfers of your personal information. Your personal information will primarily be processed in the United States, where we and our third-party service providers have operations.
If you are located in the United Kingdom ("UK") or European Economic Area ("EEA"), and we are not collecting personal information directly from you, any transfers to recipients in the United States will be made pursuant to appropriate safeguards, including agreements incorporating standard data protection clauses adopted by the European Commission or UK Secretary of State (as applicable).
If you wish to enquire further about the safeguards we use, please contact us using the details set out in the "Contact Us" section of this notice.

8. Your rights in respect of your personal information

In accordance with applicable privacy law you have the following rights in respect of your personal information that we hold:
- Right of access. You have the right to obtain:
  - confirmation of whether, and where, we are processing your personal information;
  - information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
  - information about the categories of recipients with whom we may share your personal information; and
  - a copy of the personal information we hold about you.
- Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person.
- Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
- Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified. Please contact us on the details below for specific information on our retention periods.
- Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
- Right to object. You have the right to object to any processing based on our legitimate interests. There may, depending on the particular circumstances, be compelling reasons for continuing to process your personal information despite your objection, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
- Right to withdraw consent. You have the right to withdraw consent to any processing for which we have obtained your consent. In relation to cookies, this can be done either using the cookie consent management tool or by contacting us on the details below.
- Right to provide instructions. In some jurisdictions, you may have the right to the right to provide us with instructions regarding the conservation, deletion and communication of your personal information after your death. In the absence of such instructions, it is possible for heirs to request that we delete or update a deceased person's account.
If you wish to exercise one of these rights, please contact us using the contact details set out in the Contact Us section of this notice. We will not charge you a fee for complying with your request to exercise one of these rights, other than where the request is manifestly unfounded or excessive (such as if you submit a number of repeated requests), or as allowed by applicable law, in which case we may charge you a reasonable fee to cover our administrative costs.
You also have the right to lodge a complaint to your national data protection authority. If you are in the EEA, further information about how to contact your local data protection authority is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are in the UK, your local data protection authority is the Information Commissioner's Office, which can be contacted using the details at https://ico.org.uk/global/contact-us/.

9. Links to third party sites

Our Services may from time to time, contain links to and from third party websites, including those of other users, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.

10. Our policy towards children

Our Services are not directed at persons under 18 and we do not knowingly collect personal information from children under 18. If you become aware that your child has provided us with personal information, without your consent, either directly or by other means, then please contact us using the details below so that we can take steps to delete such information and terminate any account your child has created.

11. Changes to this notice

We may update this privacy notice from time to time and so you should review this page periodically. When we change this privacy notice in a material way, we will update the "last modified" date at the end of this privacy notice.

12. Notice to you

If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Services.

13. Last modified
This privacy notice was last modified on December 22, 2023.

14. Contact Us

If you have any questions, comments and requests regarding this privacy notice, please contact us at privacy@simplyagree.com.

ANNEX – COOKIES

Cookie Name	Type of cookie	When is the cookie set?	How long does the cookie stay on my device?	Purposes and additional information
Google Analytics	Analytics	When you first visit the Website.	6 months	Collect information and report usage statistics relating to our Services.
FusionAuth authentication	Strictly necessary	When you log in to your user account	1 hour	Authenticate you and keep you logged in to your account on the SimplyAgree App.
FushionAuth single sign-on	Strictly necessary	When you log in to your user account through your organisation's single sign-on feature	1 hour	Authenticate you through your organisation's single sign-on and keep you logged in to your account on the SimplyAgree App.
iManage	Strictly necessary	When you access documents stored in iManage through the SimplyAgree App	12 months	Sets your organisation's iManage account configurations in the SimplyAgree App.
iManage	Strictly necessary	When you access documents stored in iManage through the SimplyAgree App	1 hour	Allow you to access documents stored on your organisation's iManage account through the SimplyAgree App.
NetDocuments	Strictly necessary	When you access documents stored in NetDocuments through the SimplyAgree App	1 hour	Allow you to access documents stored on your organisation's NetDocuments account through the SimplyAgree App.