Virtual Creative Studios. and our subsidiaries (collectively, “Virtual Creative Studios,””VCS”, “Vizzi”, “our,” “us” or “we”) recognize the importance of privacy. VCS is committed to protecting the personal information of our clients and prospective clients, as well as other users of our websites and services.

When VCS collects and processes personal information in order to provide our services to clients, we will only process such personal information on behalf of the particular client in order to provide our services to that client. Our collection, use, disclosure and other processing of personal information on behalf of clients is subject to the privacy policy of our respective clients.

Overview

We think transparency is important. In this overview, we summarize the personal information we collect and how we use it, which is further explained in our Privacy Policy below. Keep in mind that the actual personal information we collect and how we use it varies depending upon the nature of our relationship and interactions with you. Also, in some cases (such as where required by law), we ask for your consent or give you certain choices prior to collecting or using certain personal information.

Categories of Personal Information Collected. Generally, we collect the following types of personal information:

• Identifiers: includes direct identifiers, such as name, username, account name, address, phone number, email address, online identifier, IP address, or other similar identifiers.
• Customer Records: includes personal information, such as name, signature, contact information, and payment information, that individuals provide us in order to purchase or obtain our products and services.
• Commercial Information: includes records products or services purchased, obtained or considered, or other purchasing or use histories.  
• Usage Data: includes browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our websites and services, and our marketing emails and online ads.
• Geolocation Data: includes precise location information about a particular individual or device.
• Audio, Video and Electronic Data: includes audio, electronic, visual, thermal, olfactory, or similar information, such as CCTV footage (e.g., collected from visitors to our offices) and call recordings (e.g., of customer support calls).
• Professional Information: includes professional and employment-related information, such as current and former employer(s) and position(s) and business contact information.
• Protected Classifications: includes characteristics of protected classifications under applicable laws, such as disability information and medical conditions provided by you when you register for events and other activities.   
• Inferences: includes inferences drawn from other personal information that we collect to create a profile reflecting an individual’s preferences, behavior or other characteristics. For example, we may analyze personal information in order to identify the offers and information that may be most relevant to clients, so that we can better reach them with relevant offers and ads.

Use of Personal Information.  In general, we may use and disclose the personal information we collect for the following business and commercial purposes:

• Operating Site and services and providing related support  
• Responding to requests
• Analyzing and improving the Site, our services, and our business 
• Personalizing experiences  
• Advertising and marketing
• Protecting our legal rights and preventing misuse
• Complying with legal obligations  
• Related to our general business operations

If you are a California resident, please be sure to review the section “Additional Information for Individuals in Certain Jurisdictions” below for important information about our privacy practices and your rights under California privacy laws, including your right to submit a “Do not sell my information” request which can be submitted at [email protected]

You can review more detailed information about our privacy practices and your rights and choices below in our Privacy Policy, which is organized into the following sections:    

• Introduction and Scope 
• Controller and Responsible Party    
• Information We Collect   
• Purposes and Legal Bases of Use    
• Disclosures of Personal Information   
• Cookies and Similar Devices   
• Interest-Based Advertising    
• International Transfers    
• Protection of Children’s Personal Information   
• Security
• Your Choices and Rights    
• Retention    
• Changes to the Policy  
• Contact Us    
• Additional Information for Individuals in Certain Jurisdictions

Introduction and Scope:

This VCS Online Privacy Policy (“Policy”) explains how we process information that we collect from users of our website at www.virtualcreativestudios.com and the services available on our website (together, the “Site”), as well as from our former, current and prospective clients and other individuals that access the Site, or communicate or engage with us about our products and services.  This Policy should be read in conjunction with the VCS Terms of Use located on our website, which are incorporated herein by reference.

Personal Information.

In this Policy, our use of the term “personal information” includes other similar terms under applicable privacy laws—such as “personal data” and “personally identifiable information.” In general, personal information includes any information that identifies, relates to, describes, or is reasonably capable of being associated, or reasonably linked or linkable with a particular individual.

Not Covered by Policy. 

This Policy does not apply to the Platform content or personal information that our clients collect, submit, manage, create, or record via the Platform, or the personal information we collect, access, store, use or otherwise process (collectively, “process”) via the Platform registrants, participants and other end users of client events (the “Platform Data”). Please see the VCS Privacy Policy for information about our processing of Platform Data and for the definition of “Platform.” As set out in the VCS Platform Privacy Policy, VCS is a processor of the Platform Data; we only use the personal information that we process as part of the Platform Data subject to our agreements with clients and their written instructions, or where otherwise required by law. This Policy also does not apply to job applicants and candidates who apply for employment through our job application portal, or to employees and non-employee workers, whose personal information is subject to different privacy notices.

Controller and Responsible Party

For the purposes of the EU General Data Protection Regulation (the “GDPR”) and other relevant applicable laws (such as the UK Data Protection Act 2018 (“UK DPA”) and the Brazilian General Data Protection Law (the “LGPD”)), VCS is the controller of your personal information collected pursuant to this Policy. With respect to any Platform Data, our clients are the data controllers or businesses for their respective Platform Data, and we are a data processor or service provide, as defined under applicable privacy laws.

Information We Collect.

The personal information that we collect and process will vary depending upon the circumstances. You do not have to provide us with your personal information to access much of the Site. If you choose not to disclose certain information, you can still visit our Site, but you will not be able to create an account with us, you may be unable to access certain options and services, and we may be unable to fully respond to your inquiries.Information Collected Directly. We may collect personal information about you directly from you or from your company.  For example, when you fill out a ‘Contact Us’ form, signup for our mailing lists, register for events we host or sponsor, or otherwise provide us information through the Site, we may collect personal information such as: 

• Name, company name, and title/position  
• Payment and billing information    
• Email address, phone number, mailing address and contact details 
• Job title, other company information (such as country and industry sector)  
• Contact preferences and interests
• Business affiliations
• Customer (and authorized user) account information (to access various parts of the Platform, and to create events and webinars) – name, email address, telephone number, company name, and other information necessary to confirm that you are an authorized user of a client (where relevant)●    
• Other information related to your request or inquiry

Automatically-Collected Information. We use cookies, log files, pixel tags, local storage objects, and other tracking technologies to automatically collect information when users access or use the services or visit the Site, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider, referring/exit URLs, operating system, language, clickstream data, and other information about the links clicked, features used, size of files uploaded, streamed or deleted, and similar device and usage information. For more information, see the Cookies and Similar Devices section below.Information Collected from Third Parties. We may collect personal information about you from third party sources, such as business partners, social media platforms, public sources, joint marketing partners, our resellers (so that we can deliver our Platform and related services) and third parties to whom you have expressed interest in our products and services, as well as information that you shared on social media platforms (subject to the respective platform terms and applicable laws).

Purposes and Legal Bases of Use

Certain laws, including the GDPR, require that we inform you of the legal bases for our processing of your personal information. Pursuant to the GDPR (and other similar laws), we process personal information for the following legal bases:    

- Performance of contract: as necessary to enter into or carry out the performance of our contract with you.    

- Compliance with laws: for compliance with legal obligations and/or defense against legal claims, including those in the area of labor and employment law, social security, and data protection, tax, and corporate compliance laws.    

- Our legitimate interests: in furtherance of our legitimate business interests, which are not overridden by your interests and fundamental rights, including:●    Performance of contracts with clients and other parties

• Implementation and operation of global support (e.g., IT) services for our business operations   
• Improving our Site, developing trend and benchmark reports, and similar purposes
• Customer relationship management and improving our Site and Services, including other forms of marketing and analytics   
• Fraud detection and prevention, including misuse of Services or money laundering
• Physical, IT, and network perimeter security    
• Internal investigations   
• Mergers, acquisitions, and reorganization, and other business transactions

-  With your consent: where we have your consent the GDPR (where it applies) and other applicable laws give you the right to withdraw your consent, which you can do this at any time by contacting us using the details at the end of this privacy notice. In some jurisdictions, your use of the services may be taken as implied consent to the collection and processing of personal information as outlined in this privacy notice.

In addition, we may process your personal information where necessary to protect the vital interests of any individual.

Purposes for Using Personal Information. The purposes for which we may process personal information will vary depending upon the circumstances. In general, we use personal information for the business and commercial purposes set forth below, and where the GDPR or other relevant laws apply, we have set forth the legal bases for such processing in parenthesis (see above for further explanation of our legal bases):   

• Operating Site and services and providing related support: to provide and operate the Site and services, communicate with you about your use of the Site and our services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes. (Legal bases: performance of our contract with you; and/or our legitimate interests)    
• Responding to requests: to respond to your inquiries and requests and consider your request or application. (Legal basis: performance of our contract with you)
• Analyzing and improving the Site, our services, and our business: to better understand how users access and use the Site and our services, as well as other products and offerings, both on an aggregated and individualized basis, to administer, monitor, and improve our services, for our internal purposes, and for other research and analytical purposes. (Legal basis: our legitimate interests)    
• Personalizing experiences: to tailor content we may send or display on the Site, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences. (Legal basis: our legitimate interests)   
• Advertising and marketing: to promote VCS’s products and services on third-party websites, as well as for direct marketing purposes, including to send you newsletters, client alerts and information we think may interest you. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them. (Legal bases: our legitimate interests; and/or with your consent)    
• Protecting our legal rights and preventing misuse: to protect the Site and our business operations; to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this Policy and our applicable terms of service and agreements. (Legal bases: our legitimate interests; and/or compliance with laws)   
• Complying with legal obligations: to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. (Legal bases: our legitimate interests; and/or compliance with laws)
• Related to our general business operations: to consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, recordkeeping and legal functions. (Legal bases: our legitimate interests; and/or compliance with laws)

Aggregate, De-identified or Anonymous Data. We also create and use aggregate, anonymous and de-identified data to assess, improve and develop our business, products and services, and for similar research and analytics purposes. This information is not generally subject to the restrictions in this Policy, provided it does not identify and could not be used to identify a particular individual.

Disclosures of Personal Information

In general, we disclose the personal information we collect for the business and commercial purposes explained below:

• Subsidiaries: to our subsidiaries, whose handling of your personal information is subject to this Policy.  
• Enterprise users: if you use, access or communicate with us about our Platform or related services on behalf of your company (our client), we may share personal information about your access, and your communications or requests, with the relevant enterprise client.  
• Service providers: to third party service providers who perform functions on our behalf. Third party service providers will only process your personal information in accordance with our instructions and will implement adequate security measures to protect your personal information.  
• Advertising and analytics partners: to third parties we engage to provide advertising, campaign measurement, online and mobile analytics, and related services to us (with your consent, where required by applicable laws).    
• In response to legal process: in order to comply with the law, judicial proceedings, a court order, or other legal process, such as in response to a subpoena.   
• To protect our rights: where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of the VCS Terms of use or this Policy, to respond to claims asserted against us or, or as evidence in litigation in which we are involved.    
• Business transfers: as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted prior to such event where permitted by law.

Aggregate, De-identified or Anonymous data. We may share aggregate, anonymous or de-identified data with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.

Cookies and Similar Devices

We and our third party service providers use “cookies,” pixels, java script, log files, and other mechanisms on the Site.

Cookies. A “cookie” is a small text file that may be used, for example, to collect information about website activity. Some cookies allow us to make it easier for you to navigate the Site, while others are used to enable a faster log-in process or to allow us to track your activities while using the Site. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them.

Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our services to, among other things, track the activities users of our services, help us manage content, and compile statistics about usage of our services. We and our third party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Log Files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.

Third-Party Analytics. We also use automated devices and applications, such as Google Analytics to evaluate use of our Services. We use these tools to gather non-personal information about users to help us improve our Site and services, as well as user experiences. These analytics providers may use cookies and other technologies to perform their services and may combine the information they collect about you on the Site with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties.

Do-Not-Track Signals. The Site does not respond to do-not-track signals. You may, however, disable certain tracking as discussed above (e.g., by disabling cookies) and set out in our Cookie Policy.

Interest-Based Advertising

We work with third party ad networks, analytics companies, measurement services and others (“third party ad companies”) to manage our advertising on third party sites, mobile apps and online services. We and these third party ad companies may use cookies, pixels tags, and other tools to collect activity information on our Services (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent, your device’s geolocation information; we and these third party ad companies use this information to provide you more relevant ads and content and to evaluate the success of such ads and content. In addition, these third parties may combine the information collected from us and our Sites with information collected about you from third-party sites, apps, and services, in order to make inferences about you and your interests, to better tailor advertising and content to you across multiple sites, apps, and services and to collect associated metrics.

You many also use a preference manager to opt-out of third party advertising cookies or manage your cookie preferences on our Site. Please note, that your preferences are applied on a browser and device basis. So, you will need to set your cookie preferences for each browser and device you use to access our Site. Further, if you subsequently delete cookies, your preferences may be lost and need to be reset.

See our Cookie Policy for information on the third parties that we work with, and how you can opt out of ads from them. For more information about third party ad networks and to opt out of interest-based ads from many ad networks go to:

Canada: www.youradchoices.ca

EU: www.youronlinechoices.eu

U.S.: www.aboutads.info

International Transfers

VCS is headquartered in the United States and has operations and service providers in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States, the United Kingdom (“UK”) and the European Union (“EU”), Australia and Singapore) that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.

If you are in the European Economic Area (“EEA”), and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as putting in place standard contractual clauses approved by the European Commission or another measure that has been approved by the EU Commission as adducing adequate safeguards for the protection of personal information when transferred to a third country.  You have a right to obtain details of the mechanism under which your personal information is transferred outside of the EEA; you may request such details by contacting us as set forth in the Contact Us section below.

Protection of Children’s Personal Information

VCS does not publish content that is targeted at children. The Site is not intended for minors under the age 16. We do not knowingly or specifically collect information about minors under the age of 16. If you believe we have unintentionally collected such information, please notify us as set out in the Contact Us section below.

Security

Wherever your personal information may be held within VCS or on its behalf, we take reasonable steps to protect the personal information that you share with us from unauthorized access or disclosure, including, without limitation, restricting access to certain portions of our website through access controls, and using firewalls. Regardless of the precautions taken by us, VCS cannot ensure or warrant the security of any information you transmit to us, and you transmit such information at your own risk. You are responsible for all actions taken with your User ID and password, if any. Therefore, we recommend that you do not disclose your password to anyone. If you lose control of your password, you may lose substantial control over your personally identifiable information and may be subject to legally binding actions taken on your behalf.

Your Choices and RightsAccess, Amend and Correct. If you wish to access personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, or to request deletion of your information, please send your request to [email protected]. We will review your request and make reasonable efforts to respond to it as soon as practicable. We may ask you for additional information so that we can confirm your identity.

Direct Marketing. You may always opt-out of direct marketing emails. If you would like to unsubscribe from VCS email subscriptions or otherwise change your email preferences with VCS. We may continue to send you transactional or service-related communications, such as service announcements and administrative messages.

Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your personal information. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.

Additional Information for Certain Jurisdictions. In the section “Additional Information for Individuals in Certain Jurisdictions” below, we provide additional information as required under California privacy laws, as well as the GDPR, UK DPA and the LGPD. Users in California, the EEA, the UK, and Brazil should review this section for more information regarding their rights under these respective laws.

Retention:

As a general rule, we retain your personal information for as long as necessary to fulfill the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements. In general, for example, we will retain relevant contact information of clients, prospective clients and Site visitors for three years from the date of our last interaction with you and in compliance with our obligations under applicable laws. Our clients instruct us on how long to retain Client Data, which we handle as a data processor. We may retain personal information for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others.

Changes to the Policy:

VCS may update this Policy to reflect new or different privacy practices or to reflect changes in industry standards or legal requirements. Revisions will be posted on our website. This statement of privacy is for the information of our users and does not constitute a contract or modification of any contract. When changes are made to this Policy, VCS will post a new version of this Policy here. If the changes will materially affect the way we use or disclose your personal information, we will endeavor to notify you in advance of the change, such as by sending a notice to the primary email address associated with your account or by posting a notice on the Site. We encourage you to periodically review this Policy for the latest information on our privacy practices.

Contact Us

ON24 welcomes your comments regarding this Policy. Please feel free to email us at [email protected] or via mail at Virtual Creative Studios, Attn: Privacy, 7110 Ambassador Road Windsor Mill MD 21244.

Additional Information for Individuals in Certain Jurisdictions

California Residents

In this section, we provide additional information for California residents about how we handle their personal information, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”). This section does not address or apply to our handling of publicly available information lawfully made available by state or federal government records or other personal information that is exempt under the CCPA.

1. Categories of Personal Information Under the CCPAWhile our collection, use and disclosure of personal information varies based upon our relationship and interactions with you, in this section we describe, generally, how we have collected and disclosed personal information about consumers in the prior 12 months.

2. Categories of Personal Information Collected and Disclosed. The table below identifies the categories of personal information (as defined by the CCPA) we have

collected about consumers, as well as how we have disclosed such information for a business purpose. For more information about the business and commercial purposes for which we collect, use and disclose personal information, please see the Purposes and Legal Bases and the Disclosures of Personal Information sections above.