II. PERSONAL DATA THAT WE MAY COLLECT
- Contact information (which may include name, physical address, telephone, company, and email address)
- Other individual identifiers, including phone number, age or date of birth, gender, password, and other contact information that you voluntarily transmit with your communication to us
- Information voluntarily submitted by appraisers, which may include name, address, tax information, insurance, and license
- Information about borrowers submitted by lenders, which may include loan information, contact information, phone numbers, property addresses, purchase contracts, financing amounts, and other financial information.
- Payment information, such as credit card type or number or bank account number. Please note that we do not store credit card numbers and all credit card processing is done by third parties.
- Information regarding your electronic device(s) and IP address
- Internet use information
- Regulatory information (to satisfy regulatory obligations such as tax and other reporting obligations).
III. HOW WE COLLECT YOUR DATA
Our collection of other types of information (typically that is technical in nature such as IP Address, web browser information, cookies, etc.) may happen without your express knowledge, but you hereby consent to it. This means that you will not necessarily know when and how it is happening. However, we can only gather the information through your voluntary interactions with us through our website or SaaS. If you object to, or limit our processing of certain information of this nature, you may not be able to easily of efficiently use all of the features of the Services, or the Services.
We collect Personal Data in four ways: (1) when you visit our website; (2) when you use our SaaS and submit information directly; (3) when others provide information for inclusion in our SaaS; (4) from third parties.
a. Data collected through our Website.
We collect data, such as name and email address, through our website when you voluntarily provide it to us through “Contact Us,” “Request a Demo” or other similar type forms. We may also automatically collect other, technical data, such as IP address, web browser, operating system, window size, window resolution, or IP location, when you surf our website.
You can change your web browser settings at any time to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, our website may not function properly for you, and you may not be able to use some sections or functions of our websites. To learn more about cookies and how to manage and delete them, visit http://www.allaboutcookies.org.
Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites.
b. Data collected through our SaaS.
Our customers include appraisal management companies who license our software. These customers have employees who are granted administration rights to create user accounts for themselves and others. These customers act as data controllers (“Controllers”) in the use of the software and the collection and processing of Personal Data to be able to effectively operate the SaaS and achieve their business purposes. In such cases, our role in processing the Personal Data provided by our customers is as a “Processor,” since we are processing data on behalf of the Controller (who is the customer). As a Processor, we are obligated to process this Personal Data as part of our license agreement entered with the customer. The Personal Data submitted to the SaaS in this scenario generally includes: name, physical address, phone number, loan information and other related financial information, real estate purchase agreements, and all information contained therein, and financing amounts. Processing of this Personal Data is performed on behalf of the customer and for the purpose of providing the services requested by the customer.
Our SaaS also contains a database of appraiser information that is placed there by appraisers. The information includes name, address, phone number, tax information, insurance information and license information. The SaaS may also automatically collect other, technical data, such as IP address, web browser, operating system, window size, window resolution, or IP location.
c. Data collected from marketing partners.
We may obtain marketing data from third parties that we use to reach out to inform potential customers and others of the services offered by our organization. The Personal Data collected generally includes the email address of a potential customer or other and may also include their name and phone number. We also use the contact information provided to us by our customers to communicate information about our services, which may include marketing our services. These third parties maintain their own privacy policies to which you are required to consent prior to their sharing any information with us.
d. Data collected from Third Party Platforms.
If you access our website or communicate with us using your account or account credentials from a third-party owned or operated platform/service (e.g., Amazon, Apple, AWS, Facebook, Google, Shopify, Twitter, etc.), post content from our website to a social network, or use various social media features (e.g.,“Like” button), we may process certain information from the third parties, such as your username, “likes,” location, birthday, comments and reviews, preferences, network reach and influence, and any other information you provided to the third parties in connection with your account. Depending on your account and privacy settings, we may also be able to see information that you post when using these third parties whether or not you are an active customer. We may also collect Personal Data about you from our third party service providers who provide us with e-commerce and/or technical related associated with functionality and purposes of the website. The information you post or provide to third parties, as well as the controls surrounding these disclosures are governed by the policies of these third parties.
e. Special Considerations for Children
Ascent’s website and SaaS are not intended or designed to be used by anyone under the age of 13. They are not meant to be attractive to anyone under the age of 13, or to have any value or use by anyone under the age of 13. Ascent does not collect Personal Data from any person it knows to be under the age of 13. If you are under 13, DO NOT TRANSACT WITH US THROUGH THIS WEBSITE OR SAAS, AND DO NOT SEND ANY PERSONAL DATA. IF YOU ARE BETWEEN THE AGES OF 13 AND 17, DO NOT USE THE WEBSITE OR SAAS UNLESS YOU ARE SUPERVISED BY A PARENT/GUARDIAN OR HAVE RECEIVED PERMISSION FROM YOUR PARENT/GUARDIAN.
IV. HOW WE USE YOUR DATA
- These purposes include:
- Our business purposes. Including providing our SaaS to our customers; addressing customer service issues; processing invoices and payments; planning and conducting marketing activities, tradeshows, trials, consultations, seminars, webinars, and demonstrations; responding to inquiries; conducting web analytics, security monitoring, and business operations and administration; and addressing tax and other regulatory requirements.
- Purposes related to our software products, including SaaS or cloud-based software. These purposes include licensing and operation of the SaaS; remote management; education and information service; training; webinars; communication; customer service; system monitoring and data security. We use Personal Data to enable use of software features and related services, including through use of third-party service providers. We also use Personal Data to communicate with our users to inform them of software updates and enhancements, educational information, available software features and modules, and other information that may helpful or informative for our users.
- For the Protection of Ascent and Others. If Ascent, in good faith, determines that you have used the service to menace, threaten, harass, intimidate or otherwise deceptively pose as another person, or in any other way in violation of law, or if you attempt to use the website or purchase or use a product for any unlawful means, you have no expectation of privacy and we may use and disclose any and all information for the protection of Ascent and others.
- Pursuant to Law, Rule or Regulation. If required or permitted to do so by law or if, in good faith, Ascent believes that such action is necessary to: (1) comply with laws and regulations or with legal processes; (2) protect and defend Ascent’s rights and property or prevent fraud; (3) protect Ascent against abuse, misuse or unauthorized use of Ascent’s products or services; (4) protect the personal safety or property of our personnel, users of our website or the public; and/or (5) comply with tax reporting requirements, then the Ascent may use and disclose any and all information as needed. The servers that serve our website automatically identify a computer by its IP address.
- Aggregated and de-identified data. We may anonymize data to create statistical data or system usage data, by removing all personal identifiers and/or aggregating your data with other’s data so that it is not identifiable as to any particular person. Such de-identified data may be retained and used by Ascent to improve its products and services and for other proper purposes, provided that such retention and use is permitted by applicable laws.
- Legal basis. We base our processing of Personal Data on the need to perform our contractual obligations under our license agreements and our legitimate activities as a provider of software and related services. We also process Personal Data to comply with applicable law and to exercise our legal rights. We may also use your Personal Data for internal purposes, including auditing, data analysis, system troubleshooting, and research. In these cases, we base our processing on legitimate interests in performing the activities of the organization.
V. HOW WE SHARE OR DISCLOSE YOUR DATA
- No sale of Personal Data. We never sell or rent Personal Data to third parties.
- Disclosures of Personal Data. We may disclose or share your Personal Data with other parties in the following circumstances:
- Our business purposes. Including providing our SaaS to our customers; providing appraiser and appraisal information to appraisal management companies; addressing customer service issues; planning and conducting marketing activities, tradeshows, trials, consultations, seminars, webinars, and demonstrations; responding to inquiries; conducting web analytics, security monitoring, and business operations and administration; and addressing tax and other regulatory requirements.
- Third-party service providers. We use third-party service providers (or subprocessors) to process Personal Data to facilitate your use of our products and services and in the operation of our business. This includes providing Personal Data to third parties for their processing in performing functions on our behalf, particularly the functions listed above in the “HOW WE USE YOUR DATA” section. These functions include collecting debts, hosting software, performing security services, analyzing data, performing surveys, administering our website, administering our SaaS, and/or providing technical support services. These third party providers will be contractually and/or legally required to protect Personal Data from additional processing (including for marketing purposes) and transfer in accordance with applicable laws.
- Compliance with law and protecting our legal rights. We may disclose your Personal Data to regulatory bodies if we have a good-faith belief that doing so is required under applicable laws or regulations. This may include submitting Personal Data required by tax or other governmental authorities, or lawfully requested by governmental agencies, including law enforcement and judicial authorities. We may also disclose your Personal Data in order to exercise or defend our legal rights; to take precautions against liability; to protect the rights, property, or safety of Ascent or any individual or third party; to maintain and protect the security and integrity of our information system; to protect Ascent against fraudulent, abusive, or unlawful acts; or to investigate and defend Ascent against third-party claims or allegations.
- Corporate Transactions. If a third party acquires all or substantially all of the assets of, or ownership interests in, Ascent whether by merger, acquisition, reorganization or otherwise, Ascent may transfer its database, including all Personal Data contained therein, to the acquiring entity.
- Aggregated and de-identified data. We reserve the right to disclose aggregated user statistics as well as non-personally identifiable information (such as anonymous usage data), in order to describe our services to prospective partners, licensees, advertisers, and other third parties.
VI. STORAGE OF PERSONAL DATA
We may store Personal Data that we have collected (through the means described above) on our premises and in our information system at our facilities, in third party data centers, in the systems of third party service providers, and in cloud storage solutions. Ascent stores all information in state of the art physical storage facilities and cloud storage. In doing so, Ascent uses appropriate physical, organizational and technological measures to protect the Personal Data you provide to us against loss or theft, and unauthorized access, disclosure, copying, use, or modification. This includes limiting access on a “need-to-know” basis.
However, no electronic data transmission can be guaranteed to be secure from access by unintended recipients and Ascent will not be responsible for any breach of security unless this breach is due to its negligence. Although we are committed to employing reasonable technology in order to protect the security of our Website, even with the best technology, no website is 100% secure. In transacting business with us through our website, you assume the risk inherent in transacting business online.
To offer our website, and SaaS to you, Ascent relies on plugins and services from third parties such as internet service providers, email service providers and plugins, calendar plugins, Customer Relationship Management (CRM) systems, credit card processors, and third party data storage. To the extent these providers have access to your Personal Data, we will require that they are legally or contractually committed to comply with applicable privacy laws, In the case of credit card processors, we require that they be PCI DSS-compliant. However, we cannot guarantee with certainty that the computer systems and storage systems whereon these services are offered will not be accessed by unauthorized parties. This is a risk inherent in providing any information or, or conducting any business, online. In transacting business with us through the Website, you assume the risk inherent in transacting business online.
Our cloud-based software and mobile apps are stored in and run from the cloud. Where third parties are used to host such products, we use third parties who meet required privacy and security standards.
VII. PERSONAL DATA SECURITY
Ascent uses technical and organizational measures to protect the Personal Data that we store, transmit, or otherwise process, against accidental or unlawful destruction or disclosure, loss, alteration, or unauthorized access. Our security controls and risk management program and processes are designed to implement appropriate technological and organizational measures to ensure a level of security appropriate to the risks. We regularly consider appropriate new security technology and methods. Security measures implemented include:
- Web and database servers are protected using firewalls;
- Passwords used for account registration require minimum password strength attributes;
- User access is tracked;
- Role-based security is applied to system access;
- Use of data encryption;
- Use of RC4 256-bit Transport Layer Security (TLS) technology where customer data traverses public networks;
- Vendor-supplied patches are reviewed and tested for compatibility before installation;
- Regular system backups are made;
- Regular maintenance is performed on systems;
- Systems are monitored for security;
- Data requiring a higher level of protection, such as payment card account numbers, are processed via a third-party vendor that specializes in the payment processing and is PCI DSS-compliant;
- Security assessments are performed on third-party vendors with access to Personal Data;
- All Ascent employees are contractually obligated to maintain the confidentiality of Personal Data accessible through their employment; and
- All Ascent employees are required to attend regular security and awareness training.
VIII. RETENTION OF PERSONAL DATA
Ascent processes Personal Data for a reasonable period of time to fulfill the processing purposes mentioned above. Personal Data is then archived for time periods as required or necessitated by law or legal considerations. Ascent reserves the right to delete a customer’s data, including Personal Data provided by that customer, from its system after 30 days from the date of termination of its agreement with the applicable customer. Ascent also deletes Personal Data in response to an individual’s request, as set forth in the “YOUR RIGHTS RELATING TO YOUR DATA” section below.
Ascent reserves the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws. With respect to any Personal Data collected by us for marketing or for our own internal purposes, we will retain that data for a reasonable time in order to fulfill those purposes.
We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Data is only stored and archived in alignment with our retention policy.
IX. YOUR RIGHTS RELATING TO YOUR DATA
Ascent does not discriminate against those who opt-out. However, opting out may prevent us from conveniently and efficiently providing further, product support services and information to you.
- Unsubscribing to marketing communications: In particular, if we are sending you email communications of a marketing nature, an ‘unsubscribe’ option is provided in the footer of every email. You may also contact us directly to unsubscribe to marketing emails or other marketing communications, at the contact information set forth in the “ASCENT’S CONTACT INFORMATION” section below. If you have agreed to receive marketing communications, you may always opt out at a later date.
- California Consumer Notice: Pursuant to the 1798.110 of the California Consumer Privacy Act (“CCPA”), Ascent does not meet the requirements of Business as defined in § 1798.140(c). Therefore, it is not required to comply with the CCPA. Similarly, Ascent does not meet the requirements necessary for compliance with Cal. Civil Code §1798.83, otherwise known as the “Shine the Light” law.
- EU Consumer Notice: Ascent does not conduct business in the EU or provide its SaaS to EU companies. To the extend Ascent customers utilize the SaaS to provide services to citizens of the EU, such is conducted pursuant to their GDPR policies.
- Canada Consumer Notice: Ascent does not conduct business in Canada or provide its SaaS to Canadian companies. To the extend Ascent customers utilize the SaaS to provide services to citizens of Canada, such is conducted pursuant to their PIPEDA policies.
X. PRIVACY POLICIES OF OTHER WEBSITES
XI. ASCENT’S CONTACT INFORMATION
256 N Main Street, Suite C, Alpine, Utah 84004