COMMAND ALKON INCORPORATED
GLOBAL PRIVACY NOTICE
Last modified: May 25, 2021

Overview

Command Alkon Incorporated, including its related companies (“CAI” or “we”), is an international commercial organization that provides software and web solutions to companies in the ready-mix, aggregate, and bulk hauler industry through on-premise, software-as-a-service (“SaaS”), and other web-based methods. CAI respects the privacy of the users of its products and services and is committed to protecting the privacy of its users through our compliance with this privacy notice (“Privacy Notice”). We recognize that it is our responsibility to protect your privacy and to inform you of our information collection and processing practices through our Privacy Notice. This Privacy Notice describes our practices for collecting, using, storing, transferring, processing and disclosing personal data. Please read this Privacy Notice carefully to understand our policies and practices regarding treatment of personal data. By accessing our website and/or using our products or services, you consent to our collection, use, and disclosure of personal data as described in this Privacy Notice. We’re committed to ensuring you feel secure with our processing of your personal data and your trust is our top priority. If you have a privacy question or concern, please contact us per the “Contact Us” information at the bottom of this Privacy Notice.

Privacy Notice

We would like to inform you of our privacy practices regarding our collection, use, sharing and processing of personal data in connection with your use of CAI products and/or services, websites, apps and social media pages, as well as your interactions with CAI staff in meetings and at CAI events, including offline sales and marketing activities. For your convenience, a summary of our practices is presented first, followed by a more in-depth explanation in case you require more information.

Contents

• Summary
• Full Notice
• To Whom Does This Notice Apply
• How We Collect and Use Personal Data
• Automatically Collected Data
• How We Use the Data We Collect
• How We Disclose the Data We Collect
• Third-Party Services
• Security
• Retention of Data
• Your Rights and Choices
• International Data Transfers and Privacy Shield
• Legal Basis for Processing
• Children’s Privacy
• Changes to the Privacy Notice
• Contact Us

Summary

Application – Our Privacy Notice applies to the processing of personal data provided by: 1) visitors and users of the various CAI sites, apps, products, and/or services; 2) attendees at CAI events; 3) customers and prospective customers and their representatives; 4) subscribers to our notices and/or newsletters; 5) suppliers and business partners and their representatives; 6) visitors to our offices; and 7) anyone else who provides personal data to CAI for any other purpose. For more details, see the Full Notice.

Types of Data Processed – CAI collects the personal data you provide. For example, when you sign up for an account, we may collect information like names, e-mail addresses, physical address, phone numbers, etc. You may also provide personal data to, for example, learn more about our products or sign up for our notifications. We may process the following personal data which we may (depending upon the circumstances) collect during website visits, marketing interactions, app use, and use of our products and/or services in the course of agreements with you and/or your employer: your name, contact information (e-mail address, telephone number, etc.), job information (employer, title, supervisor, etc.), certain ID numbers (driver’s license, employee, etc.), job performance information and certifications, payment information, IP address, geolocation, signature, camera image, username and password, union information, ethnicity, some job-related medical information, messaging, and behavioral data and information about you received through placement of cookies and tracking pixels during platform use. For more details, see the Full Notice.

Processing Purpose – We process your personal data for the following purposes: 1) performance of agreements with you and/or your employer; 2) monitoring, development, support, and administration of apps, websites, and platforms; 3) security and fraud prevention; 4) our marketing purposes (we do not sell your personal data); 5) our business administration; and 6) behavioral analysis associated with platform use. For more details, see the Full Notice.

Legal Justification for Processing – To the extent applicable to you, some jurisdictions require any processing of personal data to be supported by a legal justification. We generally rely on the following legal justifications for our processing activities: 1) the performance of an agreement with you and/or your employer; 2) pursuing our legitimate interests as long as they do not override your interests, rights and freedoms; 3) your consent; and 4) compliance with a legal obligation. For more details, see the Full Notice.

Data Transfers – We may transfer your personal data to other CAI affiliates and/or third parties (i.e. business partners, resellers, etc.), acquiring or acquired entities, service providers, and, in accordance with applicable law, governmental authorities, courts, external advisors, and similar third parties. Some data transfers may cross national borders. We will use all reasonable measures to ensure that your personal data remains confidential when transferred. We do not sell your personal data to any third parties. Additionally, CAI will not share your data with any third party, except as otherwise set forth in this Privacy Notice. For more details, see the Full Notice.

Data Retention and Deletion – Your personal data will be deleted once it is no longer needed for the purposes of the original processing, legitimate interest, or as required by applicable law. For more details, see the Full Notice.

Your Choices and Rights – You have a number of rights with regard to your personal data, subject to applicable law, which may include the right to access your personal data, the right to obtain a copy of your personal data, the right to have your personal data transferred to a third party, the right to correct your personal data, the right to restrict certain processing, and/or the right to have your personal data erased. To exercise your rights related to your personal data, please use the “Contact Us” information at the bottom of this Privacy Notice. For more details, see the Full Notice.

Changes to this Privacy Notice – We reserve the right to change the terms of this Privacy Notice at will and at any time as required by changing practices or privacy legislation. The current version of this Privacy Notice will always be available via link from our websites, platforms, or through the “Contact Us” information at the bottom of this Privacy Notice. You should review this Privacy Notice periodically so that you keep up to date on our most current policies and practices.

Full Privacy Notice

To Whom Does This Notice Apply –

Our Privacy Notice applies to all non-employment processing of personal data by CAI regardless of the source of collection. This Privacy Notice applies to the processing of personal data provided by: 1) visitors and users of the various CAI sites, apps, products, and/or services; 2) attendees at CAI events; 3) customers and prospective customers and their representatives; 4) subscribers to our notices and/or newsletters; 5) suppliers and business partners and their representatives; 6) visitors to our offices; and 7) anyone else who provides personal data to CAI for any other purpose.
How We Collect Personal Data –

Personal Data You Provide:

CAI collects the personal data you personally provide. This could happen at a CAI event, during a support event, through marketing, during a face-to-face interaction, etc. Examples of the types of personal data CAI may collect include, but may not be limited to, your: name, address, telephone number, e-mail address, employer, title, date of hire, supervisor, seniority, driver’s license number, employee number, social security number, other tax ID number, job performance information and certifications, payment information, IP address and/or device identifier, geolocation, signature, still and/or video camera image, username and password, union information, ethnicity, some job-related medical information, messaging, and behavioral data and information about you received through placement of cookies and tracking pixels during platform use. If you have questions about any of these personal data types, please use the “Contact Us” information at the bottom of this Privacy Notice.
Data Collected Through Our Products and Services:
CAI obtains personal data in connection with providing its products and services, including:
(i) SaaS products or services hosted for CAI customers;
(ii) Web-based products or services for collaborative commerce solutions covering the entire ordering and purchasing process in the business-to-business market sector;
(iii) On-premise software products licensed to a customer for use on their own premises through provision of professional services;
(iv) On-premise hardware products sold to a customer for use on their own premises; and
(v) Customer support services related to SaaS, web-based and on-premise software and hardware products.

For instance, when our customers use the products or services above, they may provide details about their employees, including their names, job titles, e-mail addresses, login credentials, telephone numbers, addresses, dates of birth, driver’s license numbers, and other information. Some of our web-based solutions enable customers to submit personal data to create users of the solution, to store transaction documents that may include some personal data of signatories or business contacts, to use geo-location, and to store contact information associated with trading partners.
We often process personal data on behalf of our customers subject to a written contract. We do not control the data processing or protection practices of our customers (who may be your employer, service provider, or business partner), so their terms may differ from those set out in this Privacy Notice. Please note that where CAI collects personal data through products or services controlled by our customers, our customers are the Data Controller for what data is collected and how it is used and disclosed. In those instances, CAI acts as a Data Processor only. Any questions related to how our customers process, use or share the personal data they collect through our products or services should be directed to the relevant customer.
Automatically Collected Information:

As you navigate through and interact with our websites and/or SaaS products, we may use automatic data collection technologies to collect certain information about your equipment, actions and patterns (“User Activity Information”), including: (i) details of your use, including traffic data, location data through geo-location technology, logs and other communication data and the resources that you access and use; and (ii) information about your device, including your operating system, IP address, and other mobile sign-on data.

The User Activity Information that we collect helps us to improve our websites and products, and to deliver a better and more personalized service by enabling us to estimate usage patterns, display information you request in your relevant time zone, and recognize you when you return to our website or product.

The technologies we use for this automatic data collection may include cookies. A cookie is a small file placed on the hard drive of your device. We use cookies to help analyze usage, customize our services, measure effectiveness, and promote trust and safety. Cookies are discussed further below.

How We Use the Information We Collect –

CAI uses the information it collects for the purposes of operating effectively, providing its products and services to customers, facilitating business between parties in the industry, and administering and managing its relationships with customers. We also use the information we collect to process, evaluate and respond to your requests; respond to inquiries and applications; create, administer and communicate with you about your account (including any purchases and payments); operate, evaluate and improve CAI’s business (including developing new products and services, managing communications, performing market research, analyzing CAI products/services/websites, and performing accounting, auditing, billing, reconciliation, and collection activities); ensure the safety of CAI network services and resources; and to comply with applicable legal requirements.

How We Disclose the Information We Collect –

We may disclose some personal data that we collect as follows:
• To our affiliates and/or business partners with whom we have contractual relationships;
• To third parties, such as contractors, service providers, consultants and other agents (“Service Providers”), that provide assistance to our business. CAI works with Service Providers in some instances for a variety of reasons including, for example, credit card payment processing, hours of service tracking, data hosting, and accounting. Service Providers with whom we share such personal data generally are bound by confidentiality and privacy obligations and a list of such Service Providers can be found on our website (www.commandalkon.com) under the Legal tab (Sub-processor List);
• To fulfill the purposes for which you or your employer provided such personal data;
• To a buyer or other successor of CAI or any of our affiliates in the event of an acquisition, merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of CAI’s or any of our affiliates’ equity or assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceedings, in which personal data is among the assets transferred; and
• For any other purpose disclosed by us when you provide the personal data.
Notwithstanding any other provisions of this Privacy Notice, we also reserve the right to access, preserve and disclose any information we collect as we reasonably believe is necessary: (i) to respond to legal requirements, including complying with any court order, law or legal process and responding to any government or regulatory request, including responding to law enforcement or other government officials in response to a verified request relating to a criminal investigation or alleged illegal activity; (ii) to enforce or apply our policies and agreements; (iii) to detect, prevent or otherwise address fraud, security, trust and safety or technical issues; (iv) to respond to user support requests; or (v) to protect the rights, property, health or safety of CAI, our users, any third parties, or the public in general.

CAI does not sell your information to others, including for purposes of the California Consumer Privacy Act of 2018 (“CCPA”).

Third-Party Services –

You may be given the opportunity to elect to access and use third-party services or applications (“Third-Party Services”) through some of our websites and/or products. This Privacy Notice addresses only CAI’s collection, use and disclosure of information collected by CAI. It does not apply to the practices of third parties that we do not own, control, employ or manage, including, but not limited to, any Third-Party Services. If you disclose your information to a Third-Party Service, different rules may apply to that third party’s use or disclosure of the information you disclose to that third party.

Security –

CAI utilizes reasonable and appropriate administrative, technical, and physical security controls commensurate with the types of data it processes to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and/or destruction. Although we work hard to protect your privacy, no security controls are 100% effective and we cannot guarantee the security of information or that your personal data or private communications always will remain private. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information.
CAI has mechanisms in place designed to help assure compliance with its security pledges. CAI conducts annual self-assessments of its personal data practices to verify the attestations and assertions the company makes about its privacy practices are true and that CAI’s privacy practices have been implemented as represented.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) user log-in credentials (i.e. a user ID and password) for access to certain parts of our services or apps, you are responsible for keeping those user account credentials confidential. We ask that you not share your credentials with anyone. You are solely responsible for the protection of user account credentials and for all use of your account credentials.

Retention of Information –

We will generally retain personal data for as long as is needed to fulfill the purposes outlined in this Privacy Notice. However, we may retain certain information longer as required by applicable law (such as tax, accounting or other legal requirements) or for legitimate business purposes. Once we no longer need to use your personal data to comply with our obligations, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it. Each of the uses set forth in this Privacy Notice constitutes a legitimate interest of CAI to process or use the personal data collected. If you do not agree with this approach, you may object to CAI’s processing or use of your personal data by contacting CAI in writing via the methods listed below in the “Contact Us” section at the bottom of this Privacy Notice.

Your Rights and Choices –

Account Information & Requests:

In accordance with applicable law depending upon jurisdiction (such as, for example, the EEA from 25 May 2018 onwards or the State of California from 1 January 2020 onwards), you may have the following rights with regard to your personal data: 1) the right to access (this means you can request that we provide you with a copy of your personal data); 2) the right to correct (this means you may ask us to correct any mistakes in your personal data or update your preferences); 3) the right to transfer (this means you may request that we provide a copy of your personal data to a third party of your choosing); 4) the right to restrict (this means you may be able to restrict certain types of processing); 5) the right to delete (this means you may ask us to delete your personal data from our systems and we will do so unless we are required to retain such information in order to provide services to you or we require such personal data to comply with our legal or business obligations under applicable law); or 6) the right to say “no” to the sale of your personal data (CAI does not sell personal data). You may be able to exercise some or all of these rights by logging into your account within the products that you use. Otherwise, to request such information directly, please submit a written request using the details provided in the “Contact Us” section at the bottom of this Privacy Notice.

Where CAI relies on your consent to process personal data, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent prior to its withdrawal.

Remember that in certain regions, you also have the right to complain to a data protection authority (“DPA”) about our collection and use of your personal data. For more information, please contact your local DPA.

In the event CAI processes personal data about you on behalf of a customer, please direct your privacy inquiries and requests for access, correction or deletion of personal data to such customer.

Promotional Communications:

From time to time, we may send you marketing communications about our products, in accordance with your preferences. You may opt out of receiving promotional messages from us at any time by following the instructions in those messages (often it will be a notice or link at the bottom of the message). If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations. Requests to opt out of promotional communications may also be sent to CAI in writing via the methods listed below in the “Contact Us” section at the bottom of this Privacy Notice.

Cookies:

You can manage our use of cookies through the cookie banner that appears when you access our sites. If you prefer, you can usually choose to set your browser to remove or reject browser cookies or to clear local storage. You may also make any cookie management requests by contacting is in writing via the methods listed below in the “Contact Us” section at the bottom of this Privacy Notice. Please note that if you choose to remove or reject some cookies, this could affect the functionality of our website and services. We have an independent Cookie Policy available on our website (www.commandalkon.com) under the Legal tab that provides more detail.

Location Information:

You can turn location-based services on and off by adjusting the settings of your mobile device. Please note that if you choose to turn off location-based services, this could affect the full functionality of our products and services.

California Privacy Rights:

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal data (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal data disclosed to those parties. Except as otherwise provided in this Privacy Notice, CAI does not share personal data with third parties for their own marketing purposes.

International Data Transfers and Privacy Shield –

CAI is based in the United States and has offices globally. To facilitate our operations and to help deliver our products and services, we may transfer personal data to the U.S. and any other country where our affiliates, vendors, consultants and service providers operate. Such countries may have laws which are different, and potentially not as protective, as the laws of your country of residence. If the content or data that you store on or through CAI software, apps or websites contains the personal data of individuals from the EEA, you agree that you have the legal authority to transfer the personal data to CAI, including the transfer to countries such as the U.S. where the privacy protections and rights of authorities to access personal data may not be equivalent to those in the EEA.

When we transfer personal data abroad, we will take appropriate safeguards to protect the information in accordance with this Privacy Notice and seek to ensure that we, along with any overseas recipients, comply with applicable privacy laws. CAI relies on EU Standard Contractual Clauses (“SCCs”) for legal transfer of personal data between its entities from jurisdictions subject to the General Data Protection Regulation (“GDPR”) to the U.S. In supplement to the SCCs, if CAI becomes aware that any governmental authority (including law enforcement) wishes to obtain access to or a copy of some or all of the personal data processed by CAI, whether on a voluntary or a mandatory basis, for purposes related to national security intelligence, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise, CAI will: 1) immediately notify the party to whom the personal data applies (i.e. customer or vendor); 2) inform the relevant government authority that it has not been authorized to disclose the personal data and, unless legally prohibited, will need to immediately notify the party to whom the personal data applies; 3) inform the governmental authority that it should direct all requests or demands directly to the party to whom the personal data applies; and 4) not provide access to the personal data until authorized in writing by the party to whom the personal data applies or until compelled legally to do so. If legally compelled to do so, CAI will use reasonable and lawful efforts to challenge such prohibition or compulsion. If CAI is compelled to produce the personal data, CAI will only disclose personal data to the extent legally required to do so in accordance with applicable lawful process.

CAI employs Data Protection Addendums (“DPAs”) with sub-processors who process personal data on behalf of CAI.

When we transfer personal data from the European Economic Area (“EEA”), the United Kingdom, or Switzerland to the United States, CAI still complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. CAI has maintained its certification to the Department of Commerce that it still adheres to the Privacy Shield Principles (“Principles”) with respect to such information. If there is any conflict between the terms in this Privacy Notice and the Principles, the Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

If you have concerns about our compliance with this Privacy Notice, you should contact us as indicated in the “Contact Us” section at the bottom of this Privacy Notice. If you are a resident of the EEA, the United Kingdom, or Switzerland and we are not able to resolve your complaint, you may submit your complaint free of charge to JAMS (https://www.jamsadr.com/eu-us-privacy-shield), CAI’s designated independent dispute resolution provider. Under certain conditions specified by the
Principles of the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks, respectively, you may also be able to invoke binding arbitration to resolve your complaint. CAI is subject to the investigatory and enforcement powers of the Federal Trade Commission with regard to EU-U.S., U.K.-U.S., and Swiss-U.S. transfers of personal data. If CAI shares personal data collected in the EEA, the United Kingdom, or Switzerland with a third-party service provider that processes the data solely on CAI’s behalf, then CAI will be liable for that third party’s processing of such data in violation of the Principles, unless CAI can prove that it is not responsible for the event giving rise to the damage.

Legal Basis for Processing (EEA) –

If you are an individual from the EEA, our legal basis for collecting and using personal data will depend on the personal data concerned and the specific context in which we collect it. However, we generally rely on the following legal justifications for our processing activities: 1) the performance of an agreement with you and/or your employer; 2) pursuing our legitimate interests as long as they do not override your interests, rights and freedoms; 3) your consent; and 4) compliance with a legal obligation. In some cases, we may also rely on GDPR Article 49 derogations, have a legal obligation to collect personal data, or may otherwise need the personal data to protect your vital interests or those of another person.

Children’s Privacy –

CAI’s business is not directed toward children and CAI does not knowingly collect or solicit any information from children or anyone under the age of 13. CAI does not knowingly allow such persons to utilize our products or services. In the event that we learn that we have inadvertently collected personal data from a child or someone under the age of 13, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child, please contact us via the methods listed below in the “Contact Us” section at the bottom of this Privacy Notice.

Changes to the Privacy Notice –

We may amend this Privacy Notice at any time by posting the amended Privacy Notice on our websites. The date the Privacy Notice was last revised is identified at the top of this Privacy Notice. All amended terms automatically take effect after they are initially posted on our website, unless a change in any applicable law requires immediate amendment. You are responsible for periodically checking this Privacy Notice for any changes.

Contact Us –

To contact CAI with questions or concerns about this Privacy Notice or CAI’s practices concerning personal data, please use the contact information below:

If you are a resident in the EEA, please note that where CAI acts as a data controller responsible for your personal data, the legal entity is Command Alkon Incorporated in the United States. CAI will address all questions and complaints related to this Privacy Notice within a reasonable period.

E-mail:
privacy@commandalkon.com

Or write to:
Command Alkon Incorporated
Chief Privacy Officer c/o The Legal Department
1800 International Park Drive
Suite 400
Birmingham, Alabama 35243

Or call:
1-800-624-1872 (U.S. toll free)
0-800-022-9682 (International toll free)

Website:
www.commandalkon.com

Stay connected for top industry
news and best practices