Software as a Service (SaaS) Privacy and Security Policy

Last Updated: July 2024

*The terms of this Agreement are subject to change by Provider without prior written notice at any time, in Provider’s sole discretion. The latest version of this Agreement will be posted at myparadigm.com/legal/Saas/privacypolicy, and Customer should review prior to purchasing or using any of Provider’s services. Customer’s continued use of the Services after a posted change to the terms of this Agreement constitute Customer’s acceptance of such changes.

Scope

This Software as a Service Privacy and Security Policy covers the privacy and security practices that WTS Paradigm, LLC, and its affiliates (“Paradigm” or “we”) employ when providing software as a service (“SaaS”) services (“Services”) to a customer or a user (“You” or “Your”). This Software as a Service Privacy and Security Policy is in addition to the privacy policy covering Paradigm’s use of information under Paradigm's general privacy policy, (available at myparadigm.com/privacy-policy), which also covers the use of other Paradigm websites.

Please read this Software as a Service Privacy and Security Policy carefully to understand our policies and practices for collecting, processing, and storing Your information. If You do not agree with our policies and practices, Your choice is not to use Paradigm’s Services. By using the Services or agreeing to the End User Policy (available at myparadigm.com/legal/SaaS/enduser), You indicate that You understand, accept, and consent to the practices described in this Software as a Service Privacy and Security Policy.

Customer/User Information and Services Data

Customer/User Information is information that we may collect from Your use of the Services and Your interactions with us offline. When You contract with Paradigm for the Services or use the Services in conjunction with a customer’s contract with Paradigm, You may provide information about Yourself, including Your name, company name, address, telephone numbers, email addresses, billing information, and other similar information. Paradigm may also collect other information about You and some employees, for example through its web sites, as part of that interaction. All of this information is Customer/User Information and we deal with Customer/User Information according to the terms of our general privacy policy.

Services Data is data that is owned by You, as a Paradigm customer and/or user of the Services, that resides on Paradigm’s, Your, a Paradigm customer’s, or a third-party’s system to which Paradigm is provided access to perform the Services (including cloud environments and hosted environments, as well as any development, test, and production environments that Paradigm accesses to perform the Services, and any related Paradigm consulting and support services). Services Data may include personal information about Your products, pricing, orders, quotes, dealers, distributors, customers, employees, partners, or suppliers. Paradigm treats Services Data according to the terms of this Software as a Service Privacy and Security Policy and, further, treats Services Data as confidential in accordance with the terms of any Software as a Service Subscription Agreement You may have concerning the Services. In the event of any conflict or inconsistency between this Software as a Service Privacy and Security Policy and any Software as a Service Subscription Agreement You may have with Paradigm concerning the Services, such agreement shall govern Paradigm’s handling and use of Services Data.

How Paradigm Collects and Uses Services Data

Below are the purposes and conditions under which Paradigm may access, collect, and/or use Services Data.

To Provide Services and to Fix Issues. Services Data may be accessed and used to perform the Services and any maintenance, support, consulting, other services and to confirm Your compliance with the terms of Your Software as a Service Subscription Agreement with Paradigm. This may include testing and applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; and resolving bugs and other issues You have reported to Paradigm. Paradigm also uses User Data to provide You with additional services, information, or content to help you operate more efficiently, provide You with information or content that You or Your Users have requested, and, in some cases, to contact You or Your Users about our other programs, products, features, or services. Paradigm may use User Data to provide You with interest-based (behavioral) advertising or other targeted content. This information will not be shared with third parties at a level where identification is possible.

As a Result of Legal Requirements. Paradigm may be required to retain or provide access to Services Data to comply with legally mandated reporting, disclosure, or other legal process requirements. Paradigm reserves the right to provide access to Your and Your Users’ individually identifiable information when legally required to do so, to cooperate with law enforcement investigations or other legal proceedings, to protect against misuse or unauthorized use of the Services, Paradigm's software, and to limit Paradigm's legal liability and protect Paradigm's rights.

In Accordance with Customer Agreements. Services Data may be accessed, copied, and used in accordance with the terms and conditions set forth in any agreements You may have with Paradigm, including the Software as a Service Subscription Agreement You may have with Paradigm.

Paradigm may host, transfer, access, and use Services Data as required for the purposes specified above. If Paradigm hires subcontractors to assist in providing the Services, their access to Services Data will be consistent with the terms of Your Software as a Service Subscription Agreement with Paradigm and this Software as a Services Privacy and Security Policy. Paradigm is responsible for its subcontractors’ compliance with the terms of this Software as a Service Privacy and Security Policy and Your Software as a Service Subscription Agreement with Paradigm.

Paradigm does not use Services Data except as stated above or in Your Software as a Service Subscription Agreement with Paradigm. You are responsible for providing any notices and/or obtaining any consents necessary for Paradigm to access, use, retain and transfer Services Data as specified in this Software as a Service Privacy and Security Policy and under Your Software as a Service Subscription Agreement with Paradigm. The Services may provide You with the ability to collect personal information, via cookies and other technologies, from Your end-users. You should seek Your own legal advice about any laws applicable to the collection of such information, so that You can be sure that You are complying with those laws, including providing any required notices and obtaining any required consents.

Gathered Information

Paradigm gathers and collects information that may be disclosed on an aggregate basis (“Aggregate Information”) to third-party product manufacturers whose products are offered through the Service for the purpose of improving Your or Your Users’ experience with the service. In some instances, this information sharing with third party product manufacturers may make it possible for third-parties to identify You or Your Users. Paradigm also may collect and use, without limitation, the following technical information for improvement of the Services, Paradigm software, for improvement of use of Paradigm software, for support purposes, and for the verification of the Services, software, upgrades, and updates: Yours and Your Users’ specific usage of the Services, Paradigm software, hardware and software specifications, settings, and performance, including information about devices connected to Your and Your Users’ computers and the versions of the operating system and applications You and Your Users are using on computer(s), software configurations (including running configurations and startup configurations), product identification numbers, host names, IP address, equipment models, feature sets, software versions, hardware versions, installed memory, firmware versions, device login information, device credentials, location information, and other software, hardware, and network information as deemed appropriate by Paradigm. Paradigm uses Aggregate Information to better understand the use of the Services, separately licensed Paradigm software, and to enhance Your and Your Users’ experience. For example, Paradigm may use the information to improve the design and content of the Services, its software, or to analyze the programs and services that Paradigm offers.

Access Controls

Paradigm's access to Services Data is based on job role and responsibility. Services Data residing in Paradigm-hosted systems is controlled via its own account management framework. Paradigm may employ other companies and individuals to perform functions on its behalf. Paradigm will use reasonable efforts to ensure that its employees, agents, and contractors who have access to individually identifiable information protect the information in a manner that is consistent with this Agreement. You control access to Services Data by Your end users and Your end users should direct any requests related to their personal information to You.

Cookies

Paradigm uses “cookies” to collect certain information from all Users. A cookie is a string of data our system sends to Your computer and then uses to identify Your computer when You return to our Web Site. Cookies give us usage data, like how often You visit, where You go at the site, and what You do. Cookies leveraged in the service are used in the following ways: to provide session information, to keep You logged into the service, to help prevent cross site scripting attacks, and for user analytics (Google Analytics), and usage information to enhance Your experience. Paradigm also uses third-party cookies from WalkMe for embedded help walkthroughs of our Web Site.

Google Maps

Paradigm uses Google Maps API(s), which is subject to the Google Privacy Policy (available at https://policies.google.com/privacy), incorporated herein by reference.

Google Analytics

We use a tool called “Google Analytics” to collect information about use of our Web Site. Google Analytics collects information such as how often users visit our Web Site, what pages they visit when they do so, and what other web sites they used prior to coming to our Web Site. We use the information we get from Google Analytics only to improve our Web Site. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser or using Google’s opt out webpage. If you do not wish to participate in our Google AdWords Remarketing, you can opt out by visiting Google's Ads Preferences Manager. You can also opt out of any third-party vendor's use of cookies by visiting networkadvertising.org.

Hotjar

We use a tool called “Hotjar” to collect information about the use of our Web Site. Hotjar is a digital experience insights platform that provides visual behavior insights and in-the-moment feedback about website use. Hotjar may temporarily process IP addresses so that Hotjar can ensure their service is running smoothly and improve the quality of their platform. Any IP addresses that are processed are used exclusively for associated performance metrics and to monitor and track application errors. For this purpose, Hotjar may temporarily store IP Addresses with Hotjar’s Sub-Processors which are subject to strict obligations of confidentiality and will process only according to Hotjar instructions. Hotjar will never access these IP addresses without any operational or security need. Hotjar will automatically delete any IP addresses stored or processed within thirty (30) calendar days. Depending on the web browser used, it might be possible to disallow Hotjar from collecting Data when visiting a Hotjar Enabled Site. To discover if a web browser offers this functionality, visit Hotjar’s Do Not Track page. Please note that Hotjar cannot respond to any requests from end users of Hotjar Enabled Sites related to their Personal Data, including requests to provide, rectify or delete any end user Personal Data. Any requests from end users of Hotjar Enabled Sites related to should be made in accordance with the Accessing and Correcting Your Personally Identifiable Information section of this policy. The information collected from Hotjar customers, users and/or testers is disclosed only in accordance with the Agreement and the applicable law.

WalkMe

We use a tool called “WalkMe” to collect information about the use of our Web Site. WalkMe collects information regarding how you use our Service and Web Site. We use the information we get from WalkMe only to improve our Service and/or Web Site. WalkMe may also collect your email address if provided into our Service. WalkMe uses a cookie to collect your usage information. To better understand which data is collected as well as how they collect and save it, please review their Privacy Policy, (available at https://www.walkme.com/privacy-policy-system.)

Data Retention

You can request deletion or modification of any Personally Identifiable Information—Your name, employer name, e-mail address, telephone number, and address—we store by contacting us at [email protected]. Please be aware that opting out may limit your ability to use Paradigm’s Services.

We may, however, retain the information for an additional period as is permitted or required under applicable laws. Even if we delete Your Personally Identifiable Information it may persist on backup or archival media and other information systems. More information about the retention of Your Personally Identifiable Information can be found on Paradigm’s general privacy policy.

Communications

Paradigm may send You service and administrative emails and messages. Paradigm may also contact You to inform You about changes in our services, our service offerings, and important service-related notices, such as security and fraud notices. These emails and messages are considered part of the services Paradigm provides You, and You may not opt out of them. In addition, Paradigm sometimes sends emails about new product or other news about Paradigm. You can opt out of these at any time by contacting us at [email protected].

Children’s Privacy

Paradigm’s services are not designed for and are not marketed to people under the age of 13 (minors). Paradigm does not knowingly collect or ask for information from minors. Paradigm does not knowingly allow minors to its services. If You are a minor, please do not use Paradigm’s services or send Paradigm information. Paradigm deletes information that Paradigm learns is collected from a minor without verified parental consent. Please contact Paradigm at [email protected] if You believe that Paradigm might have information from or about a minor.

Security and Breach Notification

Paradigm is committed to the security of Your Services Data, and has in place physical, administrative, and technical measures designed to prevent unauthorized access to that information. Paradigm security practices cover the management of security for both its internal operations as well as the Services. These security policies govern all areas of security applicable to the Services and apply to all Paradigm employees.

Paradigm is also committed to reducing risks of human error, theft, fraud, and misuse of Paradigm facilities. Paradigm's efforts include making personnel aware of security policies and training employees to implement security policies. Paradigm employees are required to maintain the confidentiality of Services Data. Employees’ obligations include written confidentiality agreements, periodic training on information protection, and compliance with company policies concerning protection of confidential information.

Paradigm promptly evaluates and responds to incidents that create suspicions of unauthorized handling of Services Data. Paradigm's legal counsel is informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If Paradigm determines that Your Services Data has been misappropriated (including by a Paradigm employee) or otherwise wrongly acquired by a third party, Paradigm will promptly report such misappropriation or acquisition to You and Paradigm will use commercially reasonable efforts to retrieve such misappropriated or wrongly acquired Services Data.

Dispute Resolution

If You have any complaints regarding Paradigm's compliance with this Software as a Service Privacy and Security Policy, You should first contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Software as a Service Privacy and Security Policy.

Compliance

If You believe Your Services Data has been used in a way that is not consistent with this Software as a Service Privacy and Security Policy, or if You have further questions related to this Software as a Service Privacy and Security Policy, please contact Paradigm at [email protected]. Written inquiries may be addressed to:

WTS Paradigm
1850 Deming Way, Suite 120
Middleton, WI 53562
USA