1. Purpose and scope

This Policy determines the main principles of privacy and rules that are applied by CUJO LLC and all of its subsidiaries (“CUJO”, “We” or “Our”) with respect to PII (as defined below). This Policy is governed by Cujo’s Terms of Service (https://cujo.com/terms-of-service/). Capitalized terms that are not defined herein will have the meanings set forth in those Terms of Service.

Any information that is collected via our Services is covered by the Privacy Policy in effect at the time such information is collected. We may revise this Policy from time to time. If we make any material changes to this Privacy Policy, we’ll notify you of those changes by posting them on the Services or by sending you an email or other notification, and we’ll update the “Updated” date above to indicate when those changes will become effective.

This Policy covers information about the applicable data controller(s) and data processor(s), CUJO’s data protection officer, the business purpose and legal bases for processing, categories of personal data, information about data recipient(s), details of transfers to third countries, data protection controls, retention periods or criteria used to determine the retention period, information about data subject’s rights, and the sources of the PII at issue. Please contact us at [email protected] if you have any questions about this Policy.

2. Terms and definitions

“CCPA” means the California Consumer Privacy Act that took effect on January 1, 2020 and creates for California consumer new rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses;

“Data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of controller;

“Data subject” means a data subject is any person whose personal data is being collected, maintained or processed. Personal data can refer to a person’s name, his or her home address, publications on social networks and so forth. Any person becomes at some point a subject of data – whether they are applying for a job, booking a flight, using their credit card or simply surfing the internet.

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

“Personal data” is defined as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“PII” means personally identifiable information.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Supervisory authority” means an independent public authority which is established by a Member State pursuant to GDPR Article 51 Other terms and definitions used in this policy have the same meaning as in International standard ISO/IEC 27000 “Information technology – Security techniques – Information security management systems-Overview and vocabulary”.

3. Privacy Policy

CUJO holds ISO/IEC 27001:2013 certificate and is committing to ensure protection of personally identifiable information (PII) by all available means. CUJO classifies PII as confidential information according to the CUJO information classification scheme set forth below. CUJO processes PII only with the individual’s (i.e., the data subject’s) consent or other legal bases. All data controllers and processors (if any) are responsible for proper application of this Policy. CUJO maintains a log of the chain of custody PII processing. To meet the European Union (“EU”) law requirements that PII transferred from the EU to the United States be adequately protected We do adhere to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.

3.1. Collection and Use of Information

CUJO holds ISO/IEC 27001:2013 certificate and is committing to ensure protection of personally identifiable information (PII) by all available means. CUJO classifies PII as confidential information according to the CUJO information classification scheme set forth below. CUJO processes PII only with the individual’s (i.e., the data subject’s) consent or other legal bases. All data controllers and processors (if any) are responsible for proper application of this Policy. CUJO maintains a log of the chain of custody PII processing.

3.1.1. Purposes of the data processing and the legal basis for it

CUJO processes the following personal data for the purposes listed below:

3.1.2. Information Collected or Received from Customer

Customer data

Provision of services or products

Performance of contract or required
proof prior to entry into contract (point
(b), Art. 6(1))

Consumer meta data

Provision
of services or products

Performance of contract or required
proof prior to entry into contract (point
(b), Art. 6(1))

End-user
meta data

Provision
of services or products

Performance
of contract or required proof prior to entry into contract
(point (b), art. 6(1))

Customer
support audio records

Customer
service

Performance
of contract or required proof prior to entry into contract
(point (b), art. 6(1))

Personal
data used for direct marketing

Direct
marketing

Data
subject consent (point (a), art. 6(1))

Prospective
customer (legal entity)

Internal
administration

Data
subject consent (point (a), art. 6(1))

Third
parties (suppliers, distributors, etc.) contact data

Customer
service, Provision of services or products

Performance
of contract or required proof prior to entry into contract
(point (b), art. 6(1))

Candidates
for employee data

Internal
administration

Data
subject consent (point (a), art. 6(1))

Employee
data

Internal
administration

Legal
obligation (point (c), art. 6(1))

CUJO’s primary goals in collecting PII are to provide and improve the Services provided to customers, to administer customers’ use of the Services (including customers’ Accounts, if customer is an Account holder), and to enable customers to enjoy and easily use the Services.

 

Account Information. If a customer creates an Account, CUJO will collect certain information that can be used to identify the customer, such as his or her name, email address, postal address and phone number. If the customer creates an Account through CUJO’s website, CUJO may also collect customer gender, date of birth and other information.

 

Information Collected Using Cookies and other Web Technologies. Like many website owners and operators, CUJO uses automated data collection tools on its website, such as cookies and Web Beacons, to collect certain information.
“Cookies” are small text files that are placed on a customer device by a Web server when a customer accesses our Services. CUJO may use both session cookies and persistent cookies to identify that a customer has logged in to the Services and to tell CUJO how and when the customer interacts with the Services. CUJO may also use cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent cookies, session cookies are deleted when a customer logs off from the Services and closes his or her browser. Although most browsers automatically accept cookies, the customer can change his or her browser options to stop automatically accepting cookies or to prompt customer before accepting cookies. However, if the customer doesn’t accept cookies, he or she may not be able to access all portions or features of our Services. Some third-party service providers that We engage (including third-party advertisers) may also place their own cookies on the customer’s hard drive. This Privacy Policy covers only customer use of CUJO’s cookies and not third parties’ cookies.

 

“Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on the Services for several purposes, including to deliver or communicate with cookies, to track and measure the performance of the Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail.

 

Information Related to Use of the Services. Our servers automatically record certain information about how a person uses our Services (We refer to this information as “Log Data”), including both Account holders and non-Account holders (either, a “User”). Log Data may include information such as a  User’s Internet Protocol (IP) address, browser type, operating system, the Web page that a user was visiting before accessing our Services, the pages or features of our Services to which a User browsed, and the time spent on those pages or features, search terms, the links on our Services that a User clicked on and other statistics. We use Log Data to administer the Services and We analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences.

 

As part of the Services, our hardware devices collect and transmit traffic identifying information. We store this information for up to thirty days on our servers.

 

Information Sent by Your Mobile Device. We collect certain information that a customer’s mobile device sends when he or she uses our Services, like the device identifier (aka MAC address), user settings and the operating system of the customer device, as well as information about customer’s use of our Services.
Location Information. When a customer uses our mobile App, We may collect and store information about the customer’s location by converting his or her IP address into a rough geo-location or by accessing the customer mobile device’s GPS coordinates or approximate location if the customer enables location services on his or her device. We may use location information to improve and personalize our services for customer. If customer does not want us to collect location information, he or she may disable that feature on the mobile device. The customer agrees and acknowledges that it has been informed about this the foregoing.

3.2. PII retention period

CUJO stores PII in an encrypted state and only to the extent required to fulfill the purposes stated in this document. The retention period depends on legal requirements and the duration of the contractual and/or subscription relationship.

CUJO will retain the PII We do process on behalf of our customers or collect directly from our customers for as long as needed to provide service to our customers, subject to our compliance with this Policy, or as required or permitted under the applicable law. PII will be anonymized and/or deleted in accordance with legal regulations when no longer be used for the purposes set forth in paragraph 3.1. Collection and Use of Information.

3.3. Personal Data Protection Controls

CUJO takes reasonable administrative, physical and electronic measures designed to protect PII from unauthorized or unlawful processing and against accidental loss, destruction or damage.

3.4. Sharing with Third Parties

CUJO will take efforts to manage and coordinate appropriate onward transfers of PII to third parties in accordance with this Policy. CUJO will not sell share or otherwise distribute PII to third parties except as provided in this Policy. CUJO will not directly disclose the identity of any person. PII may be transferred to third parties who act for or on CUJO behalf, who are contracted to use not to sell your PII to third parties, and not to disclose it to third parties except as may be required by law, as permitted by us or as stated in this Policy.

If CUJO has knowledge that data processor is processing PII in a manner contrary to this Policy, it will take all reasonable steps to prevent or stop the processing. Under certain circumstances, we may remain liable for the processing of EEA residents PII that we transfer to our data processors and the onward transfer thereof.

CUJO may share PII also as described below:

Information Disclosed in Connection with Business Transactions. If We are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if our assets are acquired by a third party in the event We go out of business or enter bankruptcy, some or all of our assets, including your PII, may be disclosed or transferred to a third-party acquirer in connection with the transaction.

Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as We, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; (iii) to stop any activity that We consider illegal, unethical or legally actionable activity and (iv) in response to other lawful requests by public authorities, including to meet national security or law enforcement requirements.

3.5. Rights of the data subject

Access: The data subject has the right to access his or her PII that is processed by CUJO and to obtain information, free of charge, on the sources and the type of his or her PII that has been collected, the purpose of processing of such PII and the data recipients to whom the PII are disclosed or have been disclosed by CUJO in connection with the Services, and other related information according to GDPR Article 15 and the CCPA. CUJO shall reply not later than 30 calendar days from receipt of the request in writing and shall provide the requested information or justification for the refusal to grant the request of the data subject. Upon the request of the data subject, such information must be provided by CUJO in writing.

Rectification: If the data subject finds out that his or her PII on the Services is incorrect, incomplete or inaccurate, he or she may contact CUJO (in writing, by e-mail, via the Site or any other form). CUJO will then review such PII and rectify the incorrect, incomplete and inaccurate PII (if any) without delay and/or suspend processing of such PII, except for the purpose of storage, or provide a written explanation to the data subject describing why such efforts were not necessary. CUJO may keep archive copies of such data if doing so is necessary to fulfill contractual obligations to the data subject and/or if it is required by applicable law or regulation (for example, for accounting purposes, cybercrime investigation, etc.).

Erasure: The data subject may request that CUJO erase some or all of his or her PII from CUJO’s systems.

Restriction of Processing: The data subject can ask us to restrict further processing of his or her PII.

Portability: The data subject can ask for a copy of his or her PII in a machine-readable format. He or she can also request that CUJO transmit the data to another controller where technically feasible.

Objection: The data subject can contact CUJO to let us know that he or she objects to the further use or disclosure of his or her PII for certain purposes, such as for direct marketing purposes or for the purposes of the legitimate interests pursued by the controller or by a third party.

Right to File Complaint: A data subject may appeal against actions of CUJO, acting as data controller and/or processor, to the appropriate supervisory authority or enforcement agency within three months of receipt of the refusal to grant the request or within three months of the date when the period imposed by applicable law or regulation for giving a reply (if any) expires. In order to avail him- or herself of the rights set forth in this section, the data subject must provide a valid identity document or otherwise verify his or her identity according to applicable laws or through electronic means of communication, which must provide reliable identification of the person.

3.6. Do Not Track Signals

CUJO’s Site does not have the capability to respond to “Do Not Track” signals received from various Web browsers.

3.7. Enforcement and Dispute Resolution

CUJO complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.

CUJO has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, CUJO commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

3.8. Updates to this Privacy Policy

CUJO regularly review and, if appropriate, update this Privacy Policy from time to time, and as CUJO’s services and use of personal data evolves. If We make any material changes to this Privacy Policy, We’ll notify you of those changes by posting them on Our website or by sending you an email or other notification, and We’ll update the “Updated” date to indicate when those changes will become effective.

Cookie policy

This Cookie Policy explains what cookies are and how we use them. You should read this policy to understand what cookies are, how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used and how to control the cookie preferences. For further information on how we use, store and keep your personal data secure, see our Privacy Policy. You can at any time change or withdraw your consent from the Cookie Declaration on our website. Your consent applies to the following domains: cujo.com

What are cookies ?

Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.

How do we use cookies ?

As most of the online services, our website uses cookies first-party and third-party cookies for a number of purposes. The first-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data. The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.

What types of cookies do we use ?

The cookies used on our website are grouped into the following categories. The below list details the cookies used in our website.
CookieDescription
Necessary
cujo_cerber_*These cookies are set by your website's security and anti-spam plugin. Used to provide protection against hackers, provide technical functions.
cli_user_preferenceThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
CookieLawInfoConsentThis cookie is set by GDPR Cookie Consent plugin. The cookie records the default button state of the corresponding category & the status of CCPA.
cookielawinfo-checkbox-advertisementThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-othersThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-necessaryThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-functionalThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-performanceThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-analyticsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
viewed_cookie_policyThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
CONSENTThese cookies are set by Google to enable embedded YouTube videos. The cookie is used to save information about how the visitor uses the web site. More information about Google's cookies: https://policies.google.com/technologies/cookies/embedded
DVThese cookies are set by Google to enable embedded YouTube videos. The cookie stores the visitor's preferences and other information, including their chosen language, the number of search results shown on a page, as well as the choice of whether the filter Google SafeSearch should be activated or not. More information about Google's cookies: https://policies.google.com/technologies/cookies/embedded
__Secure-*These cookies are set by Google to enable YouTube embedded videos and are used to detect spam, fraud, and abuse to help ensure advertisers are not incorrectly charged for fraudulent or otherwise invalid impressions or interactions with ads, and that YouTube creators in the YouTube Partner Program are remunerated fairly. More information about Google's cookies: https://policies.google.com/technologies/cookies/embedded
AECThis cookie is set by Google to enable embedded YouTube videos. The cookie is used to detect spam, fraud, and abuse to help ensure advertisers are not incorrectly charged for fraudulent or otherwise invalid impressions or interactions with ads, and that YouTube creators in the YouTube Partner Program are remunerated fairly. More information about Google's cookies: https://policies.google.com/technologies/cookies/embedded
SOCSCookie set by Google used to play embedded YouTube videos. Records the user's cookies choice. More information about Google's cookies: https://policies.google.com/technologies/cookies/embedded
Wp-Settings-*Cookie set by WordPress used to store user preferences.
Advertisement
li_alertsCookie set by LinkedIn used to track impressions of LinkedIn alerts, such as the Cookie Banner and to implement cool off periods for display of alerts. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
JSESSIONIDCookie set by LinkedIn used for Cross Site Request Forgery (CSRF) protection and URL signature validation. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
langCookie set by LinkedIn used to remember a user's language setting. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
lidcCookie set by LinkedIn used to facilitate data center selection More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
li_sugrCookie set by LinkedIn used to make a probabilistic match of a user's identity. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
li_gcCookie set by LinkedIn used to store consent of guests regarding the use of cookies for non-essential purpose. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
UserMatchHistoryUsed to provide ad delivery or ad retargeting, syncs the LinkedIn Ads ID. Provider: LinkedIn. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
bscookieUsed to store logged in users verified by two factor authentication and previously logged in on LinkedIn. Provider: LinkedIn More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
bcookieBrowser Identifier cookie to uniquely identify devices. Provider: LinkedIn More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
AnalyticsSyncHistoryA non-necessary cookie used to store information about the time a sync took place. Provider: LinkedIn More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table

How can I control the cookie preferences ?

You can manage your cookies preferences by clicking on the “Settings” button and enabling or disabling the cookie categories on the popup according to your preferences. Should you decide to change your preferences later through your browsing session, you can click on the “Manage consent” tab on your screen. This will display the consent notice again enabling you to change your preferences or withdraw your consent entirely. In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more out more on how to manage and delete cookies, visit wikipedia.org, www.allaboutcookies.org.

Subject access request

If you wish to submit a subject access request, please submit the form below:

     
    This page was last updated on March 15, 2024