Last Updated: May 2022
TABLE OF CONTENTS
PART I. GENERAL INFORMATION
1.1 OUR COMMITMENT TO PRIVACY
1.2 INTRODUCTION TO BRAZE
Braze is a U.S. company, headquartered in New York, with global operations. A reference to “Braze,” “we,” “us” or the “Company” is a reference to Braze, Inc. and the relevant affiliate(s) involved in the processing activity.
Braze is a life-cycle engagement platform for companies around the world, supporting stronger relationships between brands and their clients, primarily by leveraging first party data to personalize and automate life-cycle marketing campaigns through first party channels, such as email, SMS, mobile and web push notifications, and in-app/in-browser messaging.
More information about Braze can be found at www.braze.com.
Our Japanese website can be found at https://www.braze.co.jp/.
1.3 SCOPE OF THIS POLICY
What is in Scope?
What is not in Scope?
Additionally, our Websites or Services (as defined below) may contain links to other websites, applications and services maintained by third parties. The privacy and data security practices of such third-party sites are governed by the privacy statements of those third parties, and not by Braze.
PART II. DATA COLLECTION AND USE
2.1 DATA COLLECTION
The Personal Data that Braze collects will be determined by your interaction with Braze, our partners, Braze publications and other sources.
How and where do we collect data?
Braze collects personal data relating to or identifying individuals (“Personal Data”) from job candidates, prospects, customers, participants at our trainings, certifications and events, business partners and vendors (if they are natural persons), their respective employees, advisors, and/or contractors, along with the data of whomever our customers have authorized to use the Braze services (the “Services”) on their behalf (collectively, “Individuals”), who:
- Visit our websites (the “Websites”);
- Visit our offices;
- Receive/send communications from/to us, including mail, emails, phone calls, Slack, support tickets or texts;
- Use our Services as an authorized user (for example, an employee of one of our customers who has been given a log-in to access to our Services);
- Register for, attend and/or otherwise take part in our events, webinars, contests, trainings and certification courses;
- Download or otherwise engage with Braze content and publications;
- Submit requests for an action, support or information;
- Participate in recorded meetings or events;
- Engage with our resellers;
- Apply to work with us, view or share job postings by Braze; or
- Work at partners or suppliers of Braze and interact with our company in the course of doing business or contemplating doing business with us.
Braze collects Personal Data from a variety of sources, such as from:
- the Individual who is the subject of such Personal Data,
- publicly available sources (such as an Individual’s Social Media account),
- our business partners or vendors, and
- Braze affiliates.
What type of data do we collect?
Personal Data that we may collect includes but is not limited to:
- name, email address and job title,
- CV/resume and work history, education, interests, professional references,
- marketing subscription status,
- audio and video recordings of meetings, event attendance,
- trainings and certifications
- downloads or engagement with Braze reports and other publications,
- content of requests for action, support or information,
- certain information in connection with the use of the Websites by visitors and information about your interaction with other relevant third-party pages displaying Braze content; these will also include:
- Device Data: information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier
- Usage Data: information, such as the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage.
2.2 PURPOSES OF PROCESSING
Braze collects Personal Data for several purposes, including:
- Enabling us to understand and engage with those who are interested in learning about our products, services, content, and company-related initiatives;
- Promoting the security of our Websites and Services by tracking use of our Websites and Services, enforcing our terms and policies, investigating and preventing fraudulent, suspicious or illegal activities, and preventing unauthorized access to the Services;
- Providing, operating, and maintaining the Services including billing and account management purposes;
- Responding to requests for action, support or information;
- Complying with our contractual obligation to provide technical and customer success support;
- Registering office visitors to maintain the security of our offices and to ensure the confidentiality of our business activities;
- Analyzing our customers' use of the Services and Websites for trend monitoring, marketing, advertising, for improvements, for security purposes and to ensure continued proper functioning;
- To send marketing communications about us and our affiliates and partners, including information about our products, promotions or events;
- For internal training and research;
- Sending messages to the users of our Services with respect to technical alerts, updates, security notifications, and educational and administrative communications;
- Recruiting, interviewing, evaluating and hiring job candidates including having oversight of interactions with our job postings on our Websites, third-party social media platforms and recruitment systems; and
- Complying with legal obligations, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.
Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to comply with our legal obligations or perform our contract with you.
If you provide us with Personal Data relating to another person, you confirm that you have informed them of our identity and the purposes (as set out above) for which their Personal Data will be used and that you have obtained their consent prior to sharing their information with us.
2.3 SHARING AND DISCLOSURE OF INFORMATION TO THIRD PARTIES
We may share and disclose Personal Data to the following types of third parties and for the following purposes:
- General Business Purposes - We may disclose information to Braze corporate group affiliates, consultants, third-party vendors and other service providers, in connection with customer or technical support, marketing, recruiting, operations, account management, and general business purposes.
- Compliance with Laws – We may disclose information to a third party where we are legally required to do so in order to comply with any applicable law, regulation, legal process or governmental request;
- Protection of our legal rights – We may also disclose information where we believe it necessary in order to protect or exercise, establish or defend our legal rights;
- Business Transfers – We may share or transfer information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company;
- Receiving Professional Advice – In individual instances, we may share Personal Data with professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors and insurers based in countries in which we operate, who provide consultancy, banking, legal, insurance and accounting services, but only to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data;
- Publicly shared data – Any Personal Data or other information you choose to submit in communities, forums, blogs or chat rooms on our Websites may be read, collected and used by others who visit these forums, depending on your account settings.
PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION
3.1 PROCESSING OF PERSONAL INFORMATION IN THE U.S. AND ELSEWHERE
Our Website servers are located in the United States, and our group companies and third-party service providers and partners operate in the United States, Singapore, Germany, Japan and the United Kingdom. This means that when we collect your Personal Data, we may process it in any of these countries. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective), but we have in place appropriate safeguards and international transfer mechanisms (e.g., EU Standard Contractual Clauses). We also provide a number of supplementary measures designed to better protect the Personal Data that we are entrusted with.
330 West 34th Street, 18th Floor
New York, NY 10001
Braze has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints regarding Personal Data transferred from the EU, the United Kingdom and Switzerland. Under certain circumstances, individuals may be able to invoke binding arbitration, in accordance with the Privacy Shield requirements. In addition, as a U.S.-based company, Braze may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We use technical, organizational and administrative security measures designed to protect the security, confidentiality and integrity of information.
3.3 DATA RETENTION
We will retain Personal Data we collect from you for so long as we have an ongoing legitimate business need to do so (in connection with the purposes set out in Part II above). We determine the appropriate retention period for Personal Data on the basis of the purpose for which we process the Personal Data, the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
PART IV. YOUR PRIVACY RIGHTS
You may have the following privacy rights:
- If you wish to access, correct, update or request deletion of your Personal Data, you can do so at any time by contacting us through this FORM (which will ask from you information necessary for us to process your request) or by using the contact details provided under the “How to contact us” heading below. We provide additional information below for California residents who wish to submit access or deletion requests.
- In addition, if you are a resident of the EEA or the United Kingdom, you can object to processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data. Again, you can exercise these rights by contacting us through this FORM (which will ask from you information necessary for us to process your request) or by using the contact details provided under the “How to contact us” heading below. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our Websites or in our Services;
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” link in the marketing communications we send you, by going to our Preference Center, or by using the contact details provided under the “How to contact us” heading below. Please note that opting-out of the receipt of marketing communications from us does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements or security information.
- You can manage your cookie preferences by visiting our Cookie Consent Manager.
- If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local supervisory authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Where you wish to enforce any of these rights in respect of our Services, you should contact the customer who provides you with the Customer Application.
If you have a question about your privacy rights, please email us at firstname.lastname@example.org
If you are a visitor to our Websites from the EEA or the United Kingdom, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us through this FORM (which will ask from you information necessary for us to process your request) or by using the contact details provided under the “How to contact us” heading below.
PART VI. IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS
This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this Part VI, Personal Information has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”). However, this Statement does not apply:
- To information exempted from the scope of the CCPA;
- Except as required by the CCPA, to Personal Information we collect from individuals acting in their capacities as representatives of organizations solely in the context of conducting due diligence regarding, or providing or receiving a product or service to or from, such organizations; or
- To Personal Information we collect, use, and share on behalf of our customers as a "service provider" under the CCPA for purposes of providing our services to them.
6.1 YOUR CALIFORNIA PRIVACY RIGHTS.
As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third-party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Non-discrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services, increasing the price/rate of services, decreasing service quality, or suggesting that we may penalize you as described above for exercising your rights.
6.2 HOW TO EXERCISE YOUR RIGHTS
You can request to exercise your information, access and deletion rights by visiting our Preference Center or by using the contact details provided under the “How to contact us” heading below. We will need to confirm your identity and California residency to process your information, access or deletion requests, and we reserve the right to confirm your California residency. Government identification may be required. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with confirmation that you have given the authorized agent permission to submit the request.
6.3 PERSONAL INFORMATION THAT WE COLLECT, USE AND SHARE
STATUTORY CATEGORY (including statutory definition)
WHAT WE COLLECT
Commercial Information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
· Data about what an individual has purchased from Braze (including tickets to Braze-sponsored events)
· Data about publications, content and events where an individual has attended webinars or events or viewed or downloaded content.
Identifiers. Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver’s license number, passport number or other similar identifiers.
· Real name
· Unique customer number (assigned randomly by Braze)
· Email address
· Account name
Inferences. The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
May be derived from your:
· Device Data (as described in Section 2.1
· Usage Data (as described in Section 2.1)
· Job title
· Company size
Internet or Network Information. Browsing history, search history, and information regarding a person’s interaction with an Internet website, application, or advertisement.
Usage Data (as described in Section 2.1)
Online Identifiers. An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol (IP) address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.
· Device data (as described in Section 2.1)
· Unique customer number (assigned randomly by Braze)
Professional or Employment Information. This term is not defined in the CCPA, but likely includes any information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations).
· Current company
· Current job title
Audio, electronic, visual, thermal, olfactory, or similar information.
Audio and video recordings.
Protected Classification Characteristics. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
We do not intentionally collect this data, but certain characteristics may be revealed in identity data or other information we collect.
The business/commercial purposes for which we use these categories of Personal Information are described above in Section 2.2 (Use of Personal Data). The categories of third parties to which we these categories of Personal Information are described above in Section 2.3 (Sharing of Personal Data).
PART VII. IMPORTANT INFORMATION FOR JAPANESE VISITORS
Braze Japan may share your Personal Data with Braze group affiliates and other third parties for purposes described in Section 2.3 hereof. A list of the Braze office locations may be found on our website. The categories or items of the Personal Data that Braze Japan may share with a third party are the same as those described in “What type of data do we collect?” When Braze Japan shares your Personal Data with entrusted third parties, Braze Japan shall be the entity that is responsible for processing and managing your Personal Data.
7.2 BRAZE JAPAN’S INFORMATION
PART VIII. OTHER IMPORTANT INFORMATION
Our Services are not directed to individuals under the age of 16. We do not knowingly collect Personal Data from such individuals without parental consent and require our customers to fully comply with applicable law in the data collected from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the “How to Contact Us” section, below, and we will take steps to delete such Personal Data from our systems.
8.3 HOW TO CONTACT US
- If you would like to update your preferences with regards to our marketing communications to you, you can do this in our Preference Center.
- If you have a request regarding Braze’s processing (e.g., access, update or deletion) of your Personal Data (other than setting up your preferences for our marketing communications, which you can do in our Preference Center), please complete this FORM.
- If you would like to manage your cookie settings you may do so by visiting our Cookie Consent Manager
330 West 34th Street, 18th Floor
New York, NY 10001