PART I. GENERAL INFORMATION
1.1 OUR COMMITMENT TO PRIVACY
1.2 INTRODUCTION TO BRAZE
Braze is a U.S. company, headquartered in New York, with global operations. A reference to “Braze,” “we,” “us” or the “Company” is a reference to Braze, Inc. and the relevant affiliate(s) involved in the processing activity.
Braze is a life-cycle engagement platform for companies around the world, supporting stronger relationships between brands and their clients, primarily by leveraging first party data to personalize and automate life-cycle marketing campaigns through first party channels, such as email, SMS, mobile and web push notifications, and in-app/in-browser messaging.
Braze processes a variety of personal data, including but not limited to name and job role, CV/resume and work history, education, interests, professional references, email addresses, device data, ID data, event attendance, location, marketing subscription status, audio and video recordings from our prospects, customers, business partners and vendors (if they are natural persons), their respective employees, advisors, and/or contractors, along with the data of whoever our customers have authorized to use the Braze services (the “Services”) on their behalf.
Braze collects personal data relating to or identifying individuals (“Personal Data”) from people (collectively, “Individuals”) who:
Braze collects Personal Data from a variety of sources, such as the Individual who is the subject of such Personal Data, from publicly available sources (such as an Individual’s Social Media accounts), from our business partners, from data providers and from Braze affiliates.
Additionally, our Website or Services may contain links to other websites, applications and services maintained by third parties. The privacy and data security practices of such third-party sites are governed by the privacy statements of those third parties, and not by Braze.
More information about Braze can be found at www.braze.com.
PART II. INFORMATION WE COLLECT AS A DATA CONTROLLER AND THE PURPOSES FOR WHICH WE USE IT
Braze acts as a Data Controller with respect to the Personal Data it collects from Individuals, as described in Section 1.2 above.
2.1 DEVICE AND USAGE DATA
As is true of most websites, we gather certain information automatically in connection with the use of the Website by individual users. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier (“Device Data”). We may also automatically collect information about how you use the Website, such as the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage (“Usage Data”).
2.2 USE OF PERSONAL DATA
Braze collects Personal Data for several purposes, including:
Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to comply with our legal obligations or perform our contract with you.
If you provide us with Personal Data relating to another person, you confirm that you have informed them of our identity and the purposes (as set out above) for which their Personal Data will be used and that you have obtained their consent prior to sharing their information with us.
2.3 SHARING AND DISCLOSURE OF INFORMATION TO THIRD PARTIES
We may share and disclose Personal Data to the following types of third parties and for the following purposes:
PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION
3.1 PROCESSING OF PERSONAL INFORMATION IN THE U.S. AND ELSEWHERE
Our Website servers are located in the United States, and our group companies and third-party service providers and partners operate in the United States, Singapore and the United Kingdom. This means that when we collect your Personal Data, we may process it in any of these countries. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective), but we will put in place appropriate safeguards, including certification to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.
330 West 34th Street, 18th Floor
New York, NY 10001
Braze has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints regarding Personal Data transferred from the EU, the United Kingdom and Switzerland. Under certain circumstances, individuals may be able to invoke binding arbitration, in accordance with the Privacy Shield requirements. In addition, as a U.S.-based company, Braze may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We use technical, organizational and administrative security measures designed to protect the security, confidentiality and integrity of information.
3.3 DATA RETENTION
We will retain Personal Data we collect from you for so long as we have an ongoing legitimate business need to do so (in connection with the purposes set out in Part II above). We determine the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
PART IV. TRACKING TECHNOLOGIES
4.1 TRACKING TECHNOLOGIES USED IN CONNECTION WITH OUR WEBSITE
When you visit our Website, we or an authorized third party may place a cookie on your browser and/or device, which collects information, including Personal Data, about your visits to our Website over time. Cookies allow us to track usage, determine your browsing preferences and improve and customize your browsing experience.
We also use web beacons on our Website and in email communications. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email. Such technologies are used to operate and improve our Website and email communications. For instructions on how to unsubscribe from our marketing emails, please visit our Preference Center.
Our Website may allow you to share articles on social network sites such as LinkedIn and Twitter. You may be given the option on our Website to post information about your activities on a website to a profile page of yours that is provided by a third-party social media network in order to share with others within your network. These social media sites are hosted by the respective social media networks and if you click through to these social media sites from our Website, the latter may receive information showing that you have visited our Website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our Website with your social media profile.
Your interactions with social media sites are governed by the privacy policies of the companies providing the relevant social media sites.
PART V. YOUR PRIVACY RIGHTS
5.1 PRIVACY RIGHTS
You may have the following privacy rights:
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Where you wish to enforce any of these rights in respect of our Services, you should contact the Customer who provides you with the Customer Application. We will then help them to fulfil that request in accordance with their instructions and applicable legal requirements.
5.2 UNSUBSCRIBE FROM OUR MAILING LIST
Braze complies with all applicable anti-spam laws when it sends emails or other digital messages to you. You may at any time ask us to remove you from any mailing list on which you previously asked Braze to include you by going to our Preference Center, or by clicking "Unsubscribe" in any email communications we send you. Please note that opting-out of the receipt of marketing communications from us does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements or security information.
PART VI. LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA AND UK VISITORS ONLY)
If you are a visitor to our Website from the EEA or the United Kingdom, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us through this FORM (which will ask from you information necessary for us to process your request) or by using the contact details provided under the “How to contact us” heading below.
PART VII. IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS
This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this Part VII, Personal Information has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.
7.1 YOUR CALIFORNIA PRIVACY RIGHTS.
As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
7.2 HOW TO EXERCISE YOUR RIGHTS
You can request to exercise your information, access and deletion rights by visiting our Preference Center. We will need to confirm your identity and California residency to process your information, access or deletion requests, and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities and your agent must provide valid power of attorney or other proof of authority acceptable to us in our reasonable discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
7.3 PERSONAL INFORMATION THAT WE COLLECT, USE AND SHARE
STATUTORY CATEGORY (including statutory definition)
WHAT WE COLLECT
Commercial Information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
· Data about what an individual has purchased from Braze (including tickets to Braze-sponsored events)
· Data about what an individual has downloaded from the Braze Website
Identifiers. Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver’s license number, passport number or other similar identifiers.
· Real name
· Unique customer number (assigned randomly by Braze)
· Email address
· Account name
Inferences. The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
May be derived from your:
· Device Data (as described in Section 1.2)
· Usage Data (as described in Section 1.2)
· Job title
· Company size
Internet or Network Information. Browsing history, search history, and information regarding a person’s interaction with an Internet website, application, or advertisement.
Usage Data (as described in Section 1.2)
Online Identifiers. An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol (IP) address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.
· Device data (as described in Section 1.2)
· Unique customer number (assigned randomly by Braze)
Professional or Employment Information. This term is not defined in the CCPA, but likely includes any information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations).
· Current company
· Current job title
Audio, electronic, visual, thermal, olfactory, or similar information.
Audio and video recordings.
Protected Classification Characteristics. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
We do not intentionally collect this data, but certain characteristics may be revealed in identity data or other information we collect.
The business/commercial purposes for which we use these categories of Personal Information are described above in Section 2.2 (Use of Personal Data). The categories of third parties to which we these categories of Personal Information are described above in Section 2.3 (Sharing of Personal Data). We do not sell your Personal Information.
PART VIII. OTHER IMPORTANT INFORMATION
Our Services are not directed to individuals under the age of 16. We do not knowingly collect Personal Data from such individuals without parental consent and require our customers to fully comply with applicable law in the data collected from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the “How to Contact Us” section, below, and we will take steps to delete such Personal Data from our systems.
8.3 HOW TO CONTACT US
330 West 34th Street, 18th Floor
New York, NY 10001