This California Consumer Privacy Act Notice is provided to California residents to supplement Black Duck, Inc.’s general privacy policy (“Policy”) in compliance with the California Consumer Privacy Act of 2018 (“CCPA”) as amended. Any terms defined in the CCPA have the same meaning when used in this notice. These disclosures do not reflect our personal information handling practices with respect to California residents' personal information where an exception or exemption applies under the CCPA.
Contents:
Section 1 – Consumer Notice
Section 2 – Workforce Notice (including Applicants, Contractors and Interns)
Section 3 – California Residents’ Privacy Rights
Personal Information We Collect
Black Duck does not sell personal information of California consumers for monetary or other valuable consideration.
Black Duck collects the following categories of personal information from California consumers:
Category |
Examples |
Collected |
A. Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. |
YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. |
YES |
C. Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
YES |
D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES |
E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
NO |
F. Internet or other similar network activity. |
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
YES |
G. Geolocation data. |
Physical location or movements. |
NO |
H. Sensory data. |
Audio, electronic, visual, thermal, olfactory, or similar information. |
NO |
I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
YES |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
YES |
K. Inferences drawn from other personal information. |
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
NO |
Our Personal Information Handling Practices
We may collect such personal information from the following categories of sources and for the following business or commercial purposes:
Black Duck maintains information about the products or services purchased by our customers and their contact information. We may use this information to contact California consumers in order to provide support, billing, license verification, and other services connected with the use of Black Duck products.
In connection with the use of Black Duck’ websites, in order to use certain protected areas of the Site or to request a white paper, we require California consumers to complete a registration form and/or create a user name and password. During registration, users are required to give contact information (such as name and email address). We may use this information to contact California consumers about the services on our Site in which they have expressed interest. This information may also be disclosed to (but not sold to) Black Duck’ subsidiary companies and distributors.
Black Duck may collect information about the use of our Site including browsing history and information regarding a visitor’s interaction with our sites. Where such information is linked to a user’s contact information, we may use this information to contact California consumers about the services on our Site in which they have indicated interest.
Black Duck may collect contact information of potential customers of Black Duck products and services from professional social networking websites and other public sources of information such as US Securities and Exchange Commission filings. In compliance with applicable laws, we may use this information to contact California consumers about products or services that may be of interest to their businesses.
We may also collect the above categories for purposes of reviewing and processing an application, for security and audit purposes, for marketing (except for cross-contextual advertising), and for providing any relevant services.
We may disclose the above-listed categories of personal information collected by Black Duck with our subsidiary companies, providers for processing purposes related to the collection, and distributors.
Black Duck will not sell personal information of California consumers. This includes personal information of minors under 16 years of age.
Criteria We Consider When Retaining Personal Information
In general, we retain each of the categories of personal information and sensitive personal information described in this Notice for the longer of (i) 4 years following the end of your work with us or up to 7 years in archive, (ii) any duration necessary for compliance with laws, (iii) for as long as necessary for the exercise or defense of legal rights and archiving, back-up and deletion processes, or (iv) as long as necessary to provide relevant services.
Personal Information We Collect
If you are an employee, contractor, or intern of Black Duck, we may collect your name, contact information, identification data, bank account details, information related to your job, health-related information, salary, benefits, compensation, your use of company equipment and resources, your communications, your performance, any disciplinary actions against you, and other information relating to you as an employee based in California for the purposes described below. Black Duck also uses technologies, systems and processes to monitor and safeguard employee compliance with applicable laws and company policies, to protect Black Duck' employees, data, Black Duck’ intellectual property, and premises as well as any computer systems owned by Black Duck, employees or third parties that contain or provide access to information pertaining to Black Duck' business. Whenever you are using such computer systems, your actions and communications may be monitored, recorded, tracked, filtered, deleted, and otherwise processed.
Sensitive Information means a consumer’s social security, driver’s license, state identification card, or passport number; a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; a consumer’s precise geolocation; a consumer’s racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership; a consumer’s racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership; the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; a consumer’s genetic data. With your consent, or as otherwise permitted by applicable law, we may collect Sensitive Information:
We do not use "sensitive personal information" to infer characteristics about you.
Purposes For Which We Collect and Use Personal Information
We use personal information about our employees to:
California consumers have the right to request disclosure of (i) the categories and specific pieces of the personal information about them that we have collected and use, (ii) the categories of sources from which the personal information has been collected, (iii) the categories of personal information about them that we sold or disclosed for a business purpose and the categories of third parties to whom the personal information was sold or disclosed for a business purpose (if applicable), as well as (iv) the business or commercial purposes for collecting or, where applicable, selling their personal information. California consumers also have the right to request (v) deletion of their personal information pursuant to Cal. Civ. Code §§1798.105 and (vi) may not be discriminated against because they exercise any of the privacy rights conferred by the CCPA.
To exercise the access, data portability, and deletion rights described above, California consumers can make requests by sending us an email to privacy@blackduck.com or by telephoning us at tbd. When we receive a request, we will take steps to verify that the individual making the request is the California consumer to whom the requested personal information pertains. You may only make a verifiable request for access or data portability twice within a 12-month period.
We will ask that California consumers provide certain information to verify their identity, such as a code sent to an email address we may have on file for them. If California consumers have a password-protected account with us, we may verify their identity through our existing authentication practices for their account. The information that we ask to be provided to verify the identity of California consumers will depend on their prior interactions with us and the sensitivity of the personal information at issue. We will respond to requests in accordance with the CCPA. If we deny requests, we will explain why.
You may designate an authorized agent in writing to make verifiable requests on your behalf. You may also make a verifiable request on behalf of your minor child. When using an authorized agent to submit a request, we may require that a California consumer (i) provide the authorized agent written permission to do so and make a certified copy of such written permission available to us, and that the California consumer verify his or her own identity directly with us. This applies unless the authorized agent has been provided with power of attorney pursuant to Probate Code sections 4000 to 4465. We may deny a request from an agent who does not submit proof that they have been authorized by the California consumer on whose behalf they are making the request.
For questions or concerns about our privacy policy and practices, please contact us at privacy@blackduck.com.
This California Consumer Privacy Act Notice was last updated on October 1, 2024.