GraphPad Software, LLC Privacy Policy

Effective Date: 25 May 2018
GraphPad Software, LLC and its subsidiaries (“we” or
GraphPad Software, LLC”) value the privacy of customers who use our products, cloud services and web
sites, and we make all commercially reasonable efforts to protect that privacy.

This Privacy Policy explains what information (including Personal Information) we collect about you and why, what we do with that information, and how we handle the data and content you place in our products and services (together, referred to as “information”). “Personal
Information
” is information about an identified or identifiable individual.

GraphPad Software, LLC is the “Data Controller” for all personal data collected by GraphPad, and GraphPad Software, LLC is responsible for deciding how personal data is collected, used and disclosed. For the purposes of this Privacy Policy, Personal Information includes personal data.

1. Scope of Privacy Policy

This Privacy Policy applies to the information that we obtain through your use of our products, cloud services, websites and customer support portals (separately and collectively, the “Service”) or through your communication with GraphPad Software, LLC employees regarding the Services.

This Privacy Policy also applies to information we obtain through external, third party, or public, resources to provide the aforementioned Services and Communications.

Products include GraphPad Software, LLC Geneious software, any modules or plug-ins developed for Geneious by GraphPad Software, LLC such as the Microsatellite plug-in, and any other GraphPad Software, LLC products that display a link to this Privacy Policy.

Cloud services include GraphPad Software, LLC services and applications available through the internet and hosted on remote servers managed by GraphPad Software, LLC including the Geneious cloud services, the Geneious Biologics cloud services, the Geneious 16S Biodiversity cloud service, and Biomatters’ Genome Profiler and Melanoma Profiler applications.

Websites and customer support portals include biomatters.com, geneious.com, support.geneious.com, geneiousbiologics.com, and any related websites, sub-domains and pages.

By registering for or using any of the Services, you consent to the collection, transfer, processing, storage, disclosure and other uses of information described in this Privacy Policy. Where relevant, we may also ask you to confirm your acceptance of our right to this use of your data.

Any third party products or services that you may use in conjunction with our products, services or websites are not covered by this Privacy Policy. You should always review the policies of third party products and services to ensure that you are comfortable with the ways in which they collect and use your information.

2. Information You Provide

When you use our Services, we may collect the following information:

(a) Account and Profile Information

When you register for an account, create or modify your profile, make purchases through, use, access or interact with any of our Services, we collect information that you provide about you and your company or research institution. This information may include but not be limited to your name, username, address, email address, phone number, profile photo, or job title. You may provide this information directly when you enter it in one or more of our Services, or in some cases another user (such as a system administrator) may provide it, for example when creating an account on your behalf. If you are providing information (including Personal Information) about another person, you confirm that you have the authority to act for them and consent to the collection and use of their Personal Information as described in this Privacy Policy.

(b) Content

We collect information that you create, input, submit, post, upload, transmit, store or display (including Personal Information and/or sensitive information) in the process of using our Services, for example when you request customer support.

Please note that the user forums on our support.geneious.com website are open to any online viewer. Any information that you post in these locations can be read, collected and used by anyone, and could enable others to send you unsolicited messages. GraphPad Software, LLC is not responsible for any publication or use of any information, including but not limited to personal information, that you choose to post in these locations.

(c) Credit Card Information

We use a third party payment processor, Avangate Inc., for all transactions where you use a credit card to purchase our Services. The payment processor securely handles all credit card details and informs us whether transactions succeed or fail. We do not receive (and cannot store) any credit card information whatsoever at any time.

3. Other Information We Collect From Your Use Of Our Services

When you use our Services, we may also collect the following information:

(a) Web Logs

Like most websites and services delivered over the internet, we gather certain information and store it in log files when you interact with our websites, products and cloud services. This information may include internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, information about your computer or mobile device, and system configuration information. In the case of our products or cloud services, the URLs you accessed (and therefore included in our log files) may include usernames as well as other information (such as project names or sample information) necessary for the Service to perform the requested operations.

(b) Analytics Information

We and our analytics providers collect and store analytics information when you use our Services, to help us improve our products and services. This analytics information may consist of features and functions being used, the associated license key and domain name, the username and IP address of the individual using the feature or function, file sizes and filenames, and additional information about the operation of the function and which parts of the Service are being affected.

We use Google Analytics as our analytics provider for our cloud services, websites and customer support portals. The Google Analytics privacy policy may be found at https://support.google.com/analytics/topic/2919631. If you wish to opt out of Google Analytics reporting please visit: https://tools.google.com/dlpage/gaoptout/.

We also collect and compile usage data to understand broad patterns and trends in the use of our Services and the composition of our user base.

By default, our Geneious desktop software automatically contacts our servers to check for updates. This process is anonymous, but does include the type of license and version number of the software associated with the instance, and the operating system used.

With your permission, we may also collect non-personally identifying statistics about the functions you use in our Geneious desktop software, and how often you use them. The information we collect may include data types that you have imported into or exported from the Geneious software, buttons you have clicked, types of calculations you have run and computational time associated with those calculations. These usage statistics do not include Personal Information or the contents of your data that you process using the software. This usage tracking is an optional setting, and can be turned on and off at any time by following these steps:

  1. Go to Tools > Preferences.
  2. On the General tab, select ‘Send anonymous usage information’ to turn usage tracking on, or deselect it
    to turn it off.
  3. Click OK.

The only time we may collect Personal Information during a user’s use of the Geneious software is in the
specific case where a user voluntarily submits the information as part of a support/feedback/crash
report.

(c) Cookies and Other Tracking Technologies

We use various technologies to collect information, including cookies that we save to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customize your experience of our Services, to allow you to access and use our Services without re-entering your username and password, and to count visits and understand which areas and features of the Services are most popular. You can change the options in your browser to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may be unable to use all aspects of our Services. We also collect information using tracking pixels. These are electronic images that may be used in our Services or in emails that help us to deliver cookies, count visits, understand usage, and determine whether an email has been opened and acted upon.

(d) Software Updates and License Information

Our products and cloud services communicate with secure servers hosted by Amazon Web Services and/or our CRM providers Salesforce and Zendesk for licensing purposes and to check for software updates. Examples of information we collect for these purposes include the software version, license key, and IP address of the customer instance.

4. How We Use Information We Collect

We use the information we collect for a variety of purposes, including:

  1. To provide, operate, maintain, improve and promote our Services.
  2. To enable you to access and use our Services, including uploading, downloading, sharing and
    collaborating on data.
  3. To process and complete transactions, and send you related information, including purchase confirmations
    and invoices.
  4. To communicate with you, including contacting you electronically (e.g. by text or email) for the
    purposes of responding to your comments, questions and requests, providing customer service and support,
    providing you with information about our Services, features, surveys, offers, promotions, events and
    other news, and sending you technical notices, updates, security alerts, and support and administrative
    messages. You can opt out of receiving promotional communications.
  5. To monitor and analyze trends, usage, and activities in our Services.
  6. To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other
    illegal activities.
  7. To protect and/or enforce our legal rights and interests, including defending any claim.
  8. For other purposes authorized by you or applicable privacy laws.

As described in Section 3(b), we also collect and compile usage data to understand broad patterns and trends
in the use of our Services and the composition of our user base, for the purposes of improving our Services
and to develop new products and services.

5. Information Sharing and Disclosure

We will not share or disclose any of your personal information or data with third parties except as described in this policy. We do not sell your personal information or data.

When you use some of our Services, you may grant permission to other users to access your information and data for the purposes of collaboration. Where this information and data is sensitive, you should use the security and privacy features of the Services to limit those who can access it.

You should also be aware that any administrator of your instance of our products or services may be able to access information in and about your account, disclose, restrict, or access information that you have provided or that has been provided to you when using your account, and control how your account may be accessed or deleted.

Where we work with third party service providers to provide hosting, back-up, storage, virtual infrastructure, payment processing, analysis or any other services, these third parties may have access to or process your information in the course of providing these services, but our agreements with these third parties do not provide them with any rights to use (other than for the purposes of providing their services to us), access or distribute any of your information or data.

We may disclose your information to a third party if we believe that disclosure is reasonably necessary

  1. to comply with any applicable law, regulation, legal process or government request,
  2. to enforce our agreements, policies and terms of service,
  3. to protect the security or integrity of our Services, or
  4. to protect GraphPad Software, LLC, our customers or the public from harm or illegal activities.

To the extent reasonably necessary, we may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to a third party, however, we will take reasonable steps to ensure that the third party is under industry standard obligations of confidentiality.

We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.

6. Data Storage, Transfer and Security

We will take reasonable precautions to protect your personal information and data from loss, misuse, unauthorized access, disclosure, unauthorized alteration, destruction or other malfeasance.

We host data with hosting service providers in numerous countries including (where permitted under applicable privacy laws) the United States. The servers on which your information and data are stored are kept in controlled environments. While we make reasonable efforts to guard your information and data, no security system is impenetrable and due to the inherent nature of the internet as an open global communications system, we cannot guarantee that information, during transmission through the internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any information or data you store in our Services are maintained at levels of protection to meet specific needs or obligations you may have relating to that information or data.

We are committed to protecting the security of your information and data, and we make commercially reasonable efforts to ensure their security on our systems, including but not limited to the following:

  1. Your account passwords are protected by encryption, and only you (or anyone administering your account
    on your behalf) have access to them.
  2. Your personal information and data stored in our systems are protected by various physical, electronic
    and procedural safeguards. They are housed in a secure facility, and GraphPad Software, LLC and our infrastructure
    service providers restrict physical and network access to this facility to select trained staff and
    regularly evaluate our technologies, facilities, procedures and potential risks to maintain the security
    and privacy of your data.
  3. Where possible, we employ industry standard SSL data encryption when we transfer your information and
    data over the internet in the course of your use of our Services.

7. How Long We Retain Your Personal Information

We will retain your personal information for as long as is needed to fulfill the purposes outlined in this
Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or
other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete
or anonymize it. If this is not possible, for example because your personal information has been stored in
backup archives, then we will securely store your personal information and isolate it from any further
processing until deletion is possible.

8. Review and Correction Of Your Personal Information

At any time, you may review and correct your Personal Information in your user profile. Subject to certain
grounds for refusal set out in any applicable privacy laws, you may also request access to, or correction or
removal of your registration data and readily retrievable Personal Information from our systems, however we
reserve the right to provide technical support and software upgrades to registered users only. Before you
exercise these rights of access, correction and removal, we will need evidence to confirm that you are the
individual to whom the personal information relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able
to change the Personal Information, we will make the correction. If we do not make the correction, we will
take reasonable steps to note on the Personal Information that you requested the correction.

Where we are entitled at law to do so, we may charge you our reasonable costs of providing to you copies of
your Personal Information or correcting that information.

9. Compliance With Privacy Laws and Regulations

You agree not to use our Services in a manner that would violate laws protecting an individual’s privacy
rights.

10. International Users

GraphPad Software, LLC may store your data and information (including Personal Information) in secure servers of its
trusted service providers in the United States, European Union and New Zealand when you agree to any terms
and conditions governing your use of the Services.

Where we use service providers based in the United States to support our provision of the Services, we use
service providers who have adopted the principles of the EU-US Privacy Shield, a framework which helps to
protect Personal Information transferred from the European Union to the United States. More information on
the EU-US Privacy Shield can be found at https://www.privacyshield.gov/Program-Overview and
the following sites of our service providers. See:

  1. Amazon Web Services: https://aws.amazon.com/compliance/eu-us-privacy-shield-faq/
  2. Google: https://www.google.com/intl/en/policies/privacy/
  3. Salesforce: https://www.salesforce.com/company/privacy/
  4. Avangate: http://www.avangate.com/privacy-shield-policy.php
  5. Zendesk: https://www.zendesk.com/company/customers-partners/privacy-policy/
  6. Jira: https://www.atlassian.com/legal/privacy-policy

If you are using our Services from the European Union or other regions with laws governing data collection
and use, please note that you are agreeing to the transfer of your information to the United States and/or
New Zealand, unless an exception is agreed in writing.

Where we transfer any Personal Information to another territory, we will take all reasonable steps to ensure
that the Personal Information is subject to an equivalent standard of protection to that given to it in your
location.

By providing your information to us, you consent to any transfer and processing in accordance with this
Privacy Policy.

11. Legal Basis for Processing (EEA only)

If you are an individual from the European Economic Area (EEA), our legal basis for collecting and using the
personal information will depend on the personal information concerned and the specific context in which we
collect it. However, we will normally collect personal information from you only where:

  1. we have your consent to do so,
  2. where we need the personal information to perform a contract with you, or
  3. where the processing is in our legitimate interests (and not overridden by your data protection
    interests or fundamental rights and freedoms). In some cases, we may also have a legal obligation to
    collect personal information from you.

Where we rely on your consent to process the personal information, you have the right to withdraw or decline
your consent at any time.

12. Additional Rights for Certain Territories

If you are from certain territories (such as the EEA), you may also have additional rights available to you
under applicable laws, these may include:

  1. Right of erasure: In certain circumstances, you may have a broader right to erasure of personal
    information that we hold about you, for example if it is no longer necessary in relation to the purposes
    for which it was originally collected.
  2. Right to object to processing: You may have the right to request that GraphPad Software, LLC stop processing your
    personal information and/or to stop sending you marketing communications.
  3. Right to restrict processing: You may have the right to request that we restrict processing of your
    personal information in certain circumstances, for example where you believe that the personal
    information we hold about you is inaccurate.
  4. Right to data portability: In certain circumstances, you may have the right to be provided with your
    personal information in a structured, machine readable and commonly used format and to request that we
    transfer the personal information to another data controller without hindrance.

If you would like to exercise such rights, please contact us as described in Section 15 of this Policy. We
will consider your request in accordance with applicable laws. To protect your privacy and security, we may
take steps to verify your identity before complying with the request.

You may also have the right to complain to a data protection authority about our collection and use of your
personal information. For more information, please contact your local data protection authority.

13. Sensitive Information

We do not knowingly collect any sensitive personal information, for example racial, ethnic, political, or
religious information on our customers. Please do not submit any sensitive information through our websites
or Services.

If you have reason to believe that sensitive personal information has been provided to us through the
websites or Services, please contact us, as described in Section 15, and we will use commercially reasonable
efforts to delete that information.

14. Changes and Updates

As this Privacy Policy may be revised and updated from time to time, we will modify the “Effective Date” at
the top of this Privacy Policy to provide notice that a revision has occurred. We may also provide you with
additional notice, such as adding a statement to a login screen or sending you an email notification. Please
periodically review our Privacy Policy to keep abreast of our procedures to protect the information and data
we collect.

Your continued use of any of the Services constitutes your agreement to this Privacy Policy and any
updates.

15. Contact Us

If you have any questions about or need further information concerning this Privacy Policy, the information
we collect, or our use of your personal information, please contact
us
.