Scaled Agile, Inc.

Privacy Notice

Updated: October 3, 2023

Scaled Agile, Inc. (“Scaled Agile,” “us,” “we,” our”) has created this Privacy Notice to explain our privacy practices with respect to how we collect, use, disclose and otherwise process personal information in connection with operating our business, as well as the choices available to individuals regarding such personal information. Scaled Agile may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information. These supplemental privacy policies will govern how we may process the information in the context of the specific product or service.

Our websites, products and services are designed for enterprise customers, their representatives, and other individuals in their business or professional capacity. We do not offer products or services for use by individuals for their personal, family or household purposes. Accordingly, we treat all personal information we collect as pertaining to individuals in their professional capacities and not their individual capacities. This Privacy Notice does not apply to personal information we process on behalf of our enterprise customers as part of providing the SAFe Enterprise Subscription. This Privacy Notice does, however, apply to personal information we process when individuals use the SAFe Enterprise Subscription through one of our enterprise customers and then establish an independent relationship with us, such as when individuals obtain certifications. Scaled Agile’s enterprise customers may have their own policies regarding the collection, use and disclosure of their users’ personal information. Scaled Agile is not responsible for our enterprise customers’ processing of personal information. To learn about how the relevant Scaled Agile enterprise customer processes your personal information, we encourage you to read such entity’s privacy statement or contact it directly.

Please contact Scaled Agile, Inc. via this link https://www.scaledagile.com/contact-us/ if you have questions about this Privacy Notice.


Table of Contents:

  1. Personal Information We Collect
    1. Whose personal information do we collect?
    2. How we collect personal information?
    3. What types of personal information do we collect?
  2. How We Use Personal Information
  3. How We Retain Personal Information
  4. How We Disclose Personal Information
  5. Cookies and Other Information We Collect by Automated Means
  6. Your Privacy Choices
    1. Access or update your information
    2. Opt out of marketing communications
    3. Cookies and browser web storage
    4. Online tracking opt out
    5. Choosing not to share your personal information
  7. Notice to Individuals in the European Economic Area (EEA) and United Kingdom
    1. Legal bases for processing personal information
    2. No sensitive personal information
    3. Retention of personal information
    4. Your privacy rights
    5. Cross-border data transfer
    6. EU-US and Swiss Privacy Shield
  8. Notice to California Consumers
    1. Personal information we collect, use, share, and sell
    2. California consumers’ privacy rights and exercise thereof
  9. How We Protect Personal Information
  10. Links to Websites and Third-Party Content
  11. Children’s Privacy
  12. Changes to this Privacy Notice
  13. How to Contact Us

Personal Information We Collect

1. Whose personal information do we collect?

We may collect personal information about individuals who interact with Scaled Agile, including: visitors to our websites; users of our mobile applications; course attendees; training partners; SAFe Community members and customers; individuals who use our products and services through an enterprise customer if the user has established a direct relationship with us and; individuals who take our courses via our training partners; and beta testers of new products and features.

2. How do we collect personal information?

  • Directly from individuals;
  • Through our websites and mobile applications, including through automatic-data collection technologies such as cookies and pixels;
  • Through your use of our products and services;
  • From an enterprise customer if you have established a direct relationship with us; and
  • From our training partners

3. What types of personal information do we collect?

  • Contact Data, such as personal and business contact information (such as name, job title and employer name, email address, mailing address, and phone number);
  • Payment Data, such as credit card numbers;
  • Profile Data, such as username and password that an individual may select in connection with establishing an account with us;
  • Certification Data, such as information about individuals’ participation in our courses, exams, and certifications, such as information about the courses and exams an individual has taken, and certifications an individual has obtained;
  • Marketing Data, such as your marketing preferences;
  • Attendance Data, such as information about individuals’ participation in webinars, meetups, Summits, and other events we sponsor;
  • User-Generated Data, such as content that individuals may choose to submit via features of our websites, such as blogs, forums, voting functionalities or tools;
  • Device Data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area;
  • Online Activity Data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the website, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them;
  • Other information you provide to us (such as in emails, on phone calls, or in other correspondence with us).

How We Use Personal Information

a. Service Delivery

  • Operate our business, our websites, mobile applications, and other products and services we offer;
  • Communicate about the products and services we offer, and respond to requests, inquiries, comments, and suggestions;
  • Provide support and maintenance for our products and services;
  • Comply with your directions as to use of your personal information;
  • Identify and engage thought leaders and external experts;
  • Maintain records regarding individuals’ participation in our courses, exams, and certifications, such as information about the courses and exams an individual has taken, and the certifications an individual has obtained; and
  • Tailor the content we display in our communications and on our websites and mobile applications.

b. Marketing and Advertising

  • Display and send you marketing and promotional communications; and
  • Display advertisements.

We may engage third party advertising companies and social media companies to display ads on our service and other online services. These companies may use cookies and similar technologies to collect information about your interaction (including the data described in the automatic data collection section above) over time across the service, our communications and other online services, and use that information to serve online ads that they think will interest you. This approach is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the “Online tracking opt out” below.

c. Compliance and Protection

  • Comply with law, including legal or regulatory requirements and judicial process;
  • Comply with our company policies;
  • Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • Audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • Enforce the terms and conditions that govern the Service; and
  • Protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites or mobile application), and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide.

d. Research and Development

  • Evaluate and improve our business, our websites, mobile applications, and other products and services we offer (including to research and develop new products and services);
  • Administer surveys and other market research; and
  • Analyze and enhance our communications and strategies (including by identifying when emails were sent to you and how you interact with them).

e. Service Delivery

We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose and otherwise process such aggregated and/or de-identified information for our own legitimate business purposes – including historical and statistical analysis and business planning – without restriction.

How We Retain Personal Information

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

How We Disclose Personal Information

We disclose personal information for the purposes described in this Privacy Notice.

We may disclose personal information to:

  • Scaled Agile corporate parents, subsidiaries and other corporate affiliates;
  • Service providers that perform services on our behalf, including:
    • Customer service and support providers;
    • Technology providers (including technology support, email and web hosting providers, marketing and advertising technology providers, and email and text communications providers); and
    • Payment, shipping and fulfillment service providers
  • The relevant enterprise customer if you are using our products and services through an enterprise customer;
  • Advertising partners, for the interest-based advertising purposes described above
  • Scaled Agile training partners, such as when you purchase a course with the partner or otherwise direct us to do so;
  • Third parties designated by you such as when we may share your personal data with third parties where you have instructed us or provided your consent to do so. We will share personal information that is needed for these other companies to provide the services that you have requested;
  • The party that pays for an individual’s course, certification, or membership, regarding the items for which that party paid;
  • Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
  • Other users (such as digital badges when you have earned a SAFe® certification)

Our websites and mobile applications may also offer features or functionality (such as blogs, forums and tools) that enable individuals to post material publicly. The name or username that the individual provided will typically accompany the public post. We do not control how other users or third parties use any personal information that you make available to other users or the public. We make commercially reasonable efforts to verify that the parties with whom our mobile application shares personal information provide a level of protection of personal information consistent with the practices described in this Privacy Notice, except that all such parties described above other than service providers and affiliates may, to the extent permitted by law, use personal information as described in their own privacy policies.    

When individuals submit testimonials and comments to us, we may publish this content on our websites. With an individual’s consent, we may post the individual’s name and other information s/he permits alongside the testimonial or comment.

We reserve the right to disclose or transfer the information we maintain to a business transferee in the context of actual or prospective business transactions (or contemplation of such a transaction) such as through a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, bankruptcy or dissolution.

In addition, we may share your information to with law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and Protection purposes described above.

Cookies and Other Information We Collect by Automated Means

Please see our Cookie Policy for more information on our use of cookies and your choices regarding cookies. We, our service providers, and business partners may collect Automated Information about your online activities over time and across our own and third-party websites when you engage with our websites. In jurisdictions where Automated Information is considered personal information, or if we associate Automated Information with personal information, we will treat Automated Information as personal information in accordance with this Privacy Notice.

Information we may collect by automated means includes Device Data and Online Activity Data, as defined above.

Web browsers may offer users of our websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly. The “help” menu on most internet browsers contains information on how to disable cookies, or you can visit www.aboutcookies.org/how-to-control-cookies/.

We do not currently respond to “do not track” signals. To learn more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Your Privacy Choices

The following choices are available to all users. Users who are located in Europe (including the European Economic Area (“EEA”), Switzerland and United Kingdom) or California can find additional information about their rights in the Notice to Individuals in Europe and Notice to California Consumers sections below.

a. Access or update your information. If you have an account with us, you may review and update certain personal information in your account profile by logging into the account.

b. Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at support@scaledagile.com. You may continue to receive transactional, service-related emails including but not limited to information about courses or exams for which you have registered, your certification, and changes in legal terms.

c. Cookies and browser web storage. We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity on our websites and third-party websites over time. For more details on how to configure cookies, see our Cookie Policy.

d. Online tracking opt out. Like many companies online, we may use services provided by Google and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:

  • Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit allaboutcookies.org.
  • Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
  • Using privacy plug-ins or browsers. You may be able to block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
  • Platform opt-outs. The following advertising partners may offer opt-out features that let you opt-out of use of your information for interest-based advertising:
  • Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.

e. Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide a service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the service by designating it as required at the time of collection or through other appropriate means.

Notice to Individuals in the European Economic Area (EEA) and United Kingdom

The information provided in this section applies only to individuals in the EEA, Switzerland and United Kingdom.

Personal information. References to “personal information” in this Privacy Notice are equivalent to “personal data” under the “GDPR” (i.e., the General Data Protection Regulation 2016/679 (“EU GDPR”) and the EU GDPR as it forms part of the laws of the United Kingdom (“UK GDPR”)).

Controller and Data Protection Officer. Scaled Agile, Inc. is the controller of your personal information covered by this Privacy Notice for purposes of the GDPR. We have appointed a Data Protection Officer, whose contact information is: dpo@scaledagile.com.

Our Representative in the EEA. Our EEA representative appointed under the EU GDPR is DataRep. You can contact them by sending mail to: DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland or email to contact@datarep.com.

Our Representative in the UK. Our UK representative appointed under the UK GDPR is DataRep. You can contact them by sending mail to: DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom or email to contact@datarep.com.

a. Legal bases for processing personal information. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Notice are as follows:

  • Where we need to perform a contract, we are about to enter into or have entered into with you (“Contractual Necessity”).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each purpose we use your personal information for is set out in the table below.
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
  • Where we have your specific consent to carry out the processing for the purpose in question (“Consent”).

We have set out below, in a table format, the legal bases we rely on respect of the relevant purposes for which we use your personal information.

Processing purposePersonal informationLegak basis
Marketing and Advertising• Contact Data

• Marketing Data

• Online Activity Data
Legitimate Interests
We have a legitimate interest in promoting our business
 
Consent, in circumstances or jurisdictions where consent is required under applicable privacy laws to the sending of any given marketing communications and/or the placement of cookies for advertising purposes
Compliance and ProtectionAny and all data types in the circumstancesCompliance with Law
 
Legitimate Interests
Where Compliance with Law is not applicable, we have a legitimate interest in participating, supporting, and following legal processes and requests, including through co-operation with authorities. We may also have a legitimate interest in ensuring the protection, maintenance, and enforcement of our rights, property and/or safety
Research and Development• Certification Data

• Attendance Data

• User-Generated Data

• Device Data

• Online Activity Data
Legitimate Interests
We have a legitimate interest in providing you with a good service and in performing research and development activities to improve our service
Aggregation, De-identification and/or AnonymizationAny and all data types in the circumstancesLegitimate Interests
We have a legitimate interest in protecting our users’ privacy by aggregating, de-identifying and/or anonymizing their personal information

b. Use for new purposes. We may use your personal information for reasons not described in this Privacy Notice where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

c. No sensitive personal information. We do not request, and we ask that you not provide us with, any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through any service we provide, or otherwise to us. If you provide us with any sensitive personal information to us when you use our service, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Notice. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our service.

d. Your privacy rights. European data protection laws give you certain rights regarding your personal information. If you are located within the EEA, Switzerland or United Kingdom, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to support@scaledagile.com or our postal address provided below in How to Contact Us. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact support@scaledagile.com or submit a complaint to the data protection regulator in your jurisdiction. If you are in the EEA, you can find details of your regulator here. If you are in the UK, you can find details of your regulator here.

e. Cross-border data transfer. We are headquartered in the U.S. and may use service providers that operate in other countries. This means that your personal information will necessarily be accessed and processed in the U.S. It may also be provided to recipients in other countries outside Europe. If we receive your personal information from Europe, we will either rely on the EU-U.S. Data Privacy Framework (see “EU-US Data Privacy Framework; UK Extension and Swiss-US Data Privacy Framework”) or the ‘standard contractual clauses’ designed to ensure that your personal information is appropriately safeguarded. In limited circumstances, we may rely on an exception, or ‘derogation’, which permits us to transfer your personal information to such country despite the absence of appropriate safeguards – for example, reliance on your explicit consent to that transfer.

f. EU-US Data Privacy Framework; UK Extension and Swiss-US Data Privacy Framework. Scaled Agile complies with (i) the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), (ii) the UK Extension to the EU-U.S. DPF (“UK Extension”),  and (iii) the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “Data Privacy Framework”)* as set forth by the U.S. Department of Commerce. Scaled Agile has certified to the U.S. Department of Commerce that Scaled Agile adheres to:

  • (i) the EU-U.S. DPF Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the EU in reliance on the EU-U.S. DPF;
  • (ii) EU-U.S. DPF Principles with regard to the processing of personal data received from the UK in reliance on the UK Extension (with references in the EU-U.S. DPF to the European Union and/or European Commission, EU DPAs, and EU individuals being understood as referring respectively to the United Kingdom and/or the UK Government, the UK’s Information Commissioner’s Office and/or, as applicable, the Gibraltar Regulatory Authority); and
  • (iii) the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (collectively, the “DPF Principles”).

If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles shall govern.

As described in the DPF Principles, Scaled Agile is accountable for personal data that it receives under the Data Privacy Framework and subsequently transfers to third parties. If third parties to whom Scaled Agile has disclosed personal data process it in a manner that does not comply with the DPF Principles, Scaled Agile will be accountable, unless Scaled Agile proves that Scaled Agile is not responsible for the event giving rise to the damage. The types of third parties with which Scaled Agile may share your personal data and for which purposes are set out in the section of this Privacy Notice entitled “How We Disclose Personal Information”.

The categories of personal data Scaled Agile may receive, as well as the purposes for which Scaled Agile collects and uses the personal data, are set out in other sections of this Policy, including in those entitled “Personal Information We Collect” and “How We Use Personal Information”.

With respect to personal data received or transferred pursuant to the Data Privacy Framework, the U.S. Federal Trade Commission has jurisdiction over Scaled Agile’s compliance with the Data Privacy Framework.

In certain situations, Scaled Agile may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Depending upon the context in which Scaled Agile processes personal data received in reliance upon the Data Privacy Framework, relevant individuals may have rights to access personal data about them, and choices to limit the use and disclosure of their personal data. Please submit a written request to exercise your rights or choices to the contact information provided in this Privacy Notice (see the section entitled “How To Contact Us”). We may request specific information from you to confirm your identity.

In compliance with the Data Privacy Framework, Scaled Agile commits to resolve DPF Principles-related complaints about our collection or use of your personal data. EEA, UK and Swiss users with inquiries or complaints regarding our handling of personal data received in reliance on the Data Privacy Framework should first contact us by using the contact information provided in this Privacy Notice (see the section entitled “How To Contact Us”).

In compliance with the Data Privacy Framework, Scaled Agile commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities, the UK Information Commissioner’s Office and the Gibraltar Regulatory Authority, and the Swiss Federal Data Protection and Information Commissioner, with regard to unresolved complaints concerning our handling of personal data received in reliance on the Data Privacy Framework.

Additionally, under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. For more information on this option, please see the Data Privacy Framework website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

We may amend this Privacy Notice on the Data Privacy Framework from time to time consistent with Data Privacy Framework requirements. To learn more about the Data Privacy Framework, and to view our certification, please visit https://www.dataprivacyframework.gov/. 

*We will not rely on the Swiss-U.S. Data Privacy Framework or the UK Extension to the EU-U.S. Data Privacy Framework until they enter into force, but we adhere to their required commitments in anticipation of their doing so.

Notice to California Consumers

This section applies only to California residents and describes how we collect, use, and share Personal Information of California residents and the rights these users may have with respect to their Personal Information. Please note that we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it.

For purposes of this section, “Personal information” and “Sensitive Personal Information” have the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but do not include information the CCPA exempts from its scope.

In some cases, we may provide a different privacy notice to California residents, such as job applicants, in which case that notice will apply instead of this section.

a. Personal Information we collect, use, share, and sell

The below summary describes our practices currently and during the 12 months preceding the effective date of this Privacy Notice by reference below to the categories of Personal Information specified in the CCPA (Cal. Civ. Code §1798.140). Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below.

Categories of personal information we collectSources from which we collect personal InformationBusiness purposes for which we collect and use personal informationCategories of third parties with whom we share personal information for business purposesCategories of third parties with whom we “share” or “sell”
Identifiers (such as name, email address, company name, job title, username and password, and similar identifiers)• You

• Training partners
• Service Delivery

• Research & Development

• Marketing & Advertising

• Compliance & Protection
Service-related third partiesN/A
Financial Data (credit card number and billing information if purchasing online)• You• Service Delivery

• Compliance & Protection
Service-related third parties

Note: This information is not stored once processed
N/A
Commercial information and Customer Records (including Information about your participation in our courses, exams, and certifications, webinars, meetups, industry events we sponsor, and products or services purchased, obtained, or considered by you)• You

• Training partners
• Service Delivery

• Research & Development

• Marketing & Advertising

• Compliance & Protection
• Service-related third parties

• A party that pays for individual’s course, certification, or membership

• Other users (such as digital badges when you have earned a SAFe® certification
N/A
Internet or other electronic network activity information (such as visitors who interact with our websites, mobile application and emails)• You

• Service providers
• Service Delivery

• Research & development

• Marketing & Advertising

• Compliance & Protection
Service-related third partiesAdvertising partners
User-generated content and other details you choose to provide to us (such as through public features of our websites and mobile application including blogs, forums or tools, or via correspondence with us)• You• Service Delivery

• Research & Development

• Marketing & Advertising

• Compliance & Protection
Service-related third partiesN/A

We also describe the sources from which we collect this information in the section above entitled Personal Information We Collect; and the business and commercial purposes for which we collect this information in the section above entitled How We Use Personal Information.

Please note that we may also disclose personal information to (a) comply with federal, state, or local laws; (b) comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (c) cooperate with law enforcement agencies concerning conduct or activity that we believe may violate federal, state, or local law, (d) when we sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction), or (e) to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us. These disclosures are not “sales” under the CCPA.

b. California residents’ privacy rights and how to exercise them

The CCPA grants California residents’ the below rights. However, these rights are not absolute and the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. Therefore, we may decline your request in certain cases as permitted by law. If we deny your request, we will communicate our decision to you.

  • Information. You can request the following information about how we have collected, used and shared your Personal Information during the past 12 months:
    • The categories of Personal Information that we have collected.
    • The categories of sources from which we collected Personal Information.
    • The business or commercial purpose for collecting and/or selling Personal Information.
    • The categories of third parties with which we share Personal Information.
    • The categories of Personal Information that we sold or disclosed for a business purpose.
    • The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.

We have made this information available to California consumers without having to request it by including it in this notice, in the above chart.

Access. You can request a copy of the Personal Information that we maintain about you.

Correct. You can ask us to update or correct inaccuracies in your Personal Information.

Deletion. You can ask us to delete the Personal Information that we have collected or maintain about you.

Opt-out of the “sale” or “sharing” of your personal information. We do not sell Personal Information in the traditional sense. However, as we explain in this Privacy Notice, we use cookies and other tracking tools to analyze website traffic and facilitate advertising. The CCPA may classify our use of some of these services as ”selling” or “sharing” your Personal information with the advertising partners that provide the services. You can request to opt-out out of this “sale” or “sharing” of your Personal information here or by broadcasting the global privacy control signal.

California residents have the right not to be retaliated against or to receive discriminatory treatment by us for the exercise of these privacy rights conferred by the CCPA.

How to Submit a Request. To request information, access to, correction of, or deletion of your Personal Information:

We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. You must provide us enough information to identify you, a description of what right you want to exercise and the information to which your request relates. Please note that we are not required to provide Personal Information to you more than twice in a 12-month period.

Identify verification. The CCPA requires us to verify the identity of the individual submitting the request before providing a substantive response to the request. We will verify identity by matching the information you provide to that we already maintain and/or via request for further information if warranted to fulfill the request. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law. 

Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. However, we may need to verify your authorized agent’s identity and authority to act on your behalf.  We may require the authorized agent to have a written authorization confirming that authority pursuant to California Probate Code Sections 4000-4465.  If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with confirmation that you have given the authorized agent permission to submit the request.

No Sensitive personal information. We do not use or disclose Sensitive Personal Information for purposes that California residents have a right to limit under the CCPA.

How We Protect Personal Information

Scaled Agile maintains industry standard administrative, technical and physical safeguards designed to protect the Personal Information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, we cannot guarantee that the measures we maintain will ensure the security of the Personal Information.

Links to Websites and Third-Party Content

For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by Scaled Agile. The websites and third-party content to which we link may have separate privacy notices or policies. Scaled Agile is not responsible for the privacy practices of any entity that it does not own or control.

Children’s Privacy

Our websites and mobile application are not intended for individuals under 16 years of age. We do not knowingly collect Personal Information from children under age 16. If we learn that we have collected Personal Information from an individual under the age of 16, we will delete that information subject to our obligations under applicable laws.

Changes to This Privacy Notice

Scaled Agile reserves the right to change this Privacy Notice at any time. When we update this Privacy Notice, we will notify you of changes that are deemed material under applicable legal requirements by updating the date of this Privacy Notice and providing other notification as required by applicable law. We may also notify you of changes to the Privacy Notice in other ways, such as via email or other contact information you have provided. Any modifications to this Privacy Notice will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the website or our products and services after the effective date of any modified Privacy Notice indicates your acknowledging that the modified Privacy Notice applies to your interactions with the website, our products and services, and our business.

How to Contact Us

Please direct questions, concerns, or complaints about our Privacy Notice or our data collection or processing practices to:

Scaled Agile, Inc.
Attn: Data Privacy Officer
5400 Airport Road, Suite 300
Boulder CO 80301

Or via this link: https://www.scaledagile.com/contact-us/

If you are a resident within the EEA, Switzerland or the United Kingdom, you also have the right to file a complaint with the supervisory authority of your member state.