Scaled Agile, Inc. (“Scaled Agile,” “us,” “we,” our”) has created this Privacy Notice and Policy (“Privacy Notice”) to explain our privacy practices with respect to how we collect, use, disclose and otherwise process personal information in connection with operating our business, as well as the rights and choices available to individuals regarding such personal information. Please note, this Privacy Notice does not apply to our processing of employee or contractor data.

Please contact Scaled Agile, Inc. via this link https://sai2.wpengine.com/contact-us/ if you have questions about this Privacy Notice.

---

Overview

---

Table of Contents:

1. Personal Information We Collect
   1. Whose personal information do we collect?
   2. How we collect personal information?
   3. What types of personal information do we collect?
2. How We Use Personal Information
3. How We Disclose Personal Information
4. Cookies and Other Information We Collect by Automated Means
5. Your Privacy Choices
   1. Access or update your information
   2. Opt out of marketing communications
   3. Cookies and browser web storage
   4. Targeted online advertising
   5. Choosing not to share your personal information
6. Notice to Individuals in the European Economic Area (EEA) and United Kingdom
   1. Legal bases for processing personal information
   2. No sensitive personal information
   3. Retention of personal information
   4. Your privacy rights
   5. Cross-border data transfer
   6. EU-US and Swiss Privacy Shield
7. Notice to California Consumers
   1. Personal information we collect, use, and share
   2. California consumers’ privacy rights and exercise thereof
8. Data Retention
9. How We Protect Personal Information
10. Links to Websites and Third Party Content
11. Children’s Privacy
12. Changes to this Privacy Notice
13. How to Contact Us
14. Online Tracking Opt-out Guide

Personal Information We Collect

Whose personal information do we collect?
We may collect personal information about individuals who interact with Scaled Agile, including visitors to our websites and users of our mobile application, course attendees, training partners, SAFe Community members, and customers; and about individuals who take our courses via our training partners.

How do we collect personal information?

We may collect personal information:

Directly from individuals

Through our websites and mobile application

From our training partners

From your employer if it is an enterprise customer

What types of personal information do we collect?

Personal and business contact information (such as name, job title and employer name, email address, mailing address, and phone number)

Payment information (such as credit card number; please note this information is processed but not stored)

Username and password that an individual may select in connection with establishing an account with us

Information about individuals’ participation in our courses, exams, and certifications, such as information about the courses and exams an individual has taken, and certifications an individual has obtained

Information about individuals’ participation in webinars, meetups, Summits, and other events we sponsor

Content that individuals may choose to submit via public features of our websites, such as blogs, forums or tools

Other information you provide to us (such as in emails, on phone calls, or in other correspondence with us)

How We Use Personal Information
We may use personal information to:

Communicate about the products and services we offer, and respond to requests, inquiries, comments, and suggestions

Analyze and enhance our communications and strategies (including by identifying when emails were sent to you and how you interact with them)

Operate, evaluate and improve our business, our websites, mobile application, and other products and services we offer (including to research and develop new products and services)

Maintain records regarding individuals’ participation in our courses, exams, and certifications, such as information about the courses and exams an individual has taken, and the certifications an individual has obtained

Tailor the content we display in our communications and on our websites and mobile application

Administer surveys and other market research

Identify and engage thought leaders and external experts

Comply with law, including legal or regulatory requirements and judicial process

Comply with our company policies

Protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites or mobile application), and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide

We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose and otherwise process such aggregated and/or de-identified information for our own legitimate business purposes – including historical and statistical analysis and business planning – without restriction.

How We Disclose Personal Information
We disclose personal information for the purposes described in this Privacy Notice or a specific “in-time” privacy notice that we may provide at the time we collect the information.We may disclose personal information to:

Scaled Agile corporate parents and subsidiaries

Service providers that perform services on our behalf, including:

Customer service and support providers

Technology providers (including technology support, email and web hosting providers, marketing and advertising technology providers, and email and text communications providers)

Payment, shipping and fulfillment service providers

Scaled Agile training partners, such as when you purchase a course with the partner or otherwise direct us to do so

The party (such as an individual’s employer) that pays for an individual’s course, certification, or membership, regarding the items for which that party paid

 Our websites and mobile application may also offer features or functionality (such as blogs, forums and tools) that enable individuals to post material publicly. The name or username that the individual provided will typically accompany the public post.

When individuals submit testimonials and comments to us, we may publish this content on our websites. With an individual’s consent, we may post the individual’s name and other information s/he permits alongside the testimonial or comment.Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will – where required by applicable law – make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Notice. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your personal information.In addition, we may share your information to comply with lawful requests from public authorities concerning legal and regulatory requirements, including national security and law enforcement requirements, and to protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites or mobile application) and claims and other liabilities.

Cookies and Other Information We Collect by Automated Means
We, our service providers, and our business partners, may collect certain information about the use of our websites and mobile application and interaction with our emails by automated means, such as via cookies, web beacons (also known as 1×1 pixels) and other technologies (“Automated Information”). Please see our Cookie Policy for more information on our use of cookies and your choices regarding cookies. We, our service providers, and business partners may collect Automated Information about your online activities over time and across our own and third-party websites when you engage with our websites. In jurisdictions where Automated Information is considered Personal Information, or if we associate Automated Information with personal information, we will treat Automated Information as personal information in accordance with this Privacy Notice.Information we may collect by automated means includes:

Details about the devices that are used to access our websites and mobile application (such as the IP address, and type of operating system and web browser)

Dates and times of visits to, and use of, our websites and mobile application

Information about how our websites and mobile application are used (such as the content that is viewed on our websites and how users navigate on or between our webpages and screens within our mobile application)

Information about how individuals interact with our emails, e.g., whether and for how long the email was opened

URLs that refer visitors to our websites

Search terms used to reach our websites

Web browsers may offer users of our websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly. The “help” menu on most internet browsers contains information on how to disable cookies, or you can visit www.aboutcookies.org/how-to-control-cookies/.We do not currently respond to “do not track” signals or other mechanisms that might enable users to opt out of tracking on our site. To learn more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Your Privacy Choices
The following rights and choices are available to all users. Users who are located within the European Union can find additional information about their rights in the Notice to Individuals in the European Economic Area (EEA) and United Kingdom.

Access or update your information. If you have an account with us, you may review and update certain personal information in your account profile by logging into the account.

Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at support@scaledagile.com. You may continue to receive transactional, service-related emails including but not limited to information about courses or exams for which you have registered, your certification, and changes in legal terms.

Cookies and browser web storage. We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity on our websites and third party websites over time. For more details on how to configure cookies, see our Cookie Policy.

Targeted online advertising. Some advertising service providers and business partners that collect information about users’ activities on or through our websites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising.
Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative’s opt-out page and the Digital Advertising Alliance’s opt-out page. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance’s opt-out page, selecting the user’s country, and then clicking “Choices” (or similarly titled link). If you are accessing our websites from Canada, please visit the DAA Canada’s opt-out page.

Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide a service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the service by designating it as required at the time of collection or through other appropriate means.

Notice to Individuals in the European Economic Area (EEA) and United Kingdom
The information provided in this section applies only to individuals in the EEA and United Kingdom.
Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
Controller and Data Protection Officer. Scaled Agile, Inc. is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation. We have appointed a Data Protection Officer, whose contact information is:  dpo@scaledagile.com.

Legal bases for processing personal information. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy appear in the table below.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

No sensitive personal information. We do not request, and we ask that you not provide us with, any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through any service we provide, or otherwise to us. If you provide us with any sensitive personal information to us when you use our service, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our service.

Retention of personal information. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Your privacy rights
European data protection laws give you certain rights regarding your personal information. If you are located within the European Economic Area and United Kingdom, you may ask us to take the following actions in relation to your personal information that we hold:

Access. Provide you with information about our processing of your personal information and give you access to your personal information.

Correct. Update or correct inaccuracies in your personal information.

Delete. Delete your personal information.

Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.

Restrict. Restrict the processing of your personal information.

Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to support@scaledagile.com or our postal address provided in How to Contact Us. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact support@scaledagile.com or submit a complaint to the data protection regulator in your jurisdiction.

Cross-border data transfer
If we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be performed:

Pursuant to the recipient’s compliance with standard contractual clauses, EU-US Privacy Shield (or Swiss-US Privacy Shield, as applicable), or Binding Corporate Rules

Pursuant to the consent of the individual to whom the personal information pertains

As otherwise permitted by applicable European requirements

EU-US and Swiss-US Privacy Shield
Scaled Agile complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit www.privacyshield.gov.

As described in the Privacy Shield Principles, Scaled Agile is accountable for personal information that it receives and subsequently transfers to third parties acting as an agent on its behalf. If third parties that process personal information on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.

Should anyone feel that we have not complied with the Privacy Shield principles related to the handling of personal information, and we have not been able to remedy such a complaint ourselves, they may contact JAMS, to the attention of Mara E. Satterthwaite, Esq. either at msatterthwaite@jamsadr.com or at the following address:  3800 Howard Hughes Parkway, 11th Floor, Las Vegas, NV 89169.

As further explained in the Privacy Shield Principles, binding arbitration will also be made available to a complainant in order to address residual complaints not resolved by any other means. Scaled Agile is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Notice to California Consumers

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide to California consumers an explanation of how we collect, use and share their personal Information, and of the rights and choices we offer California consumers regarding our handling of the personal information.We do not sell personal information. As we explain in this privacy policy, we use cookies and other tracking tools to analyze website traffic and facilitate advertising. If you would like to opt out of our (and our third party advertising partners’) use of cookies and other tracking technologies, please review the instructions provided in the Online Tracking Opt-out Guide.

Personal Information we collect, use and share

The below summary indicates how we have collected, used and shared personal information in the preceding 12 months.

Categories of personal information we collect	Sources from which we collect personal Information	Business purposes for which we collect and use personal information	Categories of third parties with whom we share personal information for business purposes
Identifiers (contact and demographic information such as name, address, email address, company name, job title, postal address and similar identifiers)	You Training partners Our clients	Service delivery Research & development Marketing Compliance & Operations	Service-related third parties
Payment information (credit card number and billing information if purchasing online)	You	Service delivery Compliance & Operations	Service-related third parties Note:  this information is not stored once processed
Transaction history (including Information about your participation in our courses, exams, and certifications, webinars, meetups, industry events we sponsor, and products or services purchased, obtained, or considered by you)	You Training partners Our clients	Service delivery Research & development Marketing Compliance & Operations	Service-related third parties An individual’s employer that pays for that individual’s course, certification, or membership
Cookies and other information we collect by automated means (such as visitors who interact with our websites, mobile application and emails)	You Service providers	Service delivery Research & development Marketing Compliance & Operations	Advertising partners Service-related third parties
Other details you choose to provide to us (such as through public features of our websites and mobile application including blogs, forums or tools, or via correspondence with us)	You	Service delivery Research & development Marketing Compliance & Operations	Service-related third parties

We also describe the sources from which we collect this information in the section above entitled Personal Information We Collect; and the business and commercial purposes for which we collect this information in the section above entitled How We Use Personal Information.

Please note that we may also disclose personal information to (a) comply with federal, state, or local laws; (b) comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (c) cooperate with law enforcement agencies concerning conduct or activity that we believe may violate federal, state, or local law, (d) when we sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction), or (e) to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us. These disclosures are not “sales” under the CCPA.

California consumers’ privacy rights and exercise thereof
The CCPA grants California consumers the below rights. Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.

Information. You can request information about how we have collected, used and shared your Personal Information during the past 12 months. We have made this information available to California consumers without having to request it by including it in this notice, in the above chart.

Access. You can request a copy of the Personal Information that we maintain about you.

Deletion. You can ask us to delete the Personal Information that we have collected or maintain about you.

Opt-out of sale of your personal information. California consumers may opt out of the “sale” of their personal information. SAI does not “sell” your personal information as we understand that term to be defined by the California Consumer Privacy Act and its implementing regulations.

California consumers have the right not to receive discriminatory treatment by us for the exercise of these privacy rights conferred by the CCPA. However, the CCPA limits this right by allowing a business to offer a price or service difference if it is reasonably related to the value of the resident’s data.

How to Submit a Request. To request access to or deletion of your personal information:

visit https://scaledagile.com/ccpa-privacy-rights-request/

call toll-free 1 833 722 5332

Identify verification. The CCPA requires us to verify the identity of the individual submitting the request before providing a substantive response to the request. We will verify identify by matching the information your provide to that we already maintain and/or via request for further information if warranted to fulfill the request.

Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.  Data Retention
We will retain your information only for as long as necessary to fulfill the purpose(s) for which the information was collected, depending on the purpose(s) for which the information was collected, the nature of the information, any contractual relationship that may govern the retention of the data, and our legal or regulatory obligations. We will then destroy your information or anonymize the information, in accordance with applicable law.

How We Protect Personal Information Scaled Agile maintains reasonable administrative, technical and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, we cannot guarantee that the measures we maintain will ensure the security of the personal information.

Links to Websites and Third-Party Content
For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by Scaled Agile. The websites and third-party content to which we link may have separate privacy notices or policies. Scaled Agile is not responsible for the privacy practices of any entity that it does not own or control.

Children’s Privacy Our websites and mobile application are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under age 13. If we learn that we have collected personal information from an individual under the age of 13, we will delete that information.

Changes to This Privacy Notice
Scaled Agile reserves the right to change this Privacy Notice at any time. When we update this Privacy Notice, we will notify you of changes that are deemed material under applicable legal requirements by updating the date of this Privacy Notice and providing other notification as required by applicable law. We may also notify you of changes to the Privacy Notice in other ways, such as via email or other contact information you have provided.

How to Contact Us
Please direct questions, concerns, or complaints about our Privacy Notice or our data collection or processing practices to: Scaled Agile, Inc.
Attn:  Data Privacy Officer
5400 Airport Road, Suite 300
Boulder CO 80301 Or via this link:  https://sai2.wpengine.com/contact-us/ If you are a resident within the European Economic Area or the United Kingdom, you also have the right to file a complaint with the supervisory authority of your member state.

Online Tracking Opt-Out Guide
Like many companies online, we may use services provided by Google and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:

Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit allaboutcookies.org.

Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.

Platform opt-outs. The following advertising partners offer opt-out features that let you opt-out of use of your information for interest-based advertising:

Google: https://adssettings.google.com

Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:

Digital advertising Alliance: http://optout.aboutads.info

Network Advertising Initiative: http://optout.networkadvertising.org/?c=1

AppChoices: https://www.youradchoices.com/appchoices
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.