Privacy Policy

Effective December 1, 2021

This Privacy Policy covers EventGeek, Inc.’s dba Circa’s (“Circa”) policies on the collection, use, and disclosure of Personal Data/Personally Identifiable Information/Personal Information (as defined by applicable law and hereinafter collectively referred to as “Personal Data”) when visitors and Subscribers (collectively “Users”) access the services available at  www.circa.co (“Site”) and mobile applications (collectively the “Platform”) and related software services (collectively the “Services”).

‍EventGeek, Inc. dba Circa is Delaware corporation with offices in the United States. Circa collects Personal Data from its users around the world and processes, transfers and stores data within the United States.‍

‍What Information Is Collected by Circa And How Is It Used?

‍‍Account Creation Information:  When creating an account, Subscribers must register either by providing an email and a password, or by registering through their existing Google Account.  Circa will send an email to the designated email address to verify a Subscriber’s account before finalizing registration. The collection of this information is necessary to fulfill our contractual obligations and to provide the Services to you.  Your email may also be utilized to (i) provide information regarding our Services; and/or (ii) to communicate material changes to our Terms of Service and Privacy Policy.  When registering with a Google Account, Subscribers can review and manage their privacy settings using Google’s Privacy Checkup tool.

‍Email Addresses & Contact Information:  Users may optionally provide their email address and/or other contact information to Circa to contact us through the Platform with questions about our Platform and Services.  Users may also optionally subscribe to our newsletters and may unsubscribe at any time through the opt-out link contained within those communications.

‍Cookies:  Circa utilizes cookie technology to gather information on Internet use in order to serve its Users more effectively. As described in Section 2, Circa also utilizes third party analytics services which may also use tracking cookies to provide information about the use of our Platform. Users can set your browser to remove or reject cookies and/or accept or refuse cookies on the cookie consent banner on the site itself; however, some Platform features or Services may not work properly without cookies.‍

‍Is Information Collected By Or Disclosed To Third Parties?

‍‍Personal Data is shared with third parties as follows:
‍
Account Registration:  Subscribers may optionally register their account through Google. If you register an account using your Google login credentials, it will enable Google to collect a Subscriber’s Personal Data in accordance with the policies and practices disclosed in the Google Privacy Policy.  Subscribers should click on the hyperlink to review the applicable privacy policies for more detail about information collected from Google. You have the ability to modify your privacy settings through your Google account.

‍Integrated API’s:
‍
Geolocation Data: Circa has integrated the Google API to incorporate Google Maps and to utilize geolocation in connection with the Services. For more information on the privacy policy of this service, please see: Google's Privacy Policy.  Subscribers can review and manage their key privacy settings using Google’s Privacy Checkup tool.

‍Automated Messaging: Circa utilizes Customer.io to create and send automated, customized email messages to its customers, leads and users pertaining to events and the Circa services.   For more information on its privacy policy, please see: Customer.io Privacy Policy.

Web Hosting Services: Personal Data is stored on cloud servers maintained by Heroku. For more information on its privacy policy, please see Heroku.‍

Third Party Calendar Integration: Subscribers can opt to integrate their event and task dates with third party calendars, including, Google, Outlook & iCal.  Subscribers should review the privacy policy of those third party sites for more information on their data collection and use practices.

Anonymous Data - Analytics: Circa uses third party analytics services to learn how Users use the Platform and Services so that we can review and improve our Services:

Google Analytics: Google Analytics is a web analytics tool collects information anonymously. It provides a report to Circa with website trends without identifying individual visitors.  For more information on its privacy policy, please see : Privacy Policy. However, if you do not want your Personal Data to be used by Google Analytics, you may opt-out by installing Google Analytics Opt-out Browser Add-on.

‍Segment.com: Segment.com collects information regarding Circa’s Subscribers’ use of the Platform and Services, as well as third-party applications and services available in connection with the Platform and Services (“Subscriber User Data”).  Subscriber User Data may include, without limitation, information about the identity of Subscribers (such as name, postal address, e-mail address, IP address and phone number), as well as information about the pages that users visit and the features that they use, and the actions that they take while using the Platform. For more information on the privacy policy of this service, please see:  Segment Privacy Policy

‍Amplitude:  Amplitude collects user data and information regarding the behavior and usage patterns of users of the Platform. Data collected by Amplitude Inc. in the United States is transferred to servers of Amplitude Inc. in the United States. For more information on the privacy policy of this service, please see: Amplitude Data Security and Privacy Policy

Third Party Advertising/Re-Targeting Services: When accessing the Platform, third party advertising services may place a cookie on your browser, which may be used to target relevant advertisements to you when you visit third party websites.  Users may opt-out from receiving targeted advertisements by visiting the (1) Network Advertising Consumer Opt-Out page, (2) Digital Advertising Alliance Opt-Out page, and/or (3) the opt-out provisions pertaining to the applicable advertising services/retargeting provider.

‍Payment Processing Information: Circa does not itself store debit or credit card information on its servers.  Circa utilizes a third party payment processor, Stripe, to manage and process payments in order to guarantee the security of Subscriber’s Personal Data.  For more information on its privacy policy, please see Stripe's Privacy Policy.

‍Other Potential Third Party Disclosures: Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if Circa is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law.

‍How Does Circa Comply With The Children’s Online Privacy Protection Act and GDPR Regulations Relating to Children?

‍Only persons age 18 or older are authorized to create an Circa account.  We do not knowingly collect Personal Data from anyone under the age of 18.  If a parent or guardian becomes aware that his or her child (a) under the age of 16 in applicable EU Member Countries, or (b) under the age of 13 in the U.S. and applicable EU Member Countries,  has provided us with Personal Data without their consent, he or she should contact Circa at privacy@circa.co. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating the child’s country of residence.

‍How Long Does Circa Retain Personal Data Collected?
‍We will retain account and purchase data as long as it is necessary to provide our Services to our Subscribers.  When a Subscriber’s account is terminated or expires,  Personal Data collected through the Platform will be deleted in accordance with the requirements of applicable law.  Personal Data obtained from Site visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a Visitor exercises its right to opts-out of requested communications or information-based services.  Anonymized and Pseudo-anonymized data will be retained as long as Circa determines such data is commercially necessary for it legitimate business interests.

‍EU General Data Protection Regulation (“GDPR”) Notices
‍
Data Processor.   Circa is the processor of all Subscriber Data (as defined in the applicable Terms of Service), including Personal Data input by Subscriber, and its authorized users, in connection with Subscriber’s use of the Circa Services.

‍Data Controller.  The Personal Data input by (a) visitors  in general, and  (b) Subscriber for purposes of establishing a commercial account with Circa, is controlled by Circa, 102 W San Francisco St, STE 5, Santa Fe, New Mexico 87501. You may contact us at any time by emailing us at privacy@circa.co.

We will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you), and “legitimate interests.” Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.  If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at privacy@circa.co.

‍Data Processing Addendum. Circa has executed Data Processing Addendums with those subprocessors that process end-user Personal Data to ensure compliance with Circa’s obligations under applicable data protection laws and regulations. Each of those subprocessors are EU-US Privacy Shield and the Swiss-U.S. Privacy Shield  certified as of the Effective Date of this Privacy Policy.

Users within the EU may email Circa at privacy@circa.co in order to exercise their GDPR rights to:

- Access, review, restrict processing of, or otherwise request erasure of your Personal Data;

- Obtain the identity of the source of any Personal Data collected;

- Request correction of any errors contained within your Personal Data;

- Request transfer your Personal Data to another service provider;

- Object to the manner in which your Personal Data is processed; or

- Lodge a complaint with a supervisory authority.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.  If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested.

Where this is the case, we will inform you of specific details in response to your request. Where we rely on your consent to collect Personal Data, you may withdraw your consent either through the opt-out links provided in this Privacy Policy or through the contact information contained within this Section.

For all GDPR-based requests made pursuant to this section, Circa will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law.

‍Privacy Shield Notice For Users In The European Union

‍
‍In addition to transfer pursuant to Data Processing Agreements with Subscribers, Circa complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (and Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield.  

‍Certification. Circa has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/‍

‍Accountability for Onward Transfer.  Circa requires that its integrated service providers that have access to personal information from EU consumers have either self-certified to the Privacy Shield Principles, are subject to the EU Privacy Directive, or enter into a written agreement with us that requires them to provide at least the same level of privacy protection as is required by the relevant Privacy Shield Principles. Circa is potentially liable if such third party service providers process your personal information in a manner that is inconsistent with the Privacy Shield Principles.In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

‍Access and Choice. Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States.  Upon request, we will provide you with access to the personal information that we hold about you.  You may also correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@circa.co.  If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to privacy@circa.co.

‍Complaints.  In compliance with the EU-US Privacy Shield Principles, Circa. commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Privacy Shield policy should first contact Circa at privacy@circa.co  or by mail to: Circa 102 W San Francisco St, STE 5, Santa Fe, New Mexico 87501

‍‍No Cost Dispute Resolution. Circa has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.

‍FTC Jurisdiction. The Federal Trade Commission has jurisdiction over Circa’s compliance with this Privacy Policy and the EU-US Privacy Shield Framework.

‍Privacy Shield Panel – Binding Arbitration. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Your California Privacy Rights.
‍
California Consumer’s Request to Disclose, Right to Delete, Right to Opt-Out of Sale Rights:  For Information on your California Consumer Rights, please see: California Consumer Privacy Rights Notice (“Notice”)

‍A verifiable Consumer Request may be submitted to Circa effective January 1, 2020 by emailing Circa at privacy@circa.co or through the account or as otherwise designated in the Notice.

Circa will verify all requests with the Consumer email address on file with the email address submitted in the applicable request form.  Consumers may designate an authorized agent to make a request on the Consumer’s behalf at privacy@circa.co or as otherwise designated in the Notice.

California residents have the right to request that Circa disclose the categories and/or specific pieces of personal information collected and sold and the right to direct us not to sell their “personal information” (“Right to Opt-Out”).

Requests to Opt-Out of the Sale of Personal Information can be made by emailing privacy@circa.co with the subject line “Do Not Sell My Personal Information”.

‍What Is Circa’s Security Policy?

‍We have implemented reasonable administrative, technical and physical security measures in accordance with the Circa's Enterprise Security Policy to protect your personal information against unauthorized access, destruction or alteration. However, although we endeavor to provide reasonable security for information we process and maintain, no security system can ever be 100% secure.  

In addition, Circa utilizes a PCI-DSS compliant third party payment processor to ensure the security of Subscriber’s Personal Data. Subscribers should review Stripe’s Security Policy for more information on their security practices.

‍How Does The Platform Respond To “Do Not Track” Signals?

‍“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-website user tracking.

Circa shall treat any user-enabled global privacy controls, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal the consumer’s choice to opt-out of the sale of their Personal Information as a valid request submitted pursuant to the CCPA for that browser or device, or, if known, for the consumer.

‍How Will I Be Notified Of Changes To Your Privacy Policy?

‍If we make material changes to our Privacy Policy, we will notify you by (1) changing the Effective Date at the top of the Privacy Policy, (ii) sending an email to all active account holders, and (iii)  add a banner/notification to the Platform itself.  Express consent will be obtained when required for any material changes in Circa’s collection and use practices.

‍Contact Us

‍If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: Circa, Attention: Privacy Department, 102 W San Francisco St, Santa Fe, New Mexico 87501or at privacy@circa.co.

Last updated October 1, 2023