Privacy Policy

• Manage your account and the relationship we have with you as a customer or trial user.
• Direct sales, advertising and marketing activities that we can offer you.
• Sales and marketing activities of our authorized partners, including resellers, platform partners, distributors and third-party marketplaces.
• Your participation in our training or certification programs.
• Your attendance or participation in our associated events.
• To provide our services and products to you as a customer.
• Your visits to and use of our websites.

Under the European Union's General Data Protection Regulation (the "GDPR") and other similar data protection laws, we may be defined as a controller or processor of personal data. When the Company provides the Services to you, it generally acts as a "processor" of personal data, because the Company processes personal data as part of the Service and under your direction. When acting as a processor, the Company processes your personal data to the extent necessary to provide the Services to you and only on your instructions, unless it is legally required to do otherwise. The Company is also considered a "data controller processing" of your personal data if the Company determines how such data will be processed.

Appendices may be incorporated into this Policy to provide more information about the Company's role as a controller or processor with respect to certain services. The appendices are listed at the end of this Policy.

We may collect, store and use personal data in the following categories:

• Contact information such as your name, e-mail address, telephone number, position, professional data and employer's name.
• Information about our users' experiences with products, services, events, webinars and online forums and communities.
• Contact information derived from your interactions with us, such as with our customer service team.
• Contact information about potential customers gathered from our events, trade shows and partners.
• Information on the payment of purchases with the company.
• Audio and visual information, such as recordings of some calls, meetings and events.
• Additional details clients, candidates and participants in events sponsored by us, including:
• Identity documents and other personal data collected solely to authenticate the candidate's identity and for security purposes, such as photographs.
• Personal data submitted for accommodations (such as health information or language problems).
• Other personal data may be collected in connection with our Services, as described in the relevant Service-specific Appendix.

Personal data is obtained directly from you or your employer. We may also receive personal data from our partners (including resellers and distributors), third party marketplaces where our products are offered (such as the salesforce.com app exchange), data brokers, marketing companies, interactions with our website, referrals from other customers and users, publicly available sources such as company websites and LinkedIn. The company collects certain categories of personal data when you visit our website.

The company uses and shares personal data for the following purposes:

• Analyze, improve and develop the company's products and services.
• To provide our products, services, events, websites, communities, training and other commercial offerings.
• To process payments.
• To manage our relationships with customers, partners, resellers, distributors, event attendees, investors and others (which may involve sharing personal data with them).
• For marketing, advertising and other communications (including personalizing those communications for specific recipients).
• Providing a third party (e.g., an employer) with confirmation or denial of an individual's requested certification status.
• For surveys and other market research.
• For security, IT management and related research.
• To enforce legal terms governing our business and business relationships (for example, we may share personal information with the opposing party, judge or arbitrator in litigation).
• Provide security and business continuity.
• To comply with the law, or in other cases where we believe that use or disclosure is appropriate to protect the rights, safety or property of the company or others (for example, when disclosures are required to be made in response to lawful requests by law enforcement, such as to meet national security or law enforcement requirements).
• For an actual or contemplated sale, merger, consolidation, change of control, transfer of substantial assets or reorganization of the Company, or for due diligence in anticipation of such an event (for example, if a company were to acquire the Company, it could also acquire the personal data we hold).

For other purposes requested or permitted by our customers or users. For these purposes, we may share personal data with, for example:

• our affiliates;
• our clients;
• third parties that assist us, such as our partners, event providers, payment processors, marketing providers, testing providers, analytics providers, technical service providers (e.g., providers of data storage, data backup and CRM systems) and other subcontractors;
• joint marketing partners;
• security investigators;
  
• employers and others seeking to verify a person's claimed certification status;
• entities involved in dispute resolution (such as an arbitrator or an opposing party);
• entities involved in significant potential or actual corporate transactions or events (such as those described in the penultimate item of the list of uses and disclosures above);
• governmental entities.

These uses and disclosures are also subject to our contractual obligations.

The laws of some jurisdictions require data controllers to inform you about the legal grounds that allow them to use or disclose your personal data. Where such laws apply, our legal grounds are:

• Legitimate Business Interests: We process personal data because it is in the legitimate business interests of the Company (or our customers, business partners or suppliers) in the activities we undertake to conduct our business and provide the Services to you, including those listed below,
  and because such data processing does not unduly affect your interests, rights and freedoms:
• Provide cybersecurity and manage information technology assets;
• To protect business activities, individuals and assets;
• Provide customer service;
• Marketing and advertising (including the sending of certain direct marketing);
• Analyze and improve business activities;
• Risk management and legal issues.
  

Comply with contractual commitments:

• Some of our processing of personal data is necessary to fulfill our contractual obligations to individuals, or to take action at the request of the individual because we are planning to enter into a contract with that individual or his or her company. For example, when we process an individual's payment data for a training program, we rely on this basis.
  

Consent:

• If consent is required by law, and in some other cases, we process personal data on the basis of consent. For example, we conduct some of our direct marketing on the basis of consent.
• If explicit consent is required by law, we use personal data on that basis.
• If permitted by law, we may infer consent from the circumstances.
• Legal Compliance: We sometimes need to use and disclose personal data to comply with our legal obligations.
• Legal Claims: We sometimes use or disclose personal information because it is necessary to establish, exercise or defend legal claims.

We offer you the following options for exercising your rights and choices about the use of your personal data. Many of these are subject to important limits or exceptions under applicable law.

• You may review and update certain information by accessing the Company's websites or online services.
• The laws of your jurisdiction (e.g., certain states such as California, or international locations such as the United Kingdom and the European Economic Area) may give you additional rights to request access to, correct or delete certain personal data that we store. In some cases, you may have the right to receive a copy of the personal data you have provided to us in portable format or to request that we share it with a third party. The law may also give you the right to request that we restrict the use of your personal data, to object to our use of your personal data or to withdraw your consent to the use of your personal data (which will not affect the lawfulness of any processing that has taken place before your request takes effect). Section 13 explains how to make these requests.
• For example, individuals who live in the United Kingdom or the European Economic Area (and certain other individuals) have the right to opt-out of our use of personal data for direct marketing. They may exercise their right to opt-out, or to object to other processing, by contacting us as described below.
• Our marketing emails, and some other communications, include unsubscribe instructions, which you can use to limit or stop those communications. Opt-out processes may take some time to complete, but we will not use these instructions to opt you out. We will endeavor to comply with your request as quickly as possible. Youmay not opt out of certain  communications (such as those related to youraccount or billing).
• You may exercise your opt-out rights, object or withdraw your consent regarding our use of certain cookies and similar technologies, as described in Section 7.
• For information on the privacy rights of Californians under California law, see Section 11.

You may contact us if you have any questions or complaints about our privacy practices, and you may also file a complaint with the relevant government authority. For your protection, we will only carry out requests with respect to personal data after we have verified your identity to our satisfaction, taking into account the nature of your request.

We are a global company with corporate offices in Mexico and the United States. It is the company's policy to comply with legal requirements to protect the movement of data across borders, including through the use of standard contractual clauses approved by the European Commission. The Company's affiliates and third parties with whom we share personal data, as described in this PrivacyPolicy, are located in the United States and in other parts of the world, including countries where privacy laws may not provide as much protection as those in your country. Your personal information may be subject to disclosure to the governments, courts, or law enforcement or regulatory agencies of these or other countries in accordance with the laws of those countries.

When you access the Company's website, the Company and third parties associated with the Company may collect certain information through automated means, such as the use of cookies, web beacons, JavaScript, mobile device functionality and similar computer code. Cookies are files containing data, such as unique identifiers, that may be transferred to and from your device when you visit a website. The Company uses cookies for the following purposes:

• to recognize the devices,
• to improve the use of our website and services,
• for cybersecurity,
• to prevent fraud,
• to provide services, and
• for record keeping, analysis and marketing.

This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as Apple's IDFA or Android's Advertising ID), geolocation, information from other devices, Internet connection information, as well as details about your interactions with our apps, websites and emails (e.g., the URL of the third-party website you came from, the pages of our website that you visit and the links you click on our websites).

We and third parties may use these automated means to read or write information on your devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage), or to collect pieces of information that, in the aggregate, may uniquely identify your device.

These technologies help us:

• Keep track of whether you are logged in or have logged in before so that we can show all the features that are available to you.
• Remember your settings on the pages you visit so that we can display your preferred content the next time you visit.
• Show customized contents.
• Perform analytics, measure traffic and usage trends, and better understand the demographics of our users.
• Diagnose and solve technological problems.
• Plan and improve our business. In addition, in some cases, we assist in the collection of information by advertising services provided by third parties. Advertising services may track your online activities over time by collecting information through automated means, such as cookies, and may use this information to show you advertisements tailored to your individual interests or characteristics and/or based on your past visits to certain sites or applications, or other information we or they know, infer or have collected from users like you. For example, we and these services may use different types of cookies, other automated technology and data to:
• Recognize users and their devices.
• Inform, optimize and serve ads.
• To report on our ad impressions, other uses of advertising services and interactions with these ad impressions and advertising services (including in relation to visits to specific sites or applications). You will find more details about our use of cookies and how you can opt-out and manage cookies in the addendum to the company's cookie policy.

By accessing the Addendum to the Company's Cookie Policy you can launch a consent tool to adjust your preferences about how certain cookies and certain similar technologies are used on the Company's websites.

You must repeat the opt-out process with each browser you use to visit those websites. This is the best way to control cookies on sites that offer this option.

If you replace, change or upgrade your browser, or delete your cookies, you may need to re-use these opt-out tools.

Please visit your mobile device manufacturer's website (or your operating system's website) for instructions on any additional privacy controls on your mobile operating system, such as privacy settings for device identifiers and geolocation. However, please note that, at this time, we do not respond to browser-based privacy signals (such as the Do Not Track option).

We will retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless we are required by law to retain it for a longer period of time. To ensure the security and continuity of the activities described in this Policy, we make backup copies of certain data, which we may keep longer than the original data.

The Company takes data security very seriously and, although we cannot guarantee that the data we collect will be protected from all possible threats, the Company has put in place physical, technical and administrative security measures to protect your data.

Our use and disclosure of non-personal data is not subject to this Policy, however, if you or your employer have entered into a contract or non-disclosure agreement with us, non-personal confidential data will always be protected from disclosure as provided in the applicable agreements. If the applicable law and our contractual obligations permit, we may aggregate or de- identify your personal data so that the information cannot be linked to you. Our standard terms and conditions contain typical privacy terms and conditions and canbe found on our website: https://myniiu.com.

As a service provider, Sim1 is legally obligated to release user data in our possession when we receive valid legal process from governmental authorities with proper jurisdiction. We strive to balance the needs of law enforcement and other legal processes with the privacy of our customers and the third parties who submit their information to our customers in their forms. Accordingly, we carefully review each request for information from law enforcement and legal authorities, and when we produce personal information, we strive to produce only the information that is actually required.

For parties in North America, disclosures are governed by U.S. law, specifically in the State of Miami, Florida, waiving its right to pursue outside this area any claims of a legal nature, and the federal Stored Communications Act ("SCA"), 18 U.S.C. §§ 2701-2712. For parties outside of the U.S., our disclosures are governed by the SCA, 18 U.S.C. §§ 2701-2712. For parties outside the U.S., our disclosures are governed by the laws of the applicable jurisdiction. In general, we will release general information such as name, subscription start date, form creation information, email address, IP address of record and, where we deem necessary, billing information. We require a valid subpoena, or law enforcement request, issued in connection with an official criminal investigation.

13.1 Categories of personal information collected.
Below, we identify the categories of personal information we have collected about our users over the past 12 months:

• Identifiers
• Information on customer records
• Commercial information
• Information on activity on the Internet or other electronic networks
• Geolocation data
• Professional or job-related information

For more details about the information we collect, including the sources from which we receive information, please see our information collection practices above. We collect and use these categories of personal information for the business purposes described in the Information Collection Practices section above.

13.2 Categories of personal information sold.
The Company does not sell your personal information to third parties for financial consideration. However, under the CCPA, the term "sell" could include sharing personal information with partners where the company can obtain a commercial benefit. This could include exchanging personal information with implementation partners or resellers of the company, for example. Below we identify the categories of personal information we have provided to our partners in the past 12 months, using the categories provided in the CCPA:

• Identifiers
• Information on customer records
• Commercial information
• Information on activity on the Internet or other electronic networks
• Geolocation data
• Professional or job-related information

13.3 ARCO rights of residents in Mexico.
Means to exercise the rights of access, rectification, cancellation or opposition. The Data Subject may at any time exercise his/her rights of access, rectification, cancellation or opposition ("ARCO" rights) by submitting a request in writing to the Data Controller, addressed to the Personal Data Protection Department, at the address of the Data Controller or by e-mail to derechosarco@simetrical.com.mx, which request must be answered within a maximum period of 20 business days, extendable in terms of the Law, counted from the date of receipt of the request, with acknowledgement of receipt, and the corresponding determination will be issued for the legal effects that may be applicable.

The revocation of consent may be made under the same terms of the preceding paragraph, by means of the respective cancellation request.

Transfer of personal data.

The Responsible informs the Data Controller through this Privacy Notice that it may transfer your personal data to national or foreign third parties, in the following cases:

• a) When you decide to assign to a third party, by any legal means, any right or action you have against the Holder.
• b) When it requires a third party to provide services or advice regarding any matter with the Data Subject, including research on the data provided by the latter through the "SIM1" technological platform.

Changes to the Privacy Notice.

When the Responsible Party requires to modify the content of this Privacy Notice, it will inform the Data Subject, making the new Privacy Notice available to him/her, through its publication in the offices of the Responsible Party or in the web or mobile applications of the technological platform "SIM1" applying the provisions of the Law itself, for the manifestation of the will of the Data Subject.

If you do not agree with the terms of this Privacy Notice, you must express your opposition in the manner indicated in section IV above, otherwise, it will be understood that you have given your consent. The responsible invites you to periodically review this Privacy Notice, to be informed about what concerns your personal data.

By accepting this Privacy Notice, it is understood that you consent to the processing of your Personal Data in accordance with this Privacy Notice.

13.4 Request for deletion, modification or withdrawal of consent - contractual clauses "TYPE" (Processors).
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries that do not ensure adequate data protection. You may have the right to request that we delete or amend your personal information. You may also have the right to withdraw your consent, where your consent is the basis for the processing of your personal information. We apply the same procedures, limitations and exceptions set out for residents of the European Economic Area (EEA), in this privacy policy to all who make such requests for deletion or modification of personal information, or withdrawal of consent to the processing of personal information, regardless of geographic location.

If you are an EEA resident, see below for more specific details on how this applies to you.

Contractual Obligations. For the performance of contractual obligations between you and Sim1, including Sim1's terms of use and/or in our separate written agreement with you.

Consent. Where required by law, we may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after you have given it, as described in this privacy policy).

Your rights.

Removal of personal information.

You may have the right to request that we delete your personal information in certain specific circumstances. If you wish to exercise this right, please submit your request using this form or you may send an email to juan.ortiz@simetrical.com . We will consider all such requests andwill provide you with a response within a reasonable time (but not more than one calendar month from receipt of your request, unless we advise you that we are entitled to a longer period under applicable law). We may ask you to verify your identity before  responding to your request. Certain personal information may be exempt from such  requests in certain circumstances, including as provided in this privacy policy.

Access, updating, data portability and other rights.

You may also have the right to access your information, to update your personal information that is out of date or incorrect, to restrict the use of your personal information in certain specified circumstances, to submit a request for data portability (applicable only where we use your personal information on the basis of your consent or the performance of a contract, and where our use of your information is carried out by automated means), and to ask us to consider any valid objections you have to our use of your personal information where we process it on the basis of our or another person's legitimate interest. Requests should be directed through this form.

We will consider all such requests and provide you with a response within a reasonable period of time (but not longer than one calendar month from receipt of your request, unless we tell you that we are entitled to a longer period of time under applicable law). We may ask you to verify your identity before responding to any of your requests. Certain personal information may be exempt from such requests in certain circumstances, including as provided in this privacy policy.

Privacy of minors. Use of our websites is directed to adults who are at least eighteen (18) years of age. We do not knowingly collect personally identifiable information from children under the age of eighteen (18).

A. Right to know.

You have the right to know certain details about our data practices over the past 12
months. In particular, you may ask us for the following:

• The categories of personal information we have collected about you;
• The categories of sources from which personal information was collected;
• The categories of personal information about you that we disclose for marketing purposes or sell;
• The categories of third parties to whom personal information has been disclosed for marketing purposes or sold;
• The business or commercial purpose of the collection or sale of the personal information; and
• The specific personal data we have collected about you.
  

B. Right of suppression.

You have the right to request that we delete personal information we have collected from you within the last 280 calendar days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request for deletion. If we deny your request, we will explain why in our response.

C. Right to opt-out. You have the right to tell us not to sell your information at any time.

D. Right to nondiscrimination. You have the right not to be treated in a discriminatory manner by us for exercising any of your rights.

E. Authorized agent. You may designate an authorized agent to file applications on your behalf. However, we will ask you for written proof of the agent's permission to do so and will verify the agent's identity directly.

In the event of changes in legislation, in our data processing practices or for other reasons, the company reserves the right to update and modify this policy at any time by updating and posting the revised privacy policy at https://myniiu.com/