The Synopsys Software Integrity Group is now Black Duck®. Learn More

California Consumer Privacy Act Notice

This California Consumer Privacy Act Notice is provided to California residents to supplement Black Duck, Inc.’s general privacy policy (“Policy”) in compliance with the California Consumer Privacy Act of 2018 (“CCPA”) as amended. Any terms defined in the CCPA have the same meaning when used in this notice. These disclosures do not reflect our personal information handling practices with respect to California residents' personal information where an exception or exemption applies under the CCPA.

Contents:

Section 1 – Consumer Notice

Section 2 – Workforce Notice (including Applicants, Contractors and Interns)

Section 3 – California Residents’ Privacy Rights 

 

Section 1 – Consumer Notice

Personal Information We Collect

Black Duck does not sell personal information of California consumers for monetary or other valuable consideration.

Black Duck collects the following categories of personal information from California consumers:

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

YES

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

YES

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

YES

G. Geolocation data.

Physical location or movements.

NO

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

NO

I. Professional or employment-related information.

Current or past job history or performance evaluations.

YES

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

YES

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

NO

 

Our Personal Information Handling Practices

We may collect such personal information from the following categories of sources and for the following business or commercial purposes:

  • Directly from our customers; for example, from documents that our customers provide to us related to the services for which they engage us
  • Indirectly from our customers; for example, through information we collect from our customers in the course of providing services to them
  • Directly and indirectly from activity on our website; for example, from submissions through our website portal or website usage details collected automatically
  • From third parties; for example, from professional social networking websites

Black Duck maintains information about the products or services purchased by our customers and their contact information. We may use this information to contact California consumers in order to provide support, billing, license verification, and other services connected with the use of Black Duck products.

In connection with the use of Black Duck’ websites, in order to use certain protected areas of the Site or to request a white paper, we require California consumers to complete a registration form and/or create a user name and password. During registration, users are required to give contact information (such as name and email address). We may use this information to contact California consumers about the services on our Site in which they have expressed interest. This information may also be disclosed to (but not sold to) Black Duck’ subsidiary companies and distributors.

Black Duck may collect information about the use of our Site including browsing history and information regarding a visitor’s interaction with our sites. Where such information is linked to a user’s contact information, we may use this information to contact California consumers about the services on our Site in which they have indicated interest.

Black Duck may collect contact information of potential customers of Black Duck products and services from professional social networking websites and other public sources of information such as US Securities and Exchange Commission filings. In compliance with applicable laws, we may use this information to contact California consumers about products or services that may be of interest to their businesses.

We may also collect the above categories for purposes of reviewing and processing an application, for security and audit purposes, for marketing (except for cross-contextual advertising), and for providing any relevant services.

We may disclose the above-listed categories of personal information collected by Black Duck with our subsidiary companies, providers for processing purposes related to the collection,  and distributors.

Black Duck will not sell personal information of California consumers. This includes personal information of minors under 16 years of age.

Criteria We Consider When Retaining Personal Information

In general, we retain each of the categories of personal information and sensitive personal information described in this Notice for the longer of (i) 4 years following the end of your work with us or up to 7 years in archive, (ii) any duration necessary for compliance with laws, (iii) for as long as necessary for the exercise or defense of legal rights and archiving, back-up and deletion processes, or (iv) as long as necessary to provide relevant services.

Section 2 – Workforce Notice (including Applicants, Contractors and Interns)

Personal Information We Collect

If you are an employee, contractor, or intern of Black Duck, we may collect your name, contact information, identification data, bank account details, information related to your job, health-related information, salary, benefits, compensation, your use of company equipment and resources, your communications, your performance, any disciplinary actions against you, and other information relating to you as an employee based in California for the purposes described below.  Black Duck also uses technologies, systems and processes to monitor and safeguard employee compliance with applicable laws and company policies, to protect Black Duck' employees, data, Black Duck’ intellectual property, and premises as well as any computer systems owned by Black Duck, employees or third parties that contain or provide access to information pertaining to Black Duck' business. Whenever you are using such computer systems, your actions and communications may be monitored, recorded, tracked, filtered, deleted, and otherwise processed.

Sensitive Information means a consumer’s social security, driver’s license, state identification card, or passport number; a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; a consumer’s precise geolocation; a consumer’s racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership; a consumer’s racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership; the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; a consumer’s genetic data. With your consent, or as otherwise permitted by applicable law, we may collect Sensitive Information:

  • To perform the services or provide the goods reasonably expected by our employees in their role as our employees, including those services and goods that are reasonably necessary for us to administer the employment relationship and for our employees to perform their duties;
  • To prevent, detect and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information, including in or via our premises, computers, software, networks, communications devices, and other similar system;
  • To resist malicious, deceptive, fraudulent or illegal actions directed at us and to prosecute those responsible for those actions;
  • To ensure the physical safety of natural persons;
  • For short-term, transient use;
  • To perform services on behalf of us;
  • To verify or maintain the quality or safety of our services and products;
  • To improve, upgrade, or enhance our services and products; and
  • To perform functions that are required under laws that apply to us.

We do not use "sensitive personal information" to infer characteristics about you.

Purposes For Which We Collect and Use Personal Information

We use personal information about our employees to:

  • Comply with applicable work-related laws and requirements and administration of those requirements;
  • Manage your work relationship with us (including onboarding processes, timekeeping, payroll, and expense report administration, worker benefits administration, worker training and development requirements, the creation, maintenance, and security of your online worker accounts, reaching your emergency contacts when needed, such as when you are not reachable or are injured or ill, workers’ compensation claims management, worker job performance, including goals and performance reviews, promotions, discipline, and termination, and other human resources purposes);
  • Facilitate and manage security and access control regarding our and our affiliates' offices and premises, equipment, and systems, including security activities;
  • Conduct internal audits and workplace investigations, and investigate and enforce compliance with any potential breaches of our policies and procedures;
  • Engage in corporate transactions requiring review of worker records, such as for evaluating potential mergers and acquisitions of us;
  • Process and report on employee expenses;
  • Contact and search for you in an emergency;
  • Maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance;
  • Perform workforce analytics, data analytics, and benchmarking;
  • Administer and maintain our operations, including for safety purposes;
  • Support any claim or defense that we or our affiliates could face before any jurisdictional and/or administrative authority, arbitration, or mediation panel, and cooperating with – or informing – law enforcement or regulatory authorities to the extent required by law.

Section 3 – California Residents’ Privacy Rights 

California consumers have the right to request disclosure of (i) the categories and specific pieces of the personal information about them that we have collected and use, (ii) the categories of sources from which the personal information has been collected, (iii) the categories of personal information about them that we sold or disclosed for a business purpose and the categories of third parties to whom the personal information was sold or disclosed for a business purpose (if applicable), as well as (iv) the business or commercial purposes for collecting or, where applicable, selling their personal information. California consumers also have the right to request (v) deletion of their personal information pursuant to Cal. Civ. Code §§1798.105 and (vi) may not be discriminated against because they exercise any of the privacy rights conferred by the CCPA.

To exercise the access, data portability, and deletion rights described above, California consumers can make requests by sending us an email to [email protected] or by telephoning us at tbd. When we receive a request, we will take steps to verify that the individual making the request is the California consumer to whom the requested personal information pertains. You may only make a verifiable request for access or data portability twice within a 12-month period.

We will ask that California consumers provide certain information to verify their identity, such as a code sent to an email address we may have on file for them. If California consumers have a password-protected account with us, we may verify their identity through our existing authentication practices for their account. The information that we ask to be provided to verify the identity of California consumers will depend on their prior interactions with us and the sensitivity of the personal information at issue. We will respond to requests in accordance with the CCPA. If we deny requests, we will explain why.

You may designate an authorized agent in writing to make verifiable requests on your behalf. You may also make a verifiable request on behalf of your minor child. When using an authorized agent to submit a request, we may require that a California consumer (i) provide the authorized agent written permission to do so and make a certified copy of such written permission available to us, and that the California consumer verify his or her own identity directly with us. This applies unless the authorized agent has been provided with power of attorney pursuant to Probate Code sections 4000 to 4465. We may deny a request from an agent who does not submit proof that they have been authorized by the California consumer on whose behalf they are making the request.

For questions or concerns about our privacy policy and practices, please contact us at [email protected].

This California Consumer Privacy Act Notice was last updated on October 1, 2024.