Skan Platform Privacy Notice

• Process Owners: We collect personal information such as first & last name and email ID of process owners to provide them with access to the UI portal specifically created for the customer. 
• Participants: We collect Windows user name and host names for participants when the Virtual Assistant software agent is installed on systems, and used by participants. This Participant PII can be anonymized with privacy and security configurations.
• Customer's end customers or consumers: When customer's business processes to be discovered would have personal or sensitive personal information about their end customers or consumers, we can collect end customer's personal and/or sensitive personal information. 
• Sensitive Information: We do not collect or process sensitive information that belongs to process owners and participants. We may incidentally collect some sensitive personal information of customers, their end customers, or consumers if present in the business process and selected for discovery by customers.
  
  We do not process personal information collected to produce any particular outcome or results that we would be interested in outside the terms of the subscription agreement governing business process discovery.

We automatically collect certain information when process owners access their UI portal. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, device name information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of the UI Portal.

Through the Platform, we process personal, including the sensitive personal information of our customer's clients to provide B2B service and fulfill our contractual obligations with our customers to help with digital process discovery and analytical services and provide necessary actionable intelligence to respective customers for the duration of the contract/subscription agreement. Skan's primary business purpose is to fulfill contractual obligations agreed upon with the customer to help with digital process discovery of customer business processes and analytical services for the duration of the contract. So, the data collection is to provide the B2B service to the customer. The Platform is designed to capture digital processes and extract actionable intelligence that the customer is looking for, for digital transformation. Skan does not have any other secondary purposes for processing.

Customers use Skan's Platform to discover how their business processes are being executed as their staff (aka Participants) execute them through agent software, which sends discovered data to an intermediate server, which many on Customer's network or Skan's Cloud. The intermediate server aka gateway performs several tasks including security and privacy tasks such as anonymizing customer-selected data fields and region/image masking. Gateway extracts metadata from anonymized data sets and transfers only metadata to Skan Cloud. To secure the data throughout the chain from the agent to the Skan Cloud, Skan employs multiple methods such as user access control agent whitelisting for the data collection, encrypted communications, user and entity identification, access controls, data at rest encryption within Skan Cloud, processing only anonymized metadata in the Cloud.

We do not process personal and sensitive personal information for any other purposes. Personal information that gets collected about participants and process owners of customers and customer's B2C or B2B customers if any, is not processed for any personal information-based outcome or results.

We may need to share your personal information in the following situations:

• Business Transfers: We may share or transfer your information in connection with or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our subsidiaries, joint venture partners, or other companies that we control or that are under common control with uAs.
• Business Partners: We may share your information with our business partners to offer you enhanced capabilities and feature sets as part of Skan Process Intelligence Platform Services.
• Service Providers: Skan Platform integrates with certain Cloud Service Providers. For more information about these providers, the purpose of using their services, and details of data shared with them, you may write us at support@skan.ai.
• Legal Compliance: In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We do not use cookies and tracking technologies (like web beacons and pixels) on the UI Portal to collect and store your information for marketing and analytical purposes.

We do not currently offer social media-based logins.

Every Cloud environment that we set up for our customers is dedicated and not shared with any other customers. All the virtual resources are usually located in the customer's geography or the United States. When customers access their specific UI Portal, please be aware that your information may be transferred to, accessed, stored, and processed by our subsidiaries and by those third parties with whom we may share your personal information (see "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?" above), located in other countries.

If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), then these other countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures such as EU’s Standard Contractual Clauses enforced through a Data Protection Agreement along with appropriate technical and organizational safeguards to protect your personal information by this privacy notice and applicable laws. 

We will only keep your personal information along with business process information collected for as long as it is necessary for the purposes set out in this privacy notice and as per the respective contractual agreement with the customer. No purpose in this notice will require us to keep your personal information for longer than the contractual terms.

Our Services are designed and delivered only for enterprise customers for business process discovery. The process to be discovered, process owners to be provided access to the UI Portal, and participants whose process execution activities would be captured are all determined by the customer. It may be possible that the business processes our customers choose to study about using our product may contain personal information related to minors. However, Skan does not directly intend to or have a specific purpose for collecting and processing personal information about minors. Any information about minors collected as part of business process discovery is protected and processed in the same manner as described elsewhere in this notice. Skan also provides privacy controls to customers so that they can identify sensitive data fields that can be anonymized irreversibly.

We take appropriate security measures to protect personal information against loss, misuse, and unauthorized access, alteration, disclosure, or destruction. We also have implemented measures to maintain the ongoing confidentiality, integrity, and availability of the systems and services that process personal information and will restore the availability and access to data promptly in the event of a physical or technical incident."

Skan may incidentally collect and process personal information as part of business process discovery. The legal basis for the collection is contractual obligations through the enterprise agreement signed with every customer.

Should you wish to exercise your privacy rights, you shall approach your employer, who is our enterprise customer with whom we have a legal contract/subscription agreement to perform process discovery and analytics Services through the Skan Platform.

Other than the performance of contractual obligations, Skan has no other purpose to process either business process information or the personal information collected as part of process discovery.

Skan does not collect, process, and store personal information outside of business process discovery. Personal information collected remains embedded within the business process information based on prior security and privacy controls such as masking and anonymization configured by process owners and labels or fields selected for discovery.

If process owners wish to make any changes to account information or security controls, they can contact support@skan.ai through their customer success team representative.

The personal information of participants or end customers is not stored in any structured fashion on Skan Cloud as part of the meta-data processed. However, participants may write to support@skan.ai through the customer success team representative.

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances.

Should you wish to exercise your privacy rights, you should approach your employer, who is our enterprise customer with whom we have a legal contract to perform process discovery and analytics Services through the Skan Platform.

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized at this stage. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

Skan Platform's UI Portal is only accessible and used by process owners, who work for enterprise customers, with whom we have signed an enterprise agreement to provide the Services for the performance of the contract.

UI Portal does not collect and cannot be used to collect personal information of any other data subject.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

If you have questions or comments about this notice, you may email us at support@skan.ai and reach us at 101, Jefferson Dr. Menlo Park CA 94025, and call us at +1 650-502-0006