FIAASAP.COM IS BUILT ON THE CLICKFUNNELS PLATFORM AND INTEGRATES WITH THE CALENDLY.COM CALENDAR PLATFORM AS WELL AS THE MAILCHIMP EMAIL PLATFORM. THESE PLATFORMS ARE NECESSARY IN ORDER TO SERVE WEB VISITORS THE WEBSITE INFORMATION AND FUNCTIONALITY. PERSONAL INFORMATION PROVIDED IS COLLECTED IN PARTNERSHIP AND EXCLUSIVELY FOR BY IKNOWMYMONEY IN ASSOCATIONS WITH SHIRLEY LUU & ASSOCIATES AND IS NOT SOLD OR DISTRIBUTED TO ANY OTHER 3RD PARTY, FINANCIAL OR OTHERWISE, UNLESS PURELY FOR DATABASE STORAGE OR AS NECESSARY FOR REQUIRED SUBSCRIBED COMMUNICATIONS (EMAIL OR PHONE) AND PERFORMANCE AND IN PARTICULAR, IN THE COLLECTION OF SUBSCRIBER INFORMATION AND EXECUTION OF APPOINTMENT BOOKINGS.

Thank you for visiting the online and mobile resources published by IKNOWMYMONEY IN ASSOCATIONS WITH Shirley Luu & Associates, LLC. Our privacy statement, contained in the pages that follow, serves, to give notice about the types of personal information we collect, how we use it, who we share it with and why, and what we do to try to protect it. We delve into those matters in a fair amount of detail in the pages that follow. We encourage you to read them carefully. In the meantime, we provide a quick overview below.

What do we collect?

There are two types of information that we obtain from you online and then store and use:

• non-personal information that’s collected automatically from each visitor, such as your device operating system; and

• personal information that you voluntarily provide to us or that is collected automatically.

Why do we use it?

We use non-personal information to administer our online and mobile resources, make them better, and to make business decisions about what programs our customers might like.

We use voluntarily provided personal information to respond to your inquiries and provide you with the services you have requested, amongst other uses as further described below. We do not sell or rent your personal information to third party data vendors or marketing companies. As you might expect, we disclose your information when required by law.

When do we share it?

We share personal information when needed to fulfill our legal obligations and when our vendors and business partners need it to perform under the contracts we have with them. We do not sell or rent any personal information to third party data brokers or marketing companies.

Your Privacy Choices and Rights

You do not have to provide personal information to enjoy most of the features of our online and mobile resources. Moreover, you can opt out of certain activities like newsletters and announcements. You may have certain additional rights depending upon the jurisdiction in which you reside, or in which your personal data was collected from, pursuant to the applicable data protection laws.

Contacting Us

Questions about this highlights page or our online privacy statement may be sent to Shirley Luu & Associates, LLC, ATTN: Legal & Compliance Department, 8280 Greensboro Dr. Suite 100 McLean, VA 22102 or [email protected]

Shirley Luu & Associates, LLC (“SLA” “us,” “we,” or “our”) thanks you for visiting the online and mobile resources we publish. We use the words “you” and “your” to mean you, the reader, and other visitors to our online and mobile resources who are, in all cases, over the age of 13. Our privacy statement (“this statement,” “this privacy statement,” and “our statement”) informs you about from whom and the types of personal information we collect, how we use it, who we share it with and why, and what we do to try to protect it.

Online and mobile resources means the websites and other internet features we own that allow you to interact with our websites, as well apps we’ve created and distributed to let our customers and followers view our online and mobile resources or otherwise interact with the content we provide.

WHO WE COLLECT PERSONAL INFORMATION FROM

We may collect personal information from the following groups of data subjects: visitors to, and users of, our online and mobile resources; our customers; current members of our workforce and those who apply for posted jobs; and third party vendors and business partners.

Personal information generally means information that can be used to identify you or that can be easily linked to you (for example, your name, address, telephone number, email address, social security number and date of birth). The privacy laws in some jurisdictions include unique elements in what they consider to be the personal information of the consumers or data subjects they protect. If those laws apply to us, as in the case of the California Consumer Privacy Act (“CCPA”) or European General Data Protection Regulation (“GDPR”), our use of the phrase “personal information” includes the unique elements required by such laws.

The categories of information we collect from each of these groups, and the ways in which we use it, differs. As you may have noticed, it’s possible that the same person could fall into more than one group. Most of this statement addresses our processing and sharing of personal information collected from visitors to and users of our online and mobile resources and our customers.

Nonetheless, we collect and retain the types of professional or employment related personal information you would expect an employer to have about its existing and former workforce and new job applicants. We provide legally required notices of collection, and describe our use and sharing of the personal information of our workforce and applicants in greater detail in confidential internal human resource manuals and documents accessible to members of our workforce, or by publication on the proprietary workforce/applicant portals and apps we operate. In some cases, such portals and apps may be operated by third parties who transfer the personal information to us. In those situations, the legal responsibility to provide notice usually rests with the third party, not us.

In addition, like all corporate enterprises, we buy goods and services, lease equipment and office space and attend industry events. In doing so, we interact with many existing and potential vendors and business partners from whom we necessarily collect certain personal information in connection with our contractual and business relationships. As with our customers, this information is typically limited to minimum business contact information. We use and share personal information collected from our vendors and business partners to manage, administer and perform under our contracts with them, or share information about our products. We describe our use of vendor and business partner personal information in greater detail in our confidential contracts with those parties or on the internal vendor management portals we operate.

WHAT WE COLLECT

There are two types of information that we obtain from you online and then store and use: (i) non-personal information that’s collected automatically from each visitor, such as your device operating system; and (ii) personal information that you voluntarily provide to us or that is collected automatically.

By using our online and mobile resources or purchasing our products or services, you are signifying to us that you agree with this section of our privacy statement and that we may use and disclose your information as described.

Voluntarily Submitted Information.

If you participate in certain activities via our online and mobile resources, you may be asked to provide us with information about yourself. The types of personal information we collect in those situations includes identifiers (such as your name, email address, physical address, and phone number), professional information (such as the business you are in), and financial account information (such as your credit card information). We do not sell, rent, or trade voluntarily submitted personal information with third parties.

If you don’t want us to collect this type of personal information, please don’t provide it. This means you shouldn’t participate in the activities on our online and mobile resources that request or require it and you may want to communicate with us by phone or regular mail instead. Participation is strictly your choice. Not participating may limit your ability to take full advantage of the online and mobile resources, but it will not affect your ability to access certain information available to the general public on the online and mobile resources.

Some of the ways you voluntarily give us your personal information and how we use it:

Emails and Online Forms – When you send us an email or fill out an online form, such as to contact us, your email address and any other personal information (e.g., home address or phone number) that may be in the content of your message or attached to it, are retained by us and used to respond back directly to you and to process your request. Depending on the personal information provided, communications from us may be in the form of emails, telephone calls, and/or text messages. We may also send you information about any of our products or services we think may be of interest to you.

Registering for an Account – When you register for an account or you register your child for a sub-account, you submit personal information to us such as your name and email address (or your child’s name and email address) which we then retain. We use that information to create and manage your account and in some cases establish a password and profile to communicate with you and any sub-accounts you created via email.

Registering for Events – When you register for events, conferences or programs we ourselves may host (rather than outsource to a third party event manager with its own privacy policies), you will be submitting the types of identifiers described above. If the event requires a fee, we may also ask you to submit credit card or other financial information. We use this information to register you for the event and send you communications regarding the event.

Becoming a Subscriber to Our Service – We use any information provided from our customers to perform our contractual obligations and provide the products and services purchased to them, to manage their accounts and communicate with them.

Social Media and Community Features – Some of our online and mobile resources may offer social media-like community features letting users post messages and comments, and/or upload an image or other files and materials. If you choose to make use of these features, the information you post, including your screen name and any other personal information, will be in the public domain and not covered/protected by this statement.

Automatically Collected Information.

When you visit our online and mobile resources, basic information is passively collected through your web browser via use of tracking technologies, such as a “cookie” which is a small text file that is downloaded onto your computer or mobile device when you access the online and mobile resources. It allows us to recognize your computer or mobile device and store some information about your preferences or past actions.

We allow third party vendors to use cookies or similar technologies to collect information about your browsing activities over time following your use of the site. For example, we use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies to help us analyze how you use the online and mobile resources and enhance your experience when you visit the online and mobile resources. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/. You can learn more about how to opt out of Google Analytics by going to https://tools.google.com/dlpage/gaoptout.

The internet activity information collected through cookies and other similar means includes such things as: the domain name and IP address from which you accessed our online and mobile resources; the type of browser and operating system you use; the date and time and length of your visit; the specific page visited, graphics viewed and any documents downloaded; the specific links to other sites you accessed from our online and mobile resources; and the specific links from other sites you used to access our online and mobile resources.

Additionally, if you access our online and mobile resources from a phone or other mobile device, the mobile services provider may transmit to us uniquely identifiable mobile device information which allows us to then collect mobile phone numbers and associate them with the mobile device identification information. Some mobile phone vendors also operate systems that pinpoint the physical location of devices and we may receive this information as well if location services are enabled on your device. If you do not want us to collect and use geolocation data, disable location services through your device settings.

Regardless, we use both automatically collected information and mobile device information to compile generic reports about popular pages on our online and mobile resources, and to see how our customers and followers are accessing our online and mobile resources. We then use that data to administer the online and mobile resources and make them better, make your activities more convenient and efficient and to enhance the functionality of our online and mobile resources, such as by remembering certain of your information in order to save you time.

We use and retain your personal information in accordance with applicable law and as long as necessary to carry out the purposes described above in accordance with our internal data retention procedures.

User Beware: External Sites, Apps, Links and Social Media.

We maintain a presence on one or more external social media platforms such as Twitter, Facebook, YouTube and LinkedIn. We may further allow features of our online and mobile resources to connect with, or be viewable from, that external social media presence. Similarly, our online and mobile resources may contain links to other websites or apps controlled by third parties.

We are not responsible for either the content on, or the privacy practices of, social media platforms, or any third party sites or apps to which we link. Those apps, sites and platforms are not controlled by us and therefore have their own privacy policies and terms of use. If you have questions about how those apps, sites and platforms collect and use personal information, you should carefully read their privacy policies and contact them using the information they provide.

WHEN/WITH WHOM DO WE SHARE PERSONAL INFORMATION

We use non-personal information to administer our online and mobile resources, make them better, and to make business decisions about what programs our customers might like.

We use voluntarily provided personal information for our legitimate interests, including to respond to your inquiries and provide you with the services you have requested, amongst other uses as further described below. We do not sell or rent your personal information to third party data vendors or marketing companies. As you might expect, we disclose your information when required by law. We may use your personal information when we have your consent to do so, where required or permitted under applicable law.

Affiliates.

In addition to those third parties set forth above, we may share your information, including personal information, within our family of companies. Those companies will use such information in generally the same manner as we do under this privacy statement which includes sending you information about their products, services, or initiatives that may be of interest to you.

Legally Compelled Disclosures.

We may disclose your information, including personal information, to government authorities, and to other third parties when compelled to do so by such government authorities, or at our discretion or otherwise as required or permitted by law, including but not limited to responding to court orders and subpoenas.

To Prevent Harm.

We may disclose your information, including personal information, when we have reason to believe that someone is causing injury to or interference with our rights or property, other users of the online and mobile resources, or anyone else that could be harmed by such activities.

Business Transfer.

If we or any of our affiliates, or substantially all of its or their assets, are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation, or liquidation, personal information may be one of the transferred assets.

Vendors and Business Partners.

We may share your information, including personal information, with our vendors and other third parties with whom we have a contractual relationship. We may also share your information, including personal information, with vendors who provide third party software services that you have chosen to assist you with your sales funnels. We do our best to disclose only the information each of those parties need.

We have adopted standards for those vendors and business partners who receive personal information from us. We attempt to bind such vendors and business partners to those standards via written contracts. We further attempt to contractually restrict what our vendors and business partners can do with the personal information we provide to them such that it is used only to the extent necessary to carry out the business purpose for which it was provided; is not disclosed to anyone else without our consent or under our instruction; remains, as between us and the applicable vendor or business partner, our property; and is not transferred out of the United States without our consent.

Please note, however, that we cannot guarantee that all of our vendors and business partners will agree to these contractual requirements; nor can we ensure that, even when they do agree, they will always fully comply.

YOUR RIGHTS AND OPTIONS

You do not have to provide personal information to enjoy most of the features of our online and mobile resources. Moreover, you can opt out of certain activities like newsletters and announcements. Data subjects in certain locations, or whose personal data was obtained while they were in certain locations, may have additional rights pursuant to the applicable data protection laws.

GDPR Jurisdictions means the countries composed of the European Economic Area, the United Kingdom (which soon will leave the European Union), Switzerland and Japan which, having received an “adequacy decision” from the European Commission, adheres to the material terms of the GDPR.

If we are using personal information you provided to us in order to enable us to send you materials, such as newsletters or product alerts via text or email, and you decide you don’t want to receive such materials, you may opt out by following the opt-out instructions in the email or other communication (e.g., by responding to the text with “STOP”), or by contacting us using the contact information below. When we receive your request, we will take reasonable steps to remove your name from our distribution lists. You need to understand it may take a period of time to remove your name from our lists after your request and due to such latency you may still receive materials for a period of time after you opt out. In addition to opting out, you have the ability to access, amend, and delete your personal information by contacting us using the contact information below.

Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not specifically respond to browser “do not track” signals.

CHILDREN’S PRIVACY

Federal laws impose special restrictions and obligations on commercial website operators who direct their operations toward, and collect and use information from, children under the age of 13. We take those age-related requirements very seriously, and consistent with it do not intend for our online and mobile resources to be used by children under the age of 13 without first obtaining the verifiable consent of such child’s parent or legal guardian. Moreover, we do not knowingly collect personal information from minors under the age of 13, only a parent or legal guardian may provide such information after adhering to our verification process for submitting such information via the online and mobile resources. If we become aware that anyone under the age of 18 has submitted personal information to our online and mobile resources without such parental or legal guardian approval and that is not an integral part to accessing or using our Services, we will delete that information and will not use it for any purpose whatsoever. If you believe that someone under the age of 18 has submitted personal information to our online and mobile resources, please contact us at [email protected]. We encourage parents and legal guardians to talk with their children about the potential risks of providing personal information over the Internet.

HOW WE PROTECT COLLECTED PERSONAL INFORMATION

We will take all reasonable security precautions to protect your personal information provided to our online and mobile resources. We have adopted a security program that includes technical, organizational, administrative, and other security measures designed to protect, in a manner consistent with accepted industry standards and applicable law, against anticipated or actual threats to the security of personal information (the “Security Program”). We cannot, however, guarantee that your information, whether during transmission or while stored on our systems or otherwise in our care, will be free from unauthorized access or that loss, misuse, destruction, or alteration will not occur. Except for our duty to maintain the Security Program under applicable law, we disclaim any other liability for any such theft or loss of, unauthorized access or damage to, or interception of any data or communications including personal information. We have every reason to believe our Security Program is reasonable and appropriate for our business and the nature of foreseeable risks to the personal information we collect. We further periodically review and update our Security Program, including as required by applicable law.

Nonetheless, as part of our Security Program, we have specific incident response and management procedures that are activated whenever we become aware that your personal information was likely to have been compromised. We further require, as part of our vendor and business partner oversight procedures, that such parties notify us immediately if they have any reason to believe that an incident adversely affecting personal information we provided to them has occurred.

THE CALIFORNIA CONSUMER PRIVACY ACT

When we collect personal information from California residents we become subject to, and those residents have rights under, the California Consumer Privacy Act or “CCPA”. This section of our statement is used to allow us to fulfill our CCPA obligations and explain your CCPA rights. For purposes of this section, the words “you” and “your” mean only such California residents.

What did we collect from California Residents?

We collect the following categories of personal information: identifiers such as name, address, IP address, and other similar identifiers; personal information described in subdivision (e) of Section 1798.80 (California customer records statute) such as a name, address, telephone number, credit card number; commercial information such as products or services purchased; internet/electronic activity such as browsing history and search history; geolocation data including geographic coordinates/physical location; and audio, video, electronic or other similar information. We have disclosed these categories of personal information for a business purpose within the last 12 months. We do not sell, and within the last 12 months have not sold, personal information to third parties.

Rights of California Residents

You have the following rights under the CCPA, in summary disclosure, access and delete. It’s important to us that you know that if you exercise these rights, we will not “discriminate” against you by treating you differently from other California residents who use our sites and mobile resources or purchase our services but do not exercise their rights.

You can exercise these rights up to two different times every 12 months. To do so, just contact us at [email protected]. We may ask you to fill out a request form. The CCPA only allows us to act on your request if we can verify your identity or your authority to make the request so you will also need to follow our instructions for identity verification.

If you make a verifiable request per the above, we will confirm our receipt and respond in the time frames prescribed by the CCPA.

THE EU GENERAL DATA PROTECTION REGULATION

We do collect or otherwise obtain personal information from data subjects located in the GDPR Jurisdictions. We fulfill our GDPR obligations with respect to our workforce/job applicants, our customers (and their own end-clients), and our vendors and business partners through a series of separate notices, contracts or other terms provided to them at the time, and in the manner and form, GDPR and local law within each GDPR Jurisdiction requires.

We describe, in the immediately following section of this statement, how we comply with the GDPR for personal information collected from visitors to and users of our online and mobile resources while they were in a GDPR Jurisdiction. Thus for purposes of that section, the words “you” and “your” mean only such GDPR Jurisdiction-based visitors and users.

What do we collect from you in the GDPR Jurisdictions and how do we use it?

We collect from you the categories of personal information already described. The lawful basis on which we rely for such collection, later use and disclosure, is what the GDPR refers to as legitimate interest. As stated elsewhere in this statement, we do not sell any of your personal information to third parties nor do we use it for automated decision making.

Cross-border Data Transfers and Third Party Processors

If we transfer personal information from the GDPR Jurisdictions to a location that has not been deemed by the European Commission to have adequate privacy protections, we do so in the manner the GDPR permits.

Rights of Data Subjects in the GDPR Jurisdictions

While we attempt to allow all visitors and users of our online and mobile resources to exercise a degree of control over their personal information, under the GDPR we have a legal obligation to do so for you. More specifically, with respect to personal information collected from you while you were in a GDPR Jurisdiction, you have these rights: transparency, access, correction and deletion, portability, who, what, why and where, and restriction.

If you would like to exercise any of these rights, please contact [email protected]. Your ability to exercise these rights is subject to certain conditions and exemptions that you can read about in Articles 12 through 23 of the GDPR. Among those conditions is our right to decline part or all of a request if we cannot satisfy our reasonable doubts and concerns about your identity in a manner that helps us minimize the risk that unauthorized persons might use a GDPR right to access your personal information. We will respond to all requests without undue delay, and in accordance with the time frames, if any, prescribed by the GDPR. If you are not satisfied with how we use your personal information or respond to your requests, you have the right to complain to your data protection regulator. Contact information for the EU data protection regulators can be found here.

RIGHTS OF DATA SUBJECTS IN OTHER JURISDICTIONS

In other jurisdictions, with similar data privacy regulations, we may collect from you the categories of personal information already described. We collect and manage (including disclose) such data in compliance with applicable local law(s). As noted, we do not sell any of your personal information to third parties nor do we use it for automated decision making.

CHANGES TO THIS PRIVACY STATEMENT

The English language version of this privacy statement is the controlling version regardless of any translation you may attempt.

We reserve the right to change or update this statement from time to time. Please check our online and mobile resources periodically for such changes since all information collected is subject to the statement in place at that time.

CONTACTING US

If you have questions about our privacy statement or privacy practices, please contact us at:

Shirley Luu & Associates, LLC

Attn: Legal & Compliance Department

8280 Greensboro Dr.

Suite 100

McLean, Virginia 22102

Our calendar is provided by the 3rd party service, Calendly of https://calendly.com. Here are their privacy notice terms.

Privacy Notice

Effective March 8, 2024

Calendly’s mission is to help you schedule better. To do so, we need personal information from you and the people scheduling time with you – there’s no way around it. But we don’t take this responsibility lightly. We recognize the importance of privacy and your rights, and we want you to feel confident about using our services and in your interactions with us. We want you to love Calendly as much as we do, but if you do not agree with this policy then please do not access or use the Website.

The sections below contain the information you may want to know about this topic. We’ve tried to make them as straightforward as possible, but we realize it’s a lot of information. If you still have any questions, please reach out to [email protected].

Introduction

This privacy notice (“Privacy Notice”) describes how Calendly, LLC and its affiliate Interview Schedule, Inc. d/b/a Prelude (“Calendly”, “we”, or “us”) collect, use, and disclose your Personal Data. Throughout this document, we will use a few defined terms “Personal Data” when used in this Privacy Notice means any data relating to an identified or identifiable natural person that is processed by Calendly as described in this Privacy Notice when such information is protected as “personal data” or “personal information” or a similar term under applicable data protection laws. All other defined terms used in this Privacy Notice will have the meanings associated with them in our Terms.

Applicability

This Privacy Notice applies to Personal Data Calendly collects when you visit or use our Website and Services as described in the “Information We Collect” section of this Privacy Notice below. Calendly is the controller of that Personal Data. This Privacy Notice does not apply to personal data within Customer Data (as that term is defined in your agreement with Calendly), such as information a User collects about an Invitee when an Invitee books a meeting or interview using our Services. We process Personal Data within Customer Data on our customers’ behalf as a processor or service provider. If you are an Invitee and have questions about how your data is processed by our customers or wish to exercise your rights with respect to that data, you must reach out to the User who collected your information. If you contact us about Personal Data within Customer Data and are able to identify the Entity or User with whom you have interacted, we will promptly notify the relevant Customer who collected your data of your inquiry.

Information We Collect

We collect information about you directly from you and automatically through your use of our Website. To help you protect yourself and your information, we encourage you to provide and collect only that information that is necessary for your use of our Website or Services. For example, to schedule a meeting, the only information that may be necessary is names, email addresses, date, and time. Please note that if you choose not to share certain Personal Data with us, or refuse certain contact permissions, we might not be able to provide certain parts of the Services.

Calendly is not directed to children under eighteen (18) years of age, and we do not knowingly collect personal Data from children under 18. If we discover that a child under 18 has provided us with Personal Data, we will promptly delete such Personal Data from our systems. For educational service providers and schools, please see our FERPA and COPPA Privacy Policy and Notice.

Calendly collects the following information, either directly from Users, Invitees, or Visitors, or through third parties regarding Users, Invitees, or Visitors.

. A User may voluntarily give us certain information when scheduling and setting up appointments. This can include name, email address, phone number; email addresses of other people and/or Invitees; the subject of the meeting; and any other information a User provides or collects upon scheduling, pursuant to the Calendly Terms or an executed agreement with Calendly. Calendly processes the information an Invitee provides to a User when scheduling with the User on the User’s behalf as a processor or service provider.

A User may connect their calendar with Calendly. In most instances, our calendar integration only uses and displays the duration and free/busy status of the events in your calendar so that we don’t book you when you’re busy. A few of our features also use and display the meeting titles in your calendar (these are currently our one-off meeting feature, or if you are booking with another Calendly user). In all cases, however, no details about the appointments in your connected calendar are stored in Calendly, such as who you are meeting with, their email address, or the meeting title. Although connecting your calendar to our Services makes the scheduling process much more efficient, you are not required to connect your calendar to use our Services. More information about access to the Calendly app and extensions to have to your calendar connected is available here. Calendly processes the calendar information on the User’s behalf as a processor or service provider. (, the Prelude service works a bit differently. Calendly will have access to the duration, free/busy status of the events in your calendar, attendees, start time, and the title of these events. We need this information in order to understand which events are movable on a User’s calendar so interviews may be scheduled more seamlessly.)

Meeting Information. If you participate in a recorded virtual meeting where we use meeting assistant functionality, we will collect a recording of the meeting. We use third party partners to assist us with recording and creating a transcription of the meeting. You may opt out of recording at any time. When recording a virtual meeting you attend, we will gather audio and visual information of you as applicable and as you appear in the meeting (for example, if you do not turn on your video at a meeting, we will not record visuals of you). We will also gather any of your personal information shared on screen during the meeting (for example, by using a “screen share” feature to present materials).

. If you choose to connect your account to your account with a third-party service, we may receive or be granted access to information from such third-party service, including Personal Data. For example, if you use the Prelude service and enable applicant tracking systems integrations for the recruiting use case within Prelude, your ATS may send to Prelude certain Personal Data as determined by you. You can stop sharing your information from a third-party service with us by removing our access to that service. Calendly processes that information on the User’s behalf as a processor or service provider

Users provide Calendly with certain information, including name, email address, username, and password, when you set up your account. If you purchase a premium version of Calendly, our third party payment processors will collect and store your billing address and credit card information. We store the last four digits of your credit card number, card type, and the expiration date. (the payment and billing information will be processed as established in the services agreement between Calendly and your organization.)

. If you engage with our virtual chatbots, we will collect the information you provide during the chat, including transcripts of your conversation with the chatbot.

. Users, Invitees, or Visitors interested in Calendly’s Services may contact us through forms made available on the Website and voluntarily give information such as name, work email, phone number, company, and role. Users, Invitees, or Visitors interested in our newsletter may also submit their name and email addresses to join our mailing list. We also receive other similar information provided by you if you participate in an event hosted by or attended by Calendly or its partners (such as webinars, conferences, and trade shows) and in your interactions with our social media accounts.

Additional Information. We may also receive certain Personal Data as you interact with Calendly through activities such as surveys, focus groups, customer support tickets, or any other product education initiatives aimed at receiving User, Invitee or Viewer feedback.

We and our authorized third parties use Cookies, pixels, web beacons, and other technologies to receive and store certain types of information when you interact with us through your computer or mobile device (subject to your consent, opt-out preferences or other appropriate legal basis where legally required). Using these technologies helps us customize your experience with our Website and Services, improve your experience, tailor marketing messages, and help us detect and prevent fraud and security risks. Here is more specific information about the types of information we collect:

When you access the Website or the Services, we and our authorized third parties may automatically record certain information (“log data”), including information that your browser sends whenever you visit our Website. This log data may include the web address you came from or are going to, your device model, operating system, browser type, unique device identifier, IP address, mobile network carrier, and time zone or approximate location. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. For example, different types of information are available depending on whether you’re using a Mac or PC, or an iPhone or an Android phone. To learn more about what information your device makes available to us, please check the policies of your device manufacturer or software provider.

Depending on how you’re accessing our Services and subject to your consent, opt-out preferences, or other appropriate legal basis where legally required, we and our authorized third parties may use “Cookies” (a small text file sent by your computer each time you visit our Website, unique to your Calendly account or your browser) or similar technologies such as pixels or web beacons to record log data. When we use Cookies, we may use ‘session’ Cookies (that last until you close your browser) or ‘persistent’ Cookies (that last until you or your browser deletes them). For example, we may use Cookies to keep you logged into Calendly. Some of the Cookies we use are associated with your Calendly account (including Personal Data about you, such as the email address you gave us), and other Cookies are not. Calendly provides a centralized cookie management service across the entire Calendly Website. When visiting the Calendly Website or a booking page for the first time, Users, Invitees and Visitors will see a cookie banner in accordance with their region. Cookie preferences can be adjusted at any time. Users can find the link to manage their cookie preferences by accessing “Cookie Settings” under “Account Settings” within their Calendly account. Invitees can click on “Cookie Settings” within any booking page they receive. Users, Invitees and Visitors can also navigate to the footer of the Calendly Website at any time and change their Cookie preferences under “Cookie Settings” or “Your Privacy Choices.” ( you can opt out through the “Cookie Preferences” link made available to you on the booking page you receive from a Prelude User.)

When you use our Services either as a User or an Invitee, we and our authorized third parties collect certain information about how you use the Services. For example, we collect information on the meeting types our Users use most often, and how many meetings are scheduled each day. We aggregate this information and use it to help us monitor and improve the Services, such as to determine which features are most popular amongst our Users, and which features could be added or improved.

We may disclose information to third parties or allow third parties to directly collect information using these technologies on our Website, such as social media companies, advertising networks, companies that provide analytics including ad tracking and reporting, security providers, and others that help us operate our Services and Website. We use such third-party tools subject to your consent, opt-out preferences, or other appropriate legal basis where legally required. For example, we use third-party providers such as Google Analytics to provide certain analytics and Visitor interactions services to Calendly in connection with our operation of our Website, including the collection and tracking of certain data and information regarding the characteristics and activities of Visitors to the Calendly Website. To learn how Google Analytics collects and processes data, please visit: “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners. We also use session replay, session recording, and similar tools provided by third party Service Providers (as defined below) to record your interactions with our Website, such as how you move throughout our Website and engage with our webforms. In addition to analytics, this information helps us improve our Website and Services, our marketing activities, and identify and fix technical issues visitors may be having with our Website.

Certain third-party tools may not be opted out of and are essential to our service. For example, Calendly has implemented Google reCAPTCHA Enterprise to help prevent spam and abuse. reCAPTCHA Enterprise collects hardware and software information, such as device and application data, and sends it to Google for purposes of providing, maintaining, and improving reCAPTCHA Enterprise and for general security purposes. This information is not used by Google for personalized advertising. Your use of reCAPTCHA Enterprise is subject to Google’s Privacy Policy and Terms of Use.

How We Use Your Information

We may use information that we collect about you, including Personal Data, to:

. We will use your information to provide our Services to you, including to facilitate scheduling; create and manage your account; respond to your inquiries; prevent or address service errors, security, or technical issues; analyze and monitor usage; prevent spam, fraud and abuse on the Services; investigate potential violations of our Terms, verify your identity; and for other customer service and support purposes. We use the payment information you provide to us in order to alert you of past, current, and upcoming charges, to allow us to present the billing history to you on your billing page in your account, and to perform internal financial processes, such as looking at the status of a credit card charge. In the event of a credit card dispute, we also share account information with your bank to verify the legitimacy of a charge.

We will perform research and analysis about your use of, or interest in, our products, Services, or content, or products, services or content offered by others. We do this to help make our products better and to develop new products.

We may send you service and administrative emails to ensure the service is working properly. We will also email you regarding your calendar appointments. These messages are considered part of the Services and you may not opt out of these messages.

Subject to your opt-out preference and subscription, we may send you emails about new product features or other news about Calendly or on topics we think would be relevant to you. You may opt out of receiving these communications at any time. Visit the ‘Your Rights and Choices’ section below. For Calendly Invitees, please be assured that we do not use the email addresses that you enter to schedule a meeting with a Calendly User to send any type of direct marketing. However, you may receive marketing communications if you have used the same email address to sign up for them previously or to manage your account as a Calendly User.

 We will also use your information to respond to your questions or comments.

 We may contact you to inform you about changes to your account, our Services and other important service-related notices, such as changes to the Terms or Privacy Notice or about security or fraud notices.

We will use your information to protect our rights and interests as well as the rights and interests of our Users and any other person, as well as to enforce this Privacy Notice or our Terms. .

 We may use your information to comply with applicable legal or regulatory obligations, including complying with requests from law enforcement or other governmental authorities, or in legal proceedings involving Calendly.

 We also may use your information to manage our business or perform functions as otherwise described to you at the time of collection subject to your consent where legally required.

With Whom We May Share Your Information

We may share information we collect about you, including Personal Data, in the following ways:

We use other companies, agents, or contractors (“Service Providers”) to perform services on our behalf or to assist us with providing services and communicating with you. We may engage Service Providers to process credit card transactions or other payment methods. We may also engage Service Providers to provide services such as monitoring and developing Calendly services; aiding in communications, infrastructure, and IT services; customer service; debt collection; analyzing and enhancing data. These Service Providers may have access to your Personal Data or other information to provide these functions. In addition, some of the above-listed types of information that we request may be collected by third-party Service Providers on our behalf. Microsoft is one of Calendly’s Service Providers. You may review Microsoft’s Privacy statement here. We may share information with Service Providers and government entities for legal, security, and safety purposes. This includes sharing information to enforce policies or contracts, address security breaches, and assist in the investigation of fraud, security issues, or other concerns. We require Service Providers to agree to take reasonable steps to keep the Personal Data that we provide to them secure. We do not authorize them to use or disclose your Personal Data except in connection with providing their services. You may find the list of Calendly’s Service Providers who are also platform subprocessors here.

 We may disclose information to current or future affiliates or subsidiaries for purposes consistent with this Privacy Notice.

 We may share your data if we believe that disclosure is reasonably necessary to comply with a law, regulation, legal, or governmental request; to respond to a subpoena, court order, warrant, or other legal process; to enforce applicable Terms or this Privacy Notice, including investigation of potential violations thereof; to protect the safety, rights, or property of the public, any person, or Calendly; to detect, prevent, or otherwise address, security or technical issues, illegal, or suspected illegal activities (including fraud); or as evidence in litigation in which we are involved, as part of a judicial or regulatory proceeding. In this process, Calendly is committed to maintaining individuals’ privacy, and all such disclosures are carefully reviewed to ensure their legitimacy, and if disclosure is required, that only the necessary information is provided or that the request is challenged accordingly. Unless prohibited by law, Calendly will inform you of a government request it has received.

If you are using Calendly as a member of an organization or with your organization’s email domain (thereby representing yourself as a member of the organization), we may share your email address, plan information, and data within your account with an authorized agent of your company upon your company’s request for them to administer the account for the company.

 We may, as a result of a sale, merger, consolidation, change in control, transfer of assets, reorganization, or liquidation of our company (a "Reorganization Event"), transfer or assign your Personal Data to parties involved in the Reorganization Event. You acknowledge that such transfers may occur and are permitted by and subject to this Privacy Notice.

Your Rights and Choices

Depending on your relationship with Calendly, you may exercise your rights and choices in the following ways:

If you are a User, you may keep your Personal Data accurate and complete by logging into the Services to review and update your account information, including contact and billing information, via your account settings page.

As described above, if you do not wish to receive promotional emails from us, you may opt out at any time by following the opt-out link contained in the email itself. Please note that it may take up to ten (10) days to process your request. Please also note that if you opt out of receiving marketing communications from us, we may continue to send to you service-related emails which are not available for opt-out. If you do not wish to receive any service-related emails from us, you have the option to delete your account.

You may also refrain from providing or may withdraw your consent for nonessential Cookies via your browser settings. Your browser’s help function should contain instructions on how to set your computer to accept all Cookies, to notify you when a Cookie is issued, or to not receive Cookies at any time. Please keep in mind that certain Cookies are required to authenticate Users as well as perform some actions within Calendly (such as to pay for an event as an Invitee via Calendly), so to use the Website, some strictly necessary Cookies are required. You may also manage the use of targeting, performance, and functional cookies on this website by clicking the “Cookie Settings” or “Your Privacy Choices” link located on the footer of this page.

Some of the Service Providers we use provide the ability to opt-out.

 You may opt out of Google Analytics’ services using the Opt-Out feature on their website. The Google Analytics service is provided by Google Inc. You can opt-out from Google Analytics service from using your information by installing the Google Analytics Opt-out Browser tool: https://tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.

. You may opt out of Clearbit’s services using their opt-out feature: https://claim.clearbit.com/claim. For more information on the privacy practices of Clearbit, please visit their privacy policy: https://clearbit.com/privacy.

. You may opt out of Facebook Pixel’s services using their opt-out feature: https://facebook.com/help/568137493302217. For more information on the privacy practices of Facebook, please visit their Data Policy: https://facebook.com/about/privacy

You may opt out of TV advertising using their opt-out feature: https://mountain.com/opt-out/. For more information on the privacy practices of MNTN, please visit their privacy policy: https://mountain.com/privacy-policy/

Depending on where you live, you may have the following rights, subject to any applicable exemptions or limitations:

The right to know and access your Personal Data, such as the categories of Personal Data we have collected, the sources of Personal Data, the purposes of collection, and how we used, disclosed, sold, or shared Personal Data;

The right to correct inaccurate Personal Data that we maintain about you;

The right to delete your Personal Data under specific circumstances;

The right to opt out of the sale or sharing of your Personal Data, as such terms are defined by applicable laws;

The right to object or opt out of certain types of processing, such as targeted advertising, direct marketing, and certain types of profiling and automated decision-making;

The right to request the restriction of processing of your Personal Data;

The right to data portability, which means requesting a copy of your Personal Data in an accessible format;

The right to withdraw your consent under certain circumstances; and

The right to lodge a complaint with the relevant data protection supervisory authority. Where applicable, you can find contact information for your data protection supervisory authority on the European Data Protection Board’s website, https://edpb.europa.eu/about-edpb/about-edpb/members_en, or through other publicly available sources.

If you are located in California and access the Website, our use of certain cookies could be considered a “sale” or “share” under the CCPA/CPRA. If you are a California, Virginia, Colorado,Connecticut or Utah resident, you may opt out of use of cookies and other technologies for targeted advertising purposes by navigating to the “Your Privacy Choices” or “Cookie Settings” link in the footer of the Website or clicking through the option in the banner that appears when you first visit our website to opt out of targeting cookies. In addition to opting out with Calendly, there are other mechanisms generally available by advertising groups for consumers to opt out of interest-based advertising from a large number of advertising providers at once, including but not limited to, using the following links: http://optout.networkadvertising.org/ and http://www.aboutads.info/choices. Please note that these mechanisms are not managed by Calendly and Calendly is not an advertising provider.

To the extent any of the above rights are applicable, you may exercise your rights by contacting us at [email protected]. We will take steps to verify your identity before processing certain requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Data. If you have an Account with us, we will use our existing Account authentication practices to verify your identity. If you do not have an Account with us, we may request additional information about you to verify your identity. We will only use the Personal Data provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose. Calendly will retain the relevant records associated with your request to demonstrate our compliance in accordance with reasonable retention periods.

Based on your jurisdiction, you may be able to use an authorized agent to submit a rights request on your behalf. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Data, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

Certain laws may give you a right to appeal any denials of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us at [email protected].

Our Website may contain links to third-party websites and applications. Subject to your opt-out or consent preferences, we may also use third-party advertisers, ad networks, and other advertising, marketing, and promotional companies, to serve advertisements on our Website. Any access to and use of such linked websites and applications is not governed by this Privacy Notice but instead is governed by the privacy policies of those third parties. We do not endorse these parties, their content, or any products and services they offer, and we do not endorse these parties, their content, or any products and services they offer, and we are not responsible for the information practices of such third-party websites or applications.

Security and Storage of Information.

Given the nature of communications and information processing technology, there is no guarantee that Personal Data will be absolutely safe from access, alteration, or destruction by a breach of any of our physical, technical, and managerial safeguards. However, Calendly takes the security of your Personal Data very seriously. We work hard to protect the Personal Data that you provide from loss, misuse, unauthorized access, or disclosure and we have taken reasonable steps to help protect the Personal Data we collect. We have obtained industry recognized certifications and audits such as the ISO/IEC 27001, which affirm our commitment to our security program (certification not applicable to the Prelude service). More information on Calendly security and storage practices is available here.

You should also take steps to protect against unauthorized access to your device and account by, among other things, choosing a unique and complex password that nobody else knows or can easily guess and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

We retain the Personal Data we collect for so long as is reasonably necessary to fulfill the purposes for which the data was collected, to perform our contractual and legal obligations (including any exemptions or exceptions contemplated by law), and for any applicable statute of limitations periods for the purposes of bringing and defending claims.

Users Outside the USA

Our application and database servers are located here in the United States.

If you are an individual located in the European Economic Area, the United Kingdom, Canada or another jurisdiction outside of the United States with laws and regulations governing Personal Data collection, use, and disclosure that differ from United States laws, please be aware that information we collect (including through the use of methods such as Cookies and other web technologies) will be processed and stored in the United States or in other countries where we or our third-party Service Providers have operations. By submitting your Personal Data to Calendly and using Calendly, you expressly consent to have your Personal Data transferred to, processed, and stored in the United States or another jurisdiction which may not offer the same level of privacy protection as those in the country where you reside or are a citizen. (For a list of applicable jurisdictions, you may check our subprocessors list.)

In connection with the operation of its Website, Calendly may transfer your Personal Data to various locations, which may include locations both inside and outside of the European Economic Area. We rely on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses and the UK Addendum to legally transfer Personal Data submitted relating to individuals in the European Economic Area, the United Kingdom and Switzerland.

Calendly has designated representatives in the European Economic Area and in the United Kingdom in accordance with the applicable requirements in the GDPR and UK GDPR. If you are located in these jurisdictions, you can contact our representatives at any time with any questions you may have about data protection. Their contact details are found in the “Contacting Us” section below.

EU-U.S. Data Privacy Framework Notice

 Calendly, LLC and its affiliate Interview Schedule, Inc. d/b/a Prelude (collectively referred to in this section as “Calendly” or “we”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Calendly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Calendly has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the DPF principles, when we transfer Personal Data to a third party acting as our agent, we will be liable under the Principles if our agent processes such Personal Data in a manner inconsistent with the Principles unless we prove we are not responsible for the event giving rise to the damage. We may be required to disclose your Personal Data in response to a lawful request made by public authorities, including to meet national security or law enforcement requirements.

The Federal Trade Commission has jurisdiction over Calendly’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Calendly commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Calendly at the contact methods set out in the “Contacting Us” section at the end of this Privacy Notice. Our goal is to address your complaint and make it right. However, if we can’t resolve your complaint, you may contact JAMS, our U.S.-based third-party dispute resolution provider at https://www.jamsadr.com/file-a-dpf-claim (free of charge). You may also contact your local data protection authority within the European Economic Area, United Kingdom or Switzerland (as applicable) for unresolved complaints. It is also possible, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Please see the Data Privacy Framework website for more information on this option.

Additional California Resident Privacy Disclosures

Under the California Consumer Privacy Act of 2018 and any subsequent amendments including the California Privacy Rights Act of 2020 (collectively, “CCPA”), California residents are entitled to the following additional disclosures about our data processing. These disclosures apply solely to Users, Visitors, and Invitees who live in the State of California (“California Residents”). All terms used in this section have the same meaning as when used in the CCPA. California Residents may also review our Notice at Collection for our Website here.

In the preceding 12 months, we have collected the categories of Personal Data: identifiers, personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); commercial information; and internet or other similar network activity. The purposes for which we have collected Personal Data and the sources of that information are described above in the Information we Collect and the How We Use Your Information sections above.

In the preceding 12 months, we have disclosed Personal Data for a business purpose as detailed in the With Whom We May Share Your Information section above.

We may also sell or share information to the extent our use of cookies and tracking technologies for targeted advertising constitutes a “sale” under the CCPA/CPRA. Your opt-out rights are described in the Your Rights and Choices section above. In the preceding 12 months, we have sold or shared the following categories of Personal Data with our targeted advertising service providers and partners: identifiers and internet or other similar network activity.

We do not knowingly sell the Personal Data of minors under age 18.

For an explanation of the rights you may have as a California resident, please see the Your Rights and Choices section above. We will attempt to respond to California Resident requests in as timely a fashion as possible. In the event of delays over 45 days, we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. Any disclosures we provide will only cover the 12-month period preceding the verifiable receipt of a California Resident’s request unless you request otherwise and that time period meets the regulatory requirements. The response we provide will explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before fulfilling your request.

This Privacy Notice describes how we may share your information, including for marketing purposes. California residents are entitled to request and obtain from us once per calendar year information about any of your Personal Data shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us at [email protected].

Changes to this Privacy Notice

This Privacy Notice is current as of the Effective Date set forth above. This Privacy Notice may change if there is a material change to the way information is handled at Calendly, or to clarify our Notice or adjust clerical errors. If any changes are made, we’ll post them on this page, so please be sure to check back periodically. If you continue to use Calendly after those changes are in effect, you agree to the revised Privacy Notice.

This Privacy Notice was updated on:

January 2023 – to improve flow, include required information to comply with newer requirements (e.g., CPRA), add clarification on scope, correct mailing and email addresses and expand on GDPR-specific information (e.g., clarity on the legal bases Calendly uses to process information).

March 2023 – to include EU and UK representative contact information.

May 2023 - to clarify terms, integrate processing details around the Prelude service in the notice, add reference to the ISO/IEC 27001 certification, and update Calendly’s entity information.

June 2023 - to add information about opting out of MNTN, add links to advertising organizations that allow consumers to opt out of targeted advertising, and adding reference to Colorado and Connecticut privacy laws

November 2023 - updates to comply with Calendly’s certification to the EU-U.S., UK, and Swiss Data Privacy Framework

March 2024 - to clarify how Users, Invitees and Visitors can opt out of cookies, to clarify access request details on retention and timelines from California, to add reference to Utah privacy law, to align definitions with updated Terms, and to add information about Personal Data collected in virtual meetings.

Contacting Us

If you have any questions or comments about this Privacy Notice or anything related to privacy, please contact us via email at [email protected].

You may also write to us at:

Attn: Privacy DepartmentCalendly, Inc.115 E Main St., Ste A1BBuford, GA 30518USA

For EEA Residents - please contact our EU Representative at [email protected]. Alternatively, they can be reached by post (DPO Centre Europe, BERLIN: Friedrichstrabe 88, Excellent Business Centre, Berlin, 10117, Germany or (+49 304 0817 3000). https://www.dpocentre.com/contact-us/

For UK Residents: Please contact our UK Representative at [email protected]. Alternatively, they can be reached by post (The DPO Centre Ltd, 50 Liverpool Street, London, EC2M 7PY) or (+44 (0) 203 797 6340). https://www.dpocentre.com/contact-us/