Privacy Policy

Last Updated: March 2025

Introduction

This Privacy Policy describes at a high level how CoreView USA, Inc., CoreView S.r.l., Simeon Cloud, LLC (“CoreView”, “we”, “our” or “us”), and our affiliated entities (such as managed service providers) collect, store, use, and disclose the following categories of your personal data (“Personal Data”):

  • Client Data: personal data that we collect, process, and manage on behalf of our business customers (“Clients”), submitted to the CoreView applications and related products, integrations, add-ons, and extensions services managed and operated by CoreView (collectively, the “Platforms”).
  • User Data: personal data concerning our Clients’ authorized individuals who directly engage with the Platforms concerning their CoreView account (each, a “User”);
  • Prospect Data: data from visitors to our websites, participants at our events, and any other prospective Client, user, or partner (collectively,“Prospects”) who visits or otherwise interacts with our websites, digital ads and content, emails, integrations, or communications under our control(“Sites”, and collectively with the Platform – the “Services”).

Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in our Terms of Service (“Terms”). For a more in-depth discussion of how CoreView collects, stores, and processes data, including Personal Data, please refer to CoreView’s Data Processing Addendum located at https://www.coreview.com/legal.

Data We Collect and Process

CoreView’s Services are designed for businesses and are not intended for personal or household use.  Accordingly, we treat all personal data covered by this Privacy Policy, including information about any visitors to our Sites, as individuals representing and acting on behalf of their employer.  You are not legally required to provide us with any personal data.  If you do not wish to provide us with your personal data, or to have it processed by us or by any of our subprocessors, please do not provide such data, avoid any interaction with us and do not leave any information on our website, and refrain from using our Services.  

We process Personal Data that you may provide voluntarily or that we collect in performing the Services for your organization that we acquire from your organization or from third parties.

The Personal Data that we process includes:

  • Your first and last name and email address.  Your email address is usually, but notalways, your employee email address.
  • Metadata regarding your usage of your organization’s Microsoft 365 software.  For example we collect information on the actions you perform on Microsoft 365software, including time and frequency of such actions.
  • Personal Data we collect from other sources: We may obtain information about you from third-party sources, such as public databases, social media platforms, third-party data providers and our joint marketing partners. We take steps to ensure that such third parties are legally or contractually permitted to disclose such information to us. Examples of the information we receive from other sources include demographic information, device information, location (such as city and state), and online behavioral data.
  • Data regarding your use of our website and services ("Usage Data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of visits;
  • Information required to send you communications you have consented to receive (“Correspondence Data”);
  • Information that you post for publication on the Site or through our Services (“Publication Data”);
  • Information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("Notification Data"). When you subscribe or use certain features of the Services, you may be opting to receive messages and/or phone calls from us, other users of the Service and/or third-party Providers. You cannot opt-out of Administrative Emails. “Administrative Emails" relate to your activity on the Company Service and include but are not limited to emails regarding your account, if any, requests or inquiries, and purchases of products and services, if applicable. If you do not want to receive promotional emails from us, you may elect to opt-out of receiving promotional emails at any time after registering, bye-mailing us at the email listed at the end of this Privacy Policy or by clicking on the “unsubscribe” button at the bottom of any of our e-mails.
  • Information contained in any inquiry you submit to us regarding the Services, e.g. a help desk request ("Inquiry Data”);
  • Information that you provide to us to communicate with you regarding transactions between you and us, such as fulfilling and modifying orders (“transaction data”).  

We do not collect, access, or scan any of your organization’s content, for example:

  • Email messages
  • Calendar entries
  • Contact lists or Address books
  • SharePoint documents or content

We do not intentionally process any sensitive personal information or specially-protected categories of Personal Data as defined by the California Consumer Privacy Act/California Consumer Privacy Act (CCPA/CPRA) and the European Union’s General Data Protection Regulation (GDPR), such as data relating to racial or ethnic origin, political, religious, or philosophical beliefs, trade union membership, sexual orientation, biometric or genetic data, health, and medical treatment, etc.

Data we collect (Configuration Manager):

1. Sync Operations (e.g. Export, Preview, Deploy)
2. Status of sync operation (success/failure)
3. Number of licenses in tenant Azure DevOps/GitHub organization name
4. Name of sync operation

Optional Data collection (Configuration Manager) 

1. Failed sync details including error message

Data Not Collected (Configuration Manager)

1. Customer environment details including, but not limited to, Microsoft tenant ID, users/groups, permissions, & system configurations

Data protection laws such as the European Union’s General Data Protection Regulation (EU GDPR), the UK General Data Protection Regulation (UK GDPR) and the California Consumer Protection Act (CCPA), define two separate roles for parties processing Personal Data.  A “data controller” (or “business” under the CCPA) determines the scope, purposes, and means for processing your Personal Data.  Your employer typically will be a data controller.  A “data processor” (or “service provider” under the CCPA) processes your personal data on behalf of the data controller (or business).  CoreView is usually the data processor (or service provider) with respect to your Personal Data that falls under the definition of “Client Data” or “User Data” as defined at the beginning of this Policy.  On the other hand, CoreView is a data controller of Personal Data falling within the definition of “Prospect Data” as defined above.  Generally, if your employer allows CoreView to access your Personal Data, this would qualify as either Client Data or User Data.  If you provide CoreView your Personal Data directly, e.g. on CoreView’s website or as part of a request for contact with a CoreView representative, your Personal Data would qualify as Prospect Data.  

When acting as a data processor, CoreView processes Personal Data strictly in accordance with reasonable instructions from its customer as stipulated in our Data Processing and Information Security Addendum and our legal agreements with the customer. CoreView’s customers are responsible for handling data subject right requests under applicable law.

Release of Non-Personally Identifiable Information.

We may disclose or share Non-Personally Identifiable Information with Third Party Providers and the public. For example, we may share aggregated demographic information (which does not include any Personally Identifiable Information) or use Third Party Providers to track and analyze Non-Personally Identifiable usage and volume statistical information from our users to administer the Service. We may also publish this aggregated information for promotional purposes. Such data is collected on our behalf and is owned and used by us.

Legal Basis For Processing

We process Personal Information about you as a data processor either at your direction or the direction of your organization, and only where such processing has a legal basis that is not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests typically include providing, improving, maintaining, and enhancing our technology, products, and services, as well as ensuring the security of the Services and your Personal Data.

Additional Data-Processing Purposes

If we need to use your Personal Data for reasons other than those above we will notify you prior to processing whether the provision of Personal Information we are collecting is compulsory or if it may be provided on a voluntary basis and the consequences, if any, of not providing the information.

Where Your Personal Data is Stored

CoreView uses Microsoft Azure data centers to store your organization’s data, including Personal Data. When your organization initially sets up its account with CoreView, it has a choice of five (5) data center locations.  Two are located in the United States, one in Canada, one in Australia, and one in Europe (Dublin, Ireland).  Data from organizations based in Europe is stored in the Dublin, Ireland data center.

Recipients of Your Personal Data

Your Personal Data may be processed by a third party on our behalf, in a predominantly automated and computerized manner, in order to guarantee security and confidentiality and to prevent unauthorized access to the data themselves. CoreView does not perform any automated decision-making, including profiling.

We may need to communicate your Personal Data to third parties belonging to the following categories:

  • People involved in technical and organizational activity on our behalf (including payroll activity);
  • Subsidiaries, parent companies and affiliates of CoreView USA, Inc., CoreView S.r.l., or Simeon Cloud, LLC;
  • Business/marketing partner;
  • Authorities and in general, subjects, public or private, with functions of public importance;
  • External companies and / or professionals that assistance us;
  • Third-party companies for processing aimed for promotional initiatives, if you have expressed your consent.

Your Personal Data could be processed also by our personnel, acting as authorized or System administrator, according to their role in our company. We will not sell, distribute, disclose, or lease your Personal Information to third parties unless we have your permission or are required by law to do so. CoreView may disclose Personal Data when required to do so by law, such as in response to a valid legal request from a government authority, law enforcement agency, or court order. Such disclosures will be made only to the extent necessary to comply with applicable legal obligations.

CoreView will evaluate the legitimacy of such requests and, where permitted, notify affected individuals before providing any data. Additionally, we will take reasonable steps to ensure that any disclosure is consistent with applicable data protection laws and respects the privacy rights of our users. Your Personal Data will not be disseminated for any other reasons outside of those detailed in this policy.

International Data Transfers

CoreView’s subprocessors may be in countries other than where the Personal Data is stored. Also, CoreView USA, Inc. is based in the United States and CoreView, S.r.l. is based in Milan, Italy. As a result, Personal Data may be accessed by CoreView personnel or subprocessors that are located outside of the country where the Personal Data is stored. Such access to Personal Data is a “transfer”, so this access is governed by contractual or legal mechanisms designed to ensure that your rights (see “Your Rights” below) are preserved. For example, if your Personal Data is protected by the European Union’s General Data Protection Regulation (GDPR), then access by CoreView and its subprocessors to your Personal Data across international borders is governed by mechanisms such as Standard Contractual Clauses with subprocessors.

For data transfers from the European Union, Switzerland, or the UK to countries which are not deemed to offer an adequate level of data protection, CoreView and its data importers and exporters have entered into Standard Contractual Clauses as approved by the European Commission, Swiss Federal Data Protection and Information Commissioner (FDPIC), and the UK Information Commissioner’s Office (UK ICO).  You can obtain a copy of these clauses by contacting us directly at privacy@coreview.com.  

Data Retention

Your Personal Data will be stored for a time not exceeding that necessary to achieve the purposes for which it was collected (e.g. so that CoreView can provide its Services to your organization). We will permanently delete Personal Data associated with the Service no later than ninety (90) days after your organization’s account is terminated or expires.

Furthermore, even if your organization’s account remains active, but we have no ongoing legitimate need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion or anonymization is possible.

Our Security

We take appropriate and reasonable technical and organizational measures to protect your Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction, considering the risks involved in the processing and the nature of the Personal Data. More details on CoreView’s security program may be found on our Security Page.

Disclaimer

Our Services are intended for use by our Clients. As a result, for much of the Personal Information we collect and process about Users through the Services, we act as a processor on behalf of our Clients. We are not responsible for the privacy or security practices of our Clients, which may differ from those set forth in this privacy policy.

What We Do With Personal Data We Gather

We use your personal data for a variety of purposes including:

  • To provide the Services including billing and support;
  • Compliance with legal obligations;
  • To improve our Services (e.g. detection of the degree of customer satisfaction on the quality of services rendered, the preparation of studies and market research);
  • Inform you with marketing communications about our products and / or services that we think you may be interested in through letters, telephone, advertising material, automated communication systems and in particular, newsletters (subject to your specific, express consent).

    a. CoreView may use marketing techniques to deliver relevant content and promotions based on user preferences and interactions. This may involve grouping users into segments based on non-personally identifiable information, such as usage patterns and general demographics. We do not share personal data with third parties for their own marketing purposes without explicit consent. Users can opt out of marketing communications at any time by unsubscribing or by contacting us.

The provision of personal data by you necessary for the purposes referred to in (1) above is not mandatory, but the refusal to supply them may make it impossible for us to provide the Services. Their processing does not require your consent.  The provision of personal data necessary for the purposes referred to in (2) above is mandatory and the relative processing does not require your consent. The provision of personal data necessary for the purposes referred to in (3) is not mandatory and the relative processing requires your consent. The provision of data necessary for the purposes referred to in (4) above is not mandatory and their processing requires your consent, freely expressible and modifiable at any time as better described below (“Your rights”).

Your Rights

You have the following rights regarding your Personal Data that we process:

  • To be informed of and request access to the Personal Data that we process (right of access);
  • To request that we amend or update your Personal Data if it is inaccurate or incomplete (right of rectification);
  • To request that we delete your Personal Data (right to erasure);
  • To request that we temporarily or permanently stop processing all or some of your Personal Data (right to restrict processing);
  • To request a copy of your Personal Data in electronic format and the right to transmit that Personal Data for use in another party’s service (right to data portability);
  • To object to us processing your Personal Data on grounds relating to your particular situation at any time (right to object);

If you live in a jurisdiction subject to the GDPR, you have the right to file a complaint with the relevant supervisory authority in the EU or the UK, as applicable.  You may also designate an authorized agent, via a power of attorney, who may exercise your privacy rights on your behalf.  The authorized agent may submit a request to exercise these rights by forwarding the power of attorney to privacy@coreview.com.  

When exercising your rights under this policy or applicable law, we may require you to provide us with certain credentials containing your personal information to ensure that you are who you claim to be to avoid disclosure of your personal data to unauthorized persons or personal data related to others.  We may also request further information from you to clarify the nature and scope of data that you are requesting.  If such request relates to Personal Data that CoreView processes on behalf of one of its customers, as a “data processor” (as explained more fully below), then such customer exclusively determines how your Personal Data is processed, as well as how to handle your request, so you are encouraged to contact the customer directly regarding your request.  CoreView cannot fulfill your request unless you have provided sufficient information enabling it to reasonably verify whether CoreView or its customer initially collected your Personal Data.  Coreview may also retain this information and certain Personal Data for legal purposes, e.g., to document our compliance with your request, and as proof that our disclosure was to the correct individual.  

In fulfilling all requests for disclosure of Personal Data, we may redact any Personal Data belonging to others, as well as any information that CoreView or a third party (e.g., CoreView’s customer) considers confidential.  CoreView will resolve complaints about our collection or use of your Personal Information in accordance with the EU-U.S. DPF, and the UK Extension of the EU-U.S. DPP and the Swiss-U.S. DPF Principles.  Individuals residing in the EEA, UK or Switzerland with inquiries or complaints regarding CoreView’s Privacy compliance should submit inquiries to privacy@coreview.com.  If you do not receive timely acknowledgement and action of your request or complaint regarding our processing of your Personal Data under the Data Privacy Framework, or if we have not addressed such request or complain to your satisfaction, CoreView shall cooperate with the European Union Data Protection Authorities, the UK Information Commissioner’s Office (UK ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) to independently address complaints that we have been unable to resolve.  CoreView is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Privacy Notice for California Residents.

The California Consumer Privacy Act (CCPA) as amended, gives California certain rights regarding their data.  Many of these rights address the sale of Personal Data, which CoreView does not do.  If you have specific questions regarding your rights under the CCPA, please contact us at privacy@coreview.com.

Additional terms that apply to some residents of the European Economic Area (EEA).

In addition to the rights already recorded above, if you are based in the EEA, you may have the following additional rights in relation to the personal information we hold about you, in accordance with The General Data Protection Regulation 2016/67 (GDPR). More information regarding your rights, and CoreView’s compliance with GDPR can be found in CoreView’s Data Processing Addendum.

Cookies Policy

Introduction

This Cookies Policy explains how we use cookie to collect your Personal Data when you visit our website www.coreview.com and how you can exercise your privacy rights.

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this Privacy Policy.

We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. If you do not agree with the content of this Policy, then please remember it is your choice whether to use our website.

If you have any questions or concerns about our use of your Personal Information, then please visit our Privacy Policy and contact us using privacy@coreview.com.

What Are Cookies?

We may use cookies and other tracking technologies described in this Cookie policy to collect Personal Information, or to collect information that becomes Personal Information if we combine it with other information we have collected. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets us know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Why Do We Use Cookies And Other Tracking Technologies?

Technical cookies

We use third party analytics service to identify which pages are being used. This helps us to analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can find third party documentation here below:

  • Google Analytics: Is a web analytics service provided by Google, Inc. (“Google”). The information generated by the cookie on the website’s use (including IP address) is collected by Google and filed with Google servers in the United States. Google will use this information to track and review website usage, compile website activity reports, and provide other website activity services: https://policies.google.com/privacy and https://tools.google.com/dlpage/gaoptout

Profiling cookies

With your consent, which is free and optional, we may use third-party profiling cookies, that are cookies designed to create user profiles for remarketing purposes, to promote advertising based on preferences expressed by you in navigation within the website. These data are collected and processed using the following services:

  • AdWords Remarketing (Google Inc.): AdWords Remarketing is a marketing service provided by Google Inc. It connects the activity of www.example.com with the Adwords advertising network and the Doubleclick Cookie. You can opt out of the cookie tracking here: https://support.google.com/ads/answer/2662922?hl=en
  • Personal Data collected: Cookie and Usage Data. Place of processing: Itay – Find the Privacy Policy

How To Manage Cookies

You can choose to accept or decline cookies.

Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.

You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. Please check with support for your specific browser for instructions.

In the case of cookies provided by third parties, you can also exercise his right to oppose the tracking inquiring through the privacy policy of the third party, via the opt out link if explicitly provided or by contacting it directly. Notwithstanding the foregoing, the Data Controller informs that you can use Your Online Choices. Through this service it is possible to manage the tracking preferences of most advertising tools.

You can delete or block these cookies, but this may prevent you from taking full advantage of the website.

Links To Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Questions, concerns or complaints: If you have any comments or questions regarding our privacy policy or practices, or if you have any concerns regarding your personal data held with us, or if you wish to make a complaint about how your personal data is being processed by CoreView, please contact us at privacy@coreview.com.

CoreView Sub-Processors