Privacy Notice

Cato Digital Privacy Notice

Last Updated: June 23, 2023

This Privacy Notice describes how we collect and use your personal information in relation to Cato Digital websites, applications, products, services, events, and experiences that reference this Privacy Notice (together, “Cato Services”).

Unless otherwise defined herein, terms used but not defined within this notice are defined in the Cato Digital Contract Definitions.

We offer Cato Services to our customers either directly or via our authorized partners. Where we refer to our customers in this notice, we also mean our partners and their customers.

1. Service Data We Collect

We collect your personal information in the course of providing Cato Services to you (together, “Service Data”).

This Privacy Notice does not apply to the content processed, stored, or hosted by our customers using Cato Services. See the agreement governing your access to your Cato Digital account for more information about how we handle content and how our customers can control their content through Cato Services. This Privacy Notice also does not apply to any products, services, websites, or content that are offered by third parties or have their own privacy notice.

There are three types of Service Data which we gather:

• Information You Give Us: We collect any information you provide in relation to Cato Services (See Examples below).
• Automatic Information: We automatically collect certain types of information when you interact with Cato Services (See Examples below).
• Information from Other Sources: We might collect information about you from other sources, including service providers, partners, and publicly available sources (See Examples below).

2. Why We Use Service Data

We use your personal information to operate, provide, and improve Cato Services. Our purposes for using personal information include:

• Provide Cato Services you request: We use your personal information to provide and deliver Cato Services and process transactions related to Cato Services, including registrations, subscriptions, purchases, and payments.
• Measure, Support, and Improve Cato Services: We use your personal information to measure use of, analyze performance of, fix errors in, provide support for, improve, and develop Cato Services.
• Comply with Legal Obligations: In certain cases, we have a legal obligation to collect, use, or retain your personal information..
• Assist and Communicate with You: We use your personal information to communicate with you in relation to Cato Services via different channels (e.g., by phone, email, chat) and to respond to your requests.
• Protect you, our users, customers, the public, and Cato Digital: We use Service Data to detect, prevent and respond to abuse, security risks, fraud, and technical issues that could harm you, other users, our customers, the public, or Cato Digital. This helps make our services safer, more reliable, and more secure.
• Make recommendations to optimize use of Cato Services. We use Service Data to provide you and our customers with recommendations (for example, suggesting ways to better secure your account or data, reduce service charges or improve performance, or optimize your configurations), and providing information about new or related products and features. We also evaluate your responses to our recommendations.
• Fraud and Abuse Prevention and Credit Risks: We use your personal information to prevent and detect fraud and abuse in order to protect the security of our customers, Cato Digital, and others. We may also use scoring methods to assess and manage credit risks.
• Purposes for Which We Seek Your Consent: We may also ask for your consent to use your personal information for a specific purpose that we communicate to you.

To achieve these processing purposes, we use algorithms to recognize patterns in Service Data, manual review of Service Data (such as when you interact directly with our billing or support teams), aggregation or anonymization of Service Data to eliminate personal information, and combination of Service Data with information from other sources. We also use Service Data for internal reporting and analysis of applicable product and business operations.

3. Where Service Data is Stored

Cato Digital, Inc. is located in the United States. Depending on the scope of your interactions with Cato Services, your personal information may be stored in or accessed from multiple countries, including the United States. Whenever we transfer personal information to other jurisdictions, we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable data protection laws.

Cookies

To enable our systems to recognize your browser or device and to provide, market, and improve Cato Services, we and approved third parties use cookies and other identifiers. For more information about cookies and how we use them, please read our Cookie Notice.

4. How We Secure Service Data

At Cato Digital, security is our highest priority. We build Cato Services with strong security features to protect your data:

• We maintain a wide variety of compliance programs that validate our security controls.
• We protect the security of your information during transmission to or from Cato Digital websites, applications, products, or services by using encryption protocols and software.
• We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information. Our security procedures mean that we may request proof of identity before we disclose personal information to you.

5. How We Share Service Data

We do not share Service Data with companies, organizations, or individuals outside of Cato Digital, except in the following cases:

• With your consent: We’ll share Service Data outside of Cato Digital where we have obtained your consent.
• With authorized Cato Digital Service resellers: When you use Cato Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data.
• For external processing: We do not sell your Service Data to any third parties. We share Service Data with trusted third party providers to process it for us as we instruct them and in compliance with this Privacy Notice and appropriate confidentiality and security measures. In particular, we share Service Data with our third party providers when you request technical support services (we share the information you provide in the support ticket) and professional services (we share your contact details to enable communication and collaboration). See Third Party Sites and Services below for more information.
• For legal reasons: We share Service Data outside of Cato Digital when we have a good-faith belief that access to, or disclosure that Service Data is reasonably necessary to: Comply with applicable law, regulation, legal process, or enforceable governmental request. Enforce applicable agreements, including investigation of potential violations. Detect, prevent, or otherwise address fraud, security, or technical issues. Protect against harm to the rights, property or safety of Cato Digital, our customers, users, and the public as required or permitted by law.

If Cato Digital is involved in a reorganization, merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of Service Data and give affected users notice before Service Data becomes subject to a different privacy policy.

Third Party Sites and Services

Cato Services may embed content provided by others or include links to other websites and applications. These companies may collect information about you when you interact with their content or services. We are not responsible for the practices of these companies. Please consult their privacy policies to learn about their data practices .

6. Access to Service Data

You can view, update, and delete certain information about your account and your interactions with Cato Services. See Examples below for a list of examples of information that you can access. If you cannot access or update your information yourself, you can always contact us for assistance.

You have choices about the collection and use of your personal information. Many Cato Services include settings that provide you with options as to how your information is being used. You can choose not to provide certain information, but then you might not be able to take advantage of certain Cato Services.

• Account Information: If you want to add, update, or delete information related to your account, please go to the Cato Digital Management Console. When you update or delete any information, we usually keep a copy of the prior version for our records.
• Communications: You control which messages you receive in your communication preferences in the Cato Digital Management Console.

7. Retention of Service Data

We keep your Service Data to enable your continued use of Cato Services, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice, as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you. How long we retain specific personal information varies depending on the purpose for its use, and we will delete your personal information in accordance with applicable law.

Children’s Personal Information

We don’t provide Cato Services for purchase by children. If you’re under 18, you may use Cato Services only with the involvement of a parent or guardian.

8. Contacts, Notices, and Revisions

If you have any concerns about privacy at Cato Digital, please contact us with a thorough description, and we will try to resolve the issue for you.

For any prospective or current customers of Cato Digital, Inc., our mailing address is: {address for Registered Mail} ATTN: Cato Digital Legal

If you interact with Cato Services on behalf of or through your organization, then your personal information may also be subject to your organization’s privacy practices, and you should direct privacy inquiries to your organization.

Our business changes constantly, and our Privacy Notice may also change. You should check our website frequently to see recent changes. You can see the date on which the latest version of this Privacy Notice was posted. Unless stated otherwise, our current Privacy Notice applies to all personal information we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of personal information collected in the past without informing affected customers and giving them a choice.

Appendix — Examples of Information Collected

Information You Give Us

You provide information to us when you:

• search for, subscribe to, or purchase Cato Services;
• create or administer your Cato Digital account (and you might have more than one account if you have used more than one email address when using Cato Services);
• configure your settings for, provide data access permissions for, or otherwise interact with Cato Services;
• register for or attend an Cato Digital event;
• purchase or use Cato Services from third-party providers
• communicate with us by phone, email, or otherwise;
• complete a questionnaire, a support ticket, or other information request forms;
• post on Cato Digital websites or participate in community features; and
• employ notification services.

Depending on your use of Cato Services, you might supply us with such information as:

• your name, email address, physical address, phone number, and other similar contact information;
• payment information, including credit card and bank account information;
• information about your location;
• information about your organization and your contacts, such as colleagues or people within your organization;
• usernames, aliases, roles, and other authentication and security credential information;
• content of feedback, testimonials, inquiries, support tickets, and any phone conversations, chat sessions and emails with or to us;
• your image (still, video, and in some cases 3-D), voice, and other identifiers that are personal to you when you attend an Cato Digital event or use certain Cato Services;
• information regarding identity, including government-issued identification information;
• corporate and financial information; and
• VAT numbers and other tax identifiers.

Automatic Information

• We collect information automatically when you:
• visit, interact with, or use Cato Services (including when you use your computer or other device to interact with Cato Services);
• download content from us;
• open emails or click on links in emails from us; and
• interact or communicate with us (such as when you attend a Cato Digital event or when you request customer support).

Examples of the information we automatically collect include:

• network and connection information, such as the Internet protocol (IP) address used to connect your computer or other device to the Internet and information about your Internet service provider;
• computer and device information, such as device, application, or browser type and version, browser plug-in type and version, operating system, or time zone setting;
• the location of your device or computer;
• authentication and security credential information;
• content interaction information, such as content downloads, streams, and playback details, including duration and number of simultaneous streams and downloads;
• Cato Services metrics, such as offering usage, occurrences of technical errors, diagnostic reports, your settings preferences, backup information, API calls, and other logs;
• the full Uniform Resource Locators (URL) clickstream to, through, and from our website (including date and time) and Cato Services, content you viewed or searched for, page response times, download errors, and page interaction information (such as scrolling, clicks, and mouse-overs);
• email addresses and phone numbers used to contact us; and
• identifiers and information contained in cookies (see our Cookie Notice).

Information from Other Sources

Examples of information we receive from other sources include:

• marketing, sales generation, and recruitment information, including your name, email address, physical address, phone number, and other similar contact information;
• subscription, purchase, support, or other information about your interactions with products and services offered by us, our affiliates (such as Cato Digital training courses), or third parties (such as Cato Services offered through a Cato Digital Partner) in relation to Cato Services;
• search results and links, including paid listings (such as Sponsored Links); and
• credit history information from credit bureaus.

Information You Can Access

Examples of information you can access through Cato Services include:

• your name, email address, physical address, phone number, and other similar contact information;
• usernames, aliases, roles, and other authentication and security credential information;
• your subscription, purchase, usage, billing, and payment history;
• payment settings, such as payment instrument information and billing preferences;
• tax information;
• email communication and notification settings;