CPA.com Privacy Policy

Effective on: July 12, 2024

General Information

This Privacy Policy describes the ways in which your personal data is collected and used by CPA.com (referred to herein as “we”, “us”, “our”). It also explains our practices for protecting and disclosing the information that we collect, as well as the choices available to you regarding your personal data.

It is your responsibility to review this Privacy Policy prior to providing your personal data to us. If you are not comfortable with the way in which we use your personal data, please refrain from providing your personal data to us, accessing our websites, and/or utilizing our products and services.

With our websites, products and services constantly evolving, our Privacy Policy may change from time to time. Whenever there are changes, the modified policy will be posted on our websites and will be effective at that time. Each time the policy changes, the “Effective on” date displayed at the top of the page also will change. Consequently, each time you access or use our websites or otherwise engage with us, the most current version of the Privacy Policy will apply. It is your responsibility to be aware of any such changes. Where required by applicable law, we will notify you of any significant updates that materially impact or change the manner in which we process your personal data.

If you are a California consumer, please see the section of this Privacy Policy called “California Consumer Privacy Statement” for more information about your privacy rights.

CPA.com will be the controller of your personal data collected for purposes described in this Privacy Policy. For the purposes of our domain registration services, EnCirca may act also as a separate controller of your personal data. Please see EnCirca’s privacy policy at www.encirca.com/legal/privacy/ for more information on EnCirca’s privacy practices.

Third Party Links

Our websites contain links to other websites which are managed by third parties (including their use of cookies). If you click on any links to use any third party sites, the personal data collected by the third party’s site will be controlled by that third party. It is your responsibility to

understand those third parties’ privacy policies and we recommend that you take the time to review the privacy policies of any third parties to which you provide personal data. Once you leave our websites using links, we have no control over information that is submitted to or collected by any third parties and are not responsible for the content of other websites or the privacy practices of third parties.

Collection of Personal Data

Personal Data you provide to us

In order to provide our products, services and websites and for the other purposes set out in the “Use of Information” section below, we collect and process personal data from our customers and other users of our websites, products and services. We may collect information from you when you interact with our websites. The personal data you provide directly to us through our websites will be apparent from the context in which you provide it, in particular when fill in forms on our websites or sign up for a webinar. The information we collect may include:

• your name;
• your contact information, including address, telephone number, and email address;
• user IDs and passwords;
• billing and transaction information, including credit card or other financial information;
• contact preferences;
• information about the company or firm that you represent, including name, size, address, and jurisdiction;
• professional details and credentials;
• board membership; and
• licensing information, including license, licensing jurisdiction and license

Personal data we collect automatically

We may also collect personal data automatically from the devices that you use to interact with our websites or services, as well as from your interaction with emails that we send to you. The personal data we automatically collect may include your IP address, browser type and version, device type, the webpage you visited before coming to our website, pages you visited before coming to our website, when and for how long you visited our website, time zone setting and location, browser plug-in types and versions, operating system and platform, language preferences, referring/exit pages, clickstream data, and similar information, which we collect through cookies, beacons, server logs and other technologies. The information we automatically collect will be associated with any personal data that you have provided to us. For further information on how we use cookies, please see the “Cookies and Similar Technologies” section below.

Personal data we collect from third parties

From time to time and as permitted by applicable law(s), we may collect personal data about you and update or supplement any existing personal data that we currently hold from other third- party sources, including publicly available data sources, such as social networking sites (e.g., LinkedIn), your employer or university/school, data brokers and aggregators, such as Acxiom, analytics providers, advertising networks, and technical and delivery service providers.

If you [are located in the EEA or the UK and you] apply for a .cpa Domain Name with our domain registration provider EnCirca at https://www.encirca.com/cpa and you agree as part of the application process, EnCirca may provide any of the personal data described above to us in connection with your application.

See “Use of Information” section below for details regarding the ways that we use and process your personal data.

Use of Information

Your Personal Data may be used in the following ways:

• To carry out our obligations under our contract with you or to take steps at your request prior to entering into a contract with you, including:
  • To provide our products and services to you;
  • To register you as a new customer;
  • To process payments from you;
  • To process payments to you (including, but not limited to, refunds or reimbursements);
  • To verify eligibility and approve the awarding of a .cpa domain; and
  • To fulfill requests and obligations related to our
• To pursue and secure our legitimate business interests, including:
  • To enhance and improve our products and services, for example, by performing internal research, analyzing user trends and measuring demographics and interests;
  • To use data analytics to improve our websites, products/services, marketing, customer relationships and experiences;
  • To better understand your interests so we can try to predict what other products, services and information you might be most interested in;
  • Internal purposes, such as website and system administration or internal audits and reviews;
  • To provide access to restricted parts of our websites;
  • To communicate with you regarding products and services that may be of interest to you, and to invite you to conferences and other events organized by us;
  • To respond to your requests and inquiries;
  • To serve relevant website content and advertisements to you when you visit our websites or other third-party websites (including social media platforms);
  • To request your participation in surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our products and services;
  • To update our operational and technical functionality;
  • To help detect and prevent fraud;
  • To bring and defend claims, or protect us from other liabilities;
  • To comply with or enforce applicable legal requirements, industry standards, our policies and terms of service; and
  • To administer and protect the security and integrity of our websites, products, services and business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
• To comply with any legal obligations we may be subject to, including:
  • To comply with applicable law(s);
  • To comply with a search warrant, subpoena or court order; and
  • To carry out professional ethics/conduct

From time to time we may provide statistics about the usage levels of our websites and other related information to reputable third parties, but these statistics will not include information which will allow you to be identified;

If You Fail to Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to register a .cpa domain name). We indicate personal data that is required at the time we collect it from you.

Sharing and Disclosure to Third Parties

We may disclose your personal data to third parties from time to time under the following circumstances:

1. You request or authorize the disclosure of your personal data to a third
2. The information is disclosed as permitted by applicable law(s) and/or in order to comply with applicable law(s) (for example, to comply with a search warrant, subpoena, law enforcement agency request, or court order).
3. The information is disclosed to your employer or education provider in the event they have an interest in your data (e.g., they have purchased a product or service on your behalf).
4. The information is provided to our agents, vendors or service providers who perform functions on our behalf. See below for additional details.

It is likely that the identity and categories of such third parties will change during the life of your account but, depending on your use of our websites, it is anticipated that your personal data will be disclosed to the following categories of third-party service providers who perform functions on our behalf. We require that our third-party service providers only use your personal data as necessary to provide the requested services to us and each service provider has, to the extent required by applicable law, entered into a legally binding agreement with us .

• Hosting providers for the secure storage and transmission of your data
• Identity management providers for authentication purposes
• Database software providers for the management and tracking of your data
• Legal and compliance consultants, such as external counsel, external auditors, or tax consultants
• Advertising partners, including social media providers, for the delivery of targeted advertisements
• Marketing providers who send communications on our behalf regarding our products and services
• Payment solution providers for the secure processing of payments you provide to us
• Technology providers who assist in the development and management of our web properties
• Fulfillment and postal vendors for the fulfillment of our products and services
• Survey and research providers who perform studies on our behalf
• Domain registration providers, such as EnCirca
• Third-party analytics services on our website, such as Google Analytics, which may collect information directly from you through our To learn more about Google Analytics, please visit https://www.google.com/policies/privacy/partners/.

In addition, we may disclose personal data about you (i) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (ii) in connection with an investigation of suspected or actual fraudulent or other illegal activity, and (iii) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation).

CPA.com will not sell your information for monetary compensation. Once you have successfully registered for an account, you have the right to receive equal service and pricing from CPA.com, even if you exercise your privacy rights as stated in this policy.

Cookies and Similar Technologies

When you visit or interact with our websites, we may obtain certain information by automated means, such as cookies, web server logs, web beacons, and other technologies. A “cookie” is a small text file placed on your computer (or other device) to identify your computer and web browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and cookies and may be used to transmit information collected through cookies back to a web server.

We use these automated technologies on our websites to collect information about your devices, browsing actions, and usage patterns. The information we obtain in this manner may include the type of web browser you use, your device identification information, your IP address, the pages you view, and the time and duration of your visits to the websites (see the “Collection of Personal Data” section above for more information). We use this information to help us understand how people use the websites, and to enhance the websites, products and services we offer. These technologies help us (1) remember your information so you do not have to re-enter it; (2) track and understand how you use and interact with our websites; (3) tailor the websites around your preferences; (4) measure the usability of the websites and the effectiveness of our communications; and (5) otherwise manage and enhance our websites, and help ensure they are working properly.

Interest-Based Advertising and Collection of Information Through Cookie Use

Through our websites, we obtain information about your online activities to provide you with advertising about services tailored to your interests. This section of our Privacy Policy provides details and explains how you can exercise your choices.

You may see our ads on other websites because we use third-party ad services. Through such ad services, we can tailor our messaging to users considering demographic data, users’ inferred interests and browsing context. These services track your online activities over time and across multiple websites by collecting information through automated means, including through the use of cookies, web server logs, web beacons and other similar technologies. The ad services use this information to show you ads that may be tailored to your individual interests. The information ad services may collect includes data about your visits to websites that serve CPA.com advertisements, such as the pages or ads you view and the actions you take on the websites. This data collection takes place both on our website and the websites of our affiliates and subsidiaries, and on third-party websites that participate in these ad services. This process also helps us track the effectiveness of our marketing efforts.

To learn how to opt out of interest-based advertising, please visit www.aboutads.info/choices, and www.networkadvertising.org/choices/. If you are located in the EU or the UK please also visit youronlinechoices.eu/ and http://preferences-mgr.truste.com/. To learn more about your ability to manage your preferences related to cookies, please consult the privacy features within your browser.

Our website is not designed to respond to “do not track” signals received from browsers.

Your Choices

Most web browsers are initially set up to accept cookies, however you can stop cookies from being downloaded on your device by selecting the appropriate settings on your web browser. Most web browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie and how to disable existing cookies. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu or by visiting www.allaboutcookies.org.

The following external links will explain how to manage cookies for the most common browsers:

• Internet Explorer
• Microsoft Edge
• Google Chrome
• Firefox
• Safari

Please note, however, that certain features of the website may not work if you delete or disable cookies.

Communication Preferences

We strive to provide you with relevant and useful information related to our products and services. However, any promotional emails that we send will include a link at the bottom of the email to unsubscribe. Additionally, you can contact us using the information listed at the bottom of this policy to make changes to your communication preferences.

Automated Decisions

Personal data processed by CPA.com is never used to make solely automated decisions that would have legal or otherwise significant effects on you.

Security

We maintain administrative, technical and physical safeguards designed to protect personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Because no method of transmission over the Internet, nor method of electronic storage, is 100% secure, we cannot guarantee the absolute security of information you provide through the website.

Data Transfers

We may transfer the personal data that we collect about you to recipients in countries other than the country in which the personal data originally was collected. If you are located in the EEA [or UK] your personal data will, for example, be transferred to the U.S. for the purposes of providing our products and services. Those countries may not have the same data protection laws as the country in which you initially provided the personal data.

When we transfer your personal data to recipients in other countries (including in the U.S.), we will protect that personal data as described in this Privacy Policy. In addition, if you are in the EEA [or the UK] we will comply with applicable legal requirements by providing adequate protection for the transfer of personal data to data recipients in countries outside of the EEA [or the UK]. To the extent that these data recipients are in countries that have not been recognized as providing an adequate level of data protection in accordance with applicable EEA and UK law, we ensure that appropriate safeguards aimed at ensuring such a level of data protection are in place, including by entering into the EU [and UK] Standard Contractual Clauses, as applicable, with the data recipients. If you are located in the EEA [or the UK], to obtain a copy of the safeguards we have put in place, please contact us as indicated below.

Your Rights

If you are a California Resident, visit our California Consumer Privacy Statement to learn about your privacy rights and how you may exercise those rights.

If you are located in the EEA [or UK], you may have the right to:

• Request access to your personal This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request the restriction of processing of your personal This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to you, or another party, in a structured, commonly used and machine readable format.

CPA.com will honor all client requests to remove personal information from its data center and from any billing account data stored for future transactions when not required by applicable law.

To protect your privacy and security we may, to the extent required by applicable law, take steps to verify your identity before granting access or making changes to your personal information.

You can exercise your rights by contacting our Customer Support at inquire@hq.cpa.com, or sending a written request to the address below. If you are a California resident, you can also visit our California Consumer Privacy Statement to learn more about how to exercise your privacy rights.

If you are located in the EEA [or the UK] and you believe we have processed your personal data in violation of applicable law and have failed to remedy such violation to your reasonable satisfaction, you may lodge a complaint with the data protection authority in your jurisdiction.

Retention of Personal Data

We will retain your personal data as long as reasonably necessary to achieve the purposes described in this Privacy Policy, or any other notice provided at the time of collection, taking into account applicable statute of limitation periods and records retention requirements, and for the purposes of satisfying any legal, accounting, or reporting requirements.

Children

Our website is designed for a general audience and is not directed to children. We do not knowingly collect personal data online from children under the age of 13. If you believe that a child under age 13 may have provided us with personal data, please contact us as specified in the Contact Information section of this Privacy Policy.

Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact us using the contact information listed below.

CPA.com
1345 Avenue of the Americas, 27th Floor
New York, NY 10105
inquire@hq.cpa.com
+1.855.855.5272

Please read our California Privacy Rights Statement if you live in California.