Privacy

Privacy Policy For The Coremetrics Web Site

Our Principles.Coremetrics adheres to industry best privacy principles with respect to the data collection practices on our web site and the site that each of our clients uses to access the data they send to us or we collect on the client's behalf. Our fundamental privacy principles incorporate the guidelines set forth by the Federal Trade Commission for web sites that collect personally identifying information: (i) Notice; (ii) Choice; (iii) Access, and (iv) Security, each of which is discussed below:

• Notice. Coremetrics is committed to clearly and readily disclosing our data collection practices so that you can make informed decisions about your activities at our web site.
• Choice. Coremetrics provides you with a choice to participate in its data collection activities either anonymously or not at all.
• Access. Coremetrics provides you with the opportunity to review, modify, and delete any personally identifiable information that you have previously provided.
• Security. See "Data Security" section under "General Guidelines", below.

Highest Industry Standards. We believe in the strength of an industry concerned with and proactive about privacy and confidentiality. In addition to our own stringent policies, Coremetrics adheres to the policies and reviews required by TRUSTe and the Council of Better Business Bureau's BBBOnLine Privacy Program. Coremetrics is also committed to the privacy standards set by industry associations, such as the Online Privacy Alliance. Coremetrics also complies with the FTC guidelines and all applicable laws and regulations including (i) the Children's Online Privacy Protection Act which regulates the collection of data from children under the age of 13; and (ii) the California Online Privacy Act.

Coremetrics has also certified its privacy practices as consistent with the U.S. Department of Commerce's Safe Harbor Principles: Notice, Choice, Onward Transfer, Access and Accuracy, Security, and Oversight/Enforcement. The European Commission recognizes the Safe Harbor Principles as a framework that provides adequate protection for personally identifiable information sent to Safe Harbor certified companies from the European Union. More information about the U.S. Department of Commerce Safe Harbor Principles can be found at http://www.export.gov/safeharbor/ .

What We Collect and How We Use It. When you visit this web site, we collect certain non-personally-identifiable information such as your IP address, what pages you visited, and the time that you visited. We will also collect any personally identifiable information that you may send to us or provide to us on our forms (such as Resume Submission, Request for Information or Newsletter Subscription (unsubscribe here)). We use this information in connection with fulfilling your request, for our own marketing purposes, or to consider your employment application. Finally, we may forward to our vendors (e.g. an email service provider) information that you provide to us, but only for so they can provide us services, such as responding to your request to receive information.

When our client users access their data via our secure web interface, we collect information about the way they use our Services, such as their IP address, the type of browser they are using, and the frequency and duration of their visits. We also collect user ID, username, and password from client visitors to our secure web interface. We use this information to improve the way that we provide our Services to our clients, to relay administrative information, and to verify login information.

As we continue to develop our business, we may sell certain of our assets. In such transactions, visitor information may be one of the transferred assets. Also, in the event that all or substantially all of Coremetrics' assets are acquired in a transaction, our visitor information may be an asset that is reviewed and transferred. Such a transaction will be disclosed per the "Notification of Changes" guidelines below. Also, as with the data we collect on behalf of our clients, we reserve the right to disclose any data we collect at our sites if required by law or valid order of a court or other governmental authority or to protect the health and safety of Coremetrics' employees or the general public.

Update Your Information. We provide all visitors to our web site with the opportunity to review, modify and delete any personally identifiable information that has previously been provided. You can send an email to privacy@coremetrics.com , or call us toll free at 877.721.CORE (2673) or in California at 650.762.1400. Coremetrics shall respond to requests from visitors to its website for information on collected personally identifiable information within thirty (30) days.

Unsubscribe from Our Mailing List. If you have previously subscribed to Coremetrics' mailing list, you may at any time ask us to remove you from our mailing list by clicking here, or by calling us toll free at 877.721.CORE (2673) or direct at 650.762.1400.

Other Web Sites. This privacy statement applies solely to information collected by this web site, which contains links to other sites. Please be aware that we are not responsible for the privacy practices of these other sites. We encourage our visitors to read the privacy statements of each and every web site that they visit.

How We Notify You of Changes To This Policy. If we decide to change our privacy policy, we will post those changes to this privacy statement, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If, however, we are going to use visitors' personally identifiable information in a manner different from that stated at the time of collection we will notify visitors by posting a notice on our web site for thirty (30) days in advance of such use.

Privacy Policy For Our Provision Of Services

On April 1, 2006, Coremetrics acquired IBM's SurfAid Analytics Business. The statement below regarding our provision of services is applicable only to those clients utilizing the Coremetrics online analytics services. Client's that are using the SurfAid analytics services are subject to an agreement originally entered into with IBM which may or may not contain the provisions set forth below. As and if clients transfer to the Coremetrics online analytics platform then the policies and procedures set forth below will apply.

Our Relationships with Our Clients.

Coremetrics is an agent for its clients. Coremetrics either collects or receives visitor information from its clients but it does not own the information it collects. Our clients use our Services to understand more about visitors to their web sites. Clients then apply this understanding to their web sites to provide web environments that save visitors time and make the sites easier to use. Each client instructs us as to what type of data it would like us to collect or receive on its behalf. This data could include search engine referral, affiliate referrals, traffic driven by banner ads or other promotions, visitor navigation around the site, popular pages, which items are placed in shopping carts and which are abandoned, conversions and what purchases were made. We may also collect or receive certain technical information, such as the visitor's browser version and operating system. We may, upon a client's request, collect or receive personally identifiable information such as a visitor's email address. In each client agreement, we agree that we will not make use of any data that we collect or receive on the client's behalf except as necessary to provide our services to that client. All information about individual visitors to a web site belongs to the client, not Coremetrics. Coremetrics does not allow individual information collected for one client to be accessed by any other Coremetrics client.

The only time that any client would see data from other client web sites is if that client is a part of Coremetrics' benchmarking service. In that case the information shared is summary data only and contains no information that personally identifies any visitor. This benchmarking service provides Coremetrics' clients with the ability to compare the performance of their web sites against peer groups.

We do, however, reserve a limited right to disclose any data we collect if required by law or valid order of a court or other governmental authority or to protect the health and safety of Coremetrics' employees, a client's employees or the general public.

Our Clients' Use of Our Services. We require all of our clients to abide by all applicable laws, rules and regulations, and we promise our clients that we will do the same. We also recommend that each client obtain all necessary consents from visitors to its web site during Coremetrics' provision of any Service, post on its web site and abide by a visitor privacy policy providing each visitor with the client's data collection and use practices; provide notice that cookies are being placed on the visitor's computer; an explanation of the purpose and utilization of such cookies; and provide on its web site an opt-out (or a link to an opt-out) so that any visitor may choose not to have his/her data collected.

Our Clients Can Combine Their Existing Data With Data We Collect or Receive. Our clients can send us data that they have previously collected and add that data to the data that we collect or receive on their behalf. Also, a client that purchases our Services may view and combine data that we collect on its behalf with data that has been collected by a Coremetrics business partner.

You Can Choose Not To Participate In Our Services. Since its inception, Coremetrics has been a proponent of consumer online privacy and provided visitors to our web site with the ability to opt out of having their data collected when they visit. As noted above, Coremetrics encourages all of its clients to disclose their data collection practices and to adopt the opt-out standard provided by Coremetrics. When visiting one of our clients' sites, you may be able to deactivate that clients' ability to analyze your web browsing and purchasing behavior by electing to opt-out of the Services as may be set forth in each individual web site. You also have the option to continue to benefit from the improved shopping experience enabled by our Services, but maintain anonymity. To learn more about opting out, see below.

General Guidelines

Coremetrics And Its Clients Use Cookies to Collect Data. Coremetrics and its clients use "cookies" and "web beacons" to collect data. A cookie is a small text file containing a random and unique alphanumeric identifier that either of Coremetrics or our clients transfer to your computer's hard drive through your web browser (unless you set your browser to reject cookies) that enables our, or our clients', systems to recognize your browser. Neither of Coremetrics or its clients store any personally identifiable information in cookies. A web beacon (also known as a "clear GIF", "pixel tag", "data tag" or "image tag") is a mechanism by which a small section of code that our clients place on their web site pages executes an image request to our data collection servers. Web beacons facilitate the transfer of data by requesting and delivering the transparent graphic GIF image from Coremetrics to our client's web site pages.

How We Secure the Data We Collect Or Receive. Coremetrics has taken proactive measures to protect against the loss, misuse, or alteration of data that it collects or it collects or receives on its clients' behalf. Every step has been taken with the view to ensuring maximum security for data transfer and storage. Our infrastructure employs leading technology solutions for end-to-end security, which protects data at each point of transfer; from receipt to storage to reporting. We use multiple back-up systems to reduce the chance of data loss, and for up-to-date and accurate information. We also employ internal policies and procedures limiting our employees' and vendors' access to client data and other client confidential information, so that access is permitted only to fulfill our contractual agreements with our clients and consistent with this Privacy Statement.

If You Contact Us. We answer the email we receive by sending an email response to the sender. We also store the email we receive for archival purposes and for our own marketing purposes if we feel that it is consistent with the nature of the inquiry. We will not use return email addresses for any other purpose unless you give us permission to do so.

Visitor OPT OUT

If you have previously opted-out prior to January 1, 2005, you should be aware that Coremetrics' data collection methods have changed. Our clients now control any implementation of an opt-out function on their sites and the process for opting-out originates on each of their web sites. As a result, opting out of one client's collection of data will not opt you out of any other client's collection of data and if you have previously opted out you should do so again on each client site for which you do not wish to have data collected about your activities. As with any web site you visit, you should refer to that web site's privacy policy for information on managing personal information.

Instructions. Coremetrics offers two (2) methods by which visitors to its web site can control how data from their online activities is collected – "Anonymous Visitor" and "Total Opt-Out" (which are both discussed below). For either of these options to take effect, you must first accept a cookie from this site which will allow us to recognize you with a random and unique alphanumeric identifier so that we can honor your opt-out selection. If you do not accept this cookie, or later delete it, we cannot honor your request to opt-out and you will continue to be served cookies.

• If you have your browser set to automatically accept cookies, proceed to the opt-out selection, Opt-out Now.
• If you set your browser to prompt you for permission to receive a cookie, and have not already accepted a Coremetrics cookie, please click "Refresh" and accept the cookie from this page when prompted.
• If you set your browser or cookie-blocking software so as to block cookies, please change these settings then click "Refresh" and accept the cookie from this page when prompted.
• Next, select one of the opt-out choices available to you.
• Once you click "submit" below, you will need to click "confirm" on the next page to confirm your selection. Then your selection will take effect immediately for this site.
• For each client web site that you wish to opt out of, you will need to follow the applicable instructions as explained on the client web site. For those sites employing Coremetrics opt-out technology, you will need to complete a similar process as detailed here for our web site.

What Happens After You Select Your Opt-Out Option?

Your Coremetrics cookie contains a random and unique alphanumeric identifier. If you select the "Anonymous Visitor" option, at either of this web site or a client web site, then for such web site your cookie will be modified to read "anonymous", meaning that Coremetrics will continue to collect or receive data about your experience at the site you visit. However, such data will be presented as part of a pool of general, anonymous visitors. If you select "Total Opt-Out" at either of this web site or a client web site then for such web site your cookie will be modified to read "opt-out", meaning that no data will be collected about you at that site. Coremetrics will in such cases record that a "Total Opt-Out" election has been made, so that aggregated totals of "Total Opt-Out" elections can be calculated and recorded. Once you make your selection, a dialog box should appear to confirm that your opt-out choice was successful. The opt-out will remain in effect for as long as the cookie remains on your hard drive. If you remove this cookie from your hard drive (for instance, if you reinstall or update your browser or choose to delete all cookies), you will need to renew your opt-out selection.

Remember, if you choose to opt out you will need to do so the first time you visit any of our clients' sites which provide opt-out to avoid having your information collected by that site. Further, if you use more than one web browser or computer, you will need to opt-out in each one. Please note that if you upgrade your browser to a new version (including, but not limited to, Microsoft's Internet Explorer 6.0), you may need to opt out again. For your convenience, you can check your current opt-out status for this site at any time as described below.

Contacting Coremetrics

If you have any questions about this privacy statement, the practices of this site or Coremetrics' Services, you can contact:

Seth Weissman
Chief Privacy Officer
Coremetrics, Inc.
1840 Gateway Drive, Suite 320
San Mateo, CA 94404
privacy@coremetrics.com
Tel toll-free: 877.721.CORE (2673)
Direct dial for international calls: +1.650.762.1400