Privacy Policy

1. Overview

Simetrix Solutions ("Simetrix," "we," "us," or "our") provides customer operations services to business clients. This Privacy Policy explains how we collect, use, share, and protect personal information through our website (simetrix.com), our marketing operations, and the customer support services we operate on behalf of our business clients.

We act in two distinct roles with respect to personal information:

• As a controller: When you visit our website, fill out a form, request a CX Review, communicate with our sales team, or otherwise interact with us directly. This Privacy Policy describes how we handle that information.
• As a processor or service provider: When we provide customer operations services to a business client, we process personal information about that client's customers under the client's instructions and the terms of our written services agreement (including any applicable Data Processing Agreement or Business Associate Agreement). In that role, the client is the controller. If you are a customer of one of our business clients and have questions about how your information is handled, please contact that client directly. Our role as a processor is governed by the agreement we have with that client, not by this Privacy Policy.

2. Information we collect

2.1 Information you provide directly

When you interact with our website, request a CX Review, fill out a contact form, schedule a call, or correspond with us, we may collect:

• Name, work email, company name, and job title
• Phone number (when provided)
• Industry, segment, and the operational context you share with us
• Pain points, scoping information, and other content you submit through our forms or in conversations with our team
• Information shared during sales calls, scoping conversations, NDA discussions, and pre-engagement assessments

2.2 Information collected automatically

When you visit our website, we and our analytics providers automatically collect:

• IP address and approximate location derived from it
• Browser type, operating system, device identifiers, and screen resolution
• Pages visited, time spent on pages, scroll depth, clicks, and referral source
• UTM parameters and other campaign attribution data
• Cookies and similar tracking technologies (see Section 12)

2.3 Information from third-party sources

We may receive information about you from publicly available sources, business intelligence providers, and integration partners. This includes information used to enrich leads, verify company details, and personalize outreach. We may also receive your information when a client or partner refers you to us.

We do not knowingly collect special categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, health information, biometric data, or sexual orientation) through our website or marketing operations. Where we process such data on behalf of a business client (for example, health information processed under a Business Associate Agreement for a healthcare client), it is governed by the client's instructions and the applicable services agreement.

3. How we use information

We use personal information we collect as a controller for the following purposes:

• Operations and service delivery: Responding to CX Review requests, scheduling and conducting scoping conversations, preparing written gap summaries, and providing requested follow-up information.
• Sales and business development: Communicating with prospects and clients about our services, qualifying opportunities, sending requested materials, and managing the sales process.
• Marketing: Sending operational updates, case studies, and content where you have requested them or where we have a legitimate interest in keeping you informed about our services. You can opt out of marketing communications at any time.
• Analytics and website improvement: Understanding how visitors use our website, measuring marketing campaign effectiveness, and improving content and design.
• Security and fraud prevention: Detecting and preventing fraudulent activity, security breaches, abuse, and other unlawful or unauthorized activity.
• Legal and compliance: Complying with applicable laws, responding to legal requests, enforcing our agreements, and exercising or defending legal claims.

4. Legal basis for processing (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on the following legal bases:

• Performance of a contract: When we process your information to fulfill our obligations under a contract with you or your organization, or to take pre-contractual steps at your request (such as responding to a CX Review request).
• Legitimate interests: When we have a legitimate business interest in processing your information, such as understanding how our website is used, improving our services, and conducting business-to-business marketing, and where our interests are not overridden by your rights and interests.
• Consent: When you have given us specific consent to process your information for a particular purpose, such as receiving marketing communications. You can withdraw consent at any time.
• Legal obligation: When we need to process your information to comply with a legal obligation that applies to us.

5. How we share information

We share personal information in the following circumstances:

• Service providers: We use third-party vendors to operate our business. These include hosting and infrastructure providers, analytics services (such as Google Analytics), customer relationship management software, email and communications platforms, calendar and scheduling tools (such as Calendly), and form processing services. Service providers are contractually bound to use personal information only for the purposes we direct.
• Affiliates and group companies: We may share information with our affiliates and operational entities, including our service providers, for purposes consistent with this Privacy Policy.
• Business clients: When you submit information specifically intended for a business client (for example, through a form on a co-branded landing page), we share that information with the relevant client.
• Legal and regulatory: We may disclose information when required to comply with applicable law, legal process, government requests, or to protect our rights, property, or safety, or the rights, property, or safety of others.
• Business transactions: If we are involved in a merger, acquisition, financing, sale of assets, or similar transaction, personal information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

We do not sell personal information. We do not engage in cross-context behavioral advertising as defined under the California Consumer Privacy Act.

6. International transfers

Simetrix is headquartered in the United States. Personal information is processed and stored in the United States. When you provide personal information to us, it may be transferred to, processed in, and stored in any of these locations and any other country where our service providers operate.

For transfers from the European Economic Area, the United Kingdom, and Switzerland, we rely on appropriate safeguards, which may include:

• Standard Contractual Clauses approved by the European Commission
• The EU-US Data Privacy Framework (where applicable)
• Other lawful transfer mechanisms approved under applicable law

You can request a copy of the transfer mechanism we rely on by contacting us at the address in Section 15.

We maintain ISO 27001 certified information security controls across our delivery operations. Where personal data is transferred from the EEA, UK, or Switzerland to these locations as part of a client engagement, the transfer is governed by the Data Processing Agreement with that client and supported by appropriate safeguards.

7. Data retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the duration of our relationship with you or your organization, and as needed to:

• Provide the services you have requested
• Maintain business and operational records
• Comply with our legal obligations
• Resolve disputes and enforce our agreements

When personal information is no longer needed for these purposes, we delete it or render it anonymous, except where retention is required by law.

8. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our security program is certified to ISO 27001. Measures include access controls, encryption in transit and at rest where appropriate, employee security training, vendor risk management, and incident response procedures.

No method of transmission or storage is completely secure. While we work to protect your information, we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify you in accordance with applicable law.

9. Your rights

Depending on where you live, you may have the following rights with respect to your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to certain exceptions.
• Restriction: Request that we restrict the processing of your information in certain circumstances.
• Portability: Request that we provide your information in a structured, machine-readable format, or transmit it to another controller.
• Objection: Object to processing based on legitimate interests, including for direct marketing purposes.
• Withdraw consent: Where processing is based on consent, withdraw that consent at any time.
• Complaint: Lodge a complaint with a supervisory authority in your jurisdiction.

To exercise these rights, contact us using the details in Section 15. We will respond to verifiable requests within the timeframes required by applicable law. We may need to verify your identity before processing your request.

10. California rights

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) provides additional rights, including:

• The right to know what categories of personal information we have collected about you, the sources of that information, the business purposes for which we use it, and the categories of third parties with whom we share it
• The right to request deletion of personal information we have collected from you
• The right to correct inaccurate personal information
• The right to opt out of the sale or sharing of personal information (we do not sell personal information or share it for cross-context behavioral advertising)
• The right to limit the use and disclosure of sensitive personal information (we do not use sensitive personal information for purposes other than as permitted by law)
• The right not to be discriminated against for exercising your rights

You may submit requests through the contact details in Section 15. You may designate an authorized agent to make requests on your behalf, subject to verification.

11. Healthcare data

When Simetrix provides customer operations services to a HIPAA-regulated client (such as a healthcare provider, health plan, or healthcare clearinghouse), we act as a Business Associate as defined under the Health Insurance Portability and Accountability Act of 1996, as amended.

In that capacity, our use and disclosure of Protected Health Information is governed by the Business Associate Agreement with the relevant client, not by this Privacy Policy. We maintain administrative, physical, and technical safeguards required under the HIPAA Security Rule.

If you believe your PHI has been disclosed in violation of HIPAA, contact the relevant Covered Entity (your healthcare provider, health plan, or clearinghouse). They are the entity responsible for HIPAA compliance and for notifying you of any reportable breach.

12. Cookies and tracking technologies

We and our service providers use cookies, web beacons, and similar tracking technologies to operate our website, analyze usage, and support marketing. Categories of cookies we use include:

• Strictly necessary cookies: Required for the website to function, including session management and security.
• Analytics cookies: Help us understand how visitors interact with the website, such as which pages are most visited and how users navigate the site. We use Google Analytics for this purpose.
• Marketing cookies: Used to measure the effectiveness of our advertising campaigns and to deliver relevant content. This may include cookies from Google Ads, LinkedIn Insight Tag, and similar platforms.

You can manage cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being sent. Note that disabling certain cookies may affect the functionality of the website. Where required by applicable law, we obtain your consent before placing non-essential cookies, through a cookie consent banner.

13. Children's privacy

Our website and services are directed to businesses and business professionals. They are not intended for children under 16, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verifiable parental consent, we will delete that information promptly.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the "Last updated" date at the top of this page and, where required, provide additional notice (such as by email or a notice on our website). Continued use of the website after changes constitutes acceptance of the updated policy.

15. Contact us

If you have questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your personal information, contact us: