RedCAT’s clients and their authorized users (the “Clients”) input personal data required to complete their performance and compensation planning processes into RedCAT’s cloud-based enterprise applications (the “Service”), or provide the data to RedCAT under a professional services agreement to be input into or accessed within the Service (collectively, “Personal Data”). RedCAT may access this Personal Data for the purposes of providing its services, preventing issues or addressing access, service or technical problems, responding to support inquiries, client instructions, or as may be required by law, in accordance with the relevant agreement(s) between the Client and RedCAT.

RedCAT acts as a data processor with respect to this Personal Data, processing the data to provide and support the Service for which the Client has engaged RedCAT. As a data processor, RedCAT will disclose Personal Data only as instructed by the data controller. RedCAT processes Personal Data only as instructed by its Clients, and does not control or own the Personal Data it processes. RedCAT may be required to disclose Personal Data in special cases when we have a good faith belief that such action is necessary to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. RedCAT will notify the Client of such request unless prohibited by law.

RedCAT will not share or distribute any Personal Data except as provided in the contractual agreement between RedCAT and the Client, or as may be required by law. RedCAT may also receive data that utilizes compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

Clients are responsible for complying with regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring data to RedCAT.

Where RedCAT is a data processor, individuals who seek access or who seek to correct, amend, or delete inaccurate Personal Data, should contact the RedCAT Client directly (the data controller). The Client may have optionally enabled the individual to perform these updates themselves through the RedCAT Service. If the Client requests RedCAT to remove the Personal Data to comply with data protection regulations, RedCAT will respond to the Client’s request within 30 business days and will certify that the data has been removed via a method the Client deems acceptable.

Clients and their authorized users may access the applications made accessible to them directly through a URL unique to the Client, or the Client may elect to use its own URLs for single sign on or other purpose. Clients input data for processing and storage as they use the applications, and  may also configure the applications to allow end users to input information directly into the applications.

RedCAT retains Personal Data according to the timeframes set forth in the RedCAT Data Retention Policy. Individuals who would like to request that their Personal Data not be disclosed or used for specific purposes should contact the RedCAT Client directly.

The security of Personal Data is very important to RedCAT. RedCAT maintains a comprehensive information security policy and other policies that contain industry standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to Personal Data. RedCAT designs its applications to allow Clients to configure their applications, enforce user access controls, and manage data that may be populated and/or made accessible by user role, geographic location, business unit, reporting relationship or other variable. Appropriate configuration of these settings is the Client’s sole responsibility. Additional information regarding security and configuration is made available to Clients.

In some cases, we may share Personal Data with our subcontractors to provide the RedCAT service to our Clients. If RedCAT goes through a business transition, such as a merger, acquisition by another company or sale of all or a portion of its assets, Personal Data may only be transferred in accordance with the Client agreements.

RedCAT may update this privacy policy to reflect changes to its information and security practices, which will be posted on its website: http://redcatsystems.com/privacy. RedCAT encourages you to periodically review this page for the latest information on our privacy practices.

Last Updated: January 2024