Last updated and effective date: December 1, 2023

This Data Privacy Policy (the “Privacy Policy”) describes how Aras collects, uses, shares, or otherwise processes Personal Data relating to individuals, and explains our information practices and your related choices with regard to such information. A reference to “Aras” “we” or “us” is a reference to Aras Corporation and its relevant subsidiaries and affiliated companies involved in the collection, use, sharing, or other processing of Personal Data.

Please read this Privacy Policy carefully to understand our practices regarding your Personal Data and how we treat it. By submitting your Personal Data to Aras or otherwise interacting with Aras, you acknowledge and, where applicable, consent to Aras collection and use of your Personal Data as outlined herein.

We may change and update this Privacy Policy from time to time. Any updated Privacy Policy will be effective when posted. If we decide to change and update our Privacy Policy, we will post the updated Privacy Policy on our website and update the “Last updated and effective date.” Please check back regularly to review any changes to this Privacy Policy.

"Personal Data" as used in this Privacy Policy means any information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to a specific natural person. Personal Data does not include information that is anonymous, de-identified or aggregated. Where applicable, Personal Data includes the terms "personal data," "personal information," and any other equivalent term as defined in applicable law. This Privacy Policy applies to the processing of Personal Data we may collect related to our:

• website (www.aras.com), including the websites of our affiliate entities (collectively, "Site");
• support, maintenance, and professional services;
• quotes, downloads, trials, white papers or information;
• orders for products or services
• events, webinars, programs, or trainings;
• participation in an Aras community forum;
• surveys or other promotional activities online or in any other venue;
• newsletters, programs, promotional emails, blog postings, or other materials;
• business communications and other online and offline business interactions, including but not limited to emails, phone calls, texts, or faxes
• business locations and visits made to them

Collectively, we refer to the above as our "Services."

Additionally, this Privacy Policy does not apply to the extent we process Personal Data in the role of a processor or service provider on behalf of our business customers, including where our business customers may collect, use, share or process Personal Data via our products or services. For detailed privacy information related to an Aras business customer who uses Aras products and services as the controller, please contact our business customer directly. We are not responsible for the privacy or data security practices of our business customers, which may differ from those described in this Privacy Policy.

Additional or different privacy notices may apply to certain of our Products or Services. If a different or supplemental privacy notice applies, this will be clearly disclosed to you.

United States Regional Privacy Notice. We have developed and posted a United States Regional Privacy Notice, which is available here. The United States Regional Privacy Notice contains additional information for people living in the United States and supplements the information contained in this Privacy Policy, including information on information collected, and how to exercise your rights under, California Consumer Privacy Act ("CCPA"), and other U.S. state laws applicable to consumers in their jurisdiction (collectively, the "U.S. Privacy Laws").

GDPR Privacy Notice. We have also developed and posted a GDPR Privacy Notice, which is available here. Our GDPR Privacy Notice contains additional information about how Aras
processes personal information that is subject to EU data protection laws (including those implementing the EU General Data Protection Regulation or "GDPR").

Job Applicant Privacy Notice. We have posted a Job Applicant Privacy Notice, which is available here. Our Job Applicant Privacy Notice provides additional information about how Aras processes personal information with respect to job applicants.

We may collect Personal Data directly, as well as from third parties or automatically related to the use of our Site or Services.

• Personal Data collected directly

  We may collect Personal Data about you – such as your name, address, telephone number, fax number, e-mail address, etc. – directly from you. For example, Personal Data may be collected when you fill out a “Contact Us” form, sign up for our mailing lists or newsletters, register for events we host or sponsor, interact with us in person at tradeshows, submit information as part of certain online services, post comments on our blogs, or otherwise provide us personal information through your use of our Site and Services. Generally, the Personal Data we collect includes your:

  • Name, company name and job title/position
  • Email address, phone number, mailing address and contact details
  • Contact preferences and interests
  • Business affiliations
  • For events, it may include dietary restrictions, requested accommodations and other event-related preferences
  • Professional and educational background and other information provided in connection with your application for employment
  • Other information related to your request or inquiry, or that you provide when you communicate, engage, or otherwise interact with us or the Services.
• Automatically collected information

  We may automatically collect Personal Data through the use cookies, log files, pixel tags, local storage objects and other tracking technologies which automatically collects information when users access or use the services or visit our Site, such as an IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet Service Provider (“ISP”), referring /exit URLs, operating system, language, clickstream data, and other information about the links, features used, size of files uploaded, streamed or deleted, and similar device and usage information. For more information, see the Cookies and similar devices section below.

• Information received from third parties and publicly available sources

  We may collect or receive Personal Data about individuals from service providers, and other third parties, such as our customers, business partners, our affiliated companies and subsidiaries, representatives and professional advisers, service and content providers, government authorities and public sources and records. We may combine and use information and make inferences from information that we receive from the various sources described in this Privacy Policy. We use and disclose the combined information and inferences for the purposes identified below.

Use of Personal Data

We will only process Personal Data where the processing is in our legitimate business interests, in order to respond to your request or inquiry, or with your express consent. Generally, we use the Personal Data that we collect as follows:

• Providing support and services

  To operate our Sites, provide our Services, communicate with you about your use of the Site or Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes.

• Responding to your requests

  To respond to your inquiries, fulfill your orders and requests, and otherwise consider or process your request.

• Personalization

  To tailor content we may send or display to you, including offering location customization and personalized help and instructions on our Sites, and to otherwise personalize your experiences.

• Newsletters, mailing lists and marketing

  For marketing purposes, including sending you newsletters, client alerts and information we think may interest you. For example, we may use Personal Data we collect to send you newsletters, surveys, questionnaires, promotions, or information about events or webinars, or to analyze emails sent and content viewed by customers or prospects. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will send you such messages if you opt-in to receive them. In jurisdictions which require a double-opt-in procedure, you will be provided with an activation link to complete the registration (generally referred to as a double opt-in procedure). You can unsubscribe from our email marketing by clicking the "unsubscribe" or "opt-out" link in the marketing emails we send you.

• Analytics and improvement

  To better understand how users’ access and use our Sites and other Services, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations and to develop services and features.

• Protect legal rights and prevent misuse

  To protect the Sites, Services, and our business operations, to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of us or any person or third party, or violations of our Terms of Use or other agreements, and to respond to actual or potential legal claims against us.

• Comply with legal and ethical obligations

  In order to respond to legal processes (e.g., court orders, subpoenas, or warrants) or regulator investigations and inquiries, or where otherwise required by law or our legal, regulatory, or ethical obligations.

• General business operations

  Where necessary, for the administration of our general business, accounting, recordkeeping, audit, compliance, and legal functions

• Anonymous and de-identified information

  We may create and use anonymous, de-identified, or aggregated information to assess, improve and develop our business, products, and services, for similar research and analytics purposes, or for any purpose permitted by applicable law.

Disclosure of Personal Data

Aras is a global company and any Personal Data that we collect or that you provide to us may be shared and processed by any Aras practicing entity. We do not sell or otherwise share Personal Data about you except as described in this Privacy Policy. We may share your Personal Data with (i) our affiliates and subsidiaries and (ii) our service providers who perform services on our behalf, such as marketing, customer service, order fulfillment and data analytics and storage. We do not authorize our service providers to use or disclose your personal information except as necessary to perform services on our behalf or comply with legal requirements. We also may share personal information with our business partners with whom we jointly offer products and services, and for payment processing and fraud prevention purposes.

We may share Personal Data with the following categories of third parties:

• Service Providers and Business Partners that provide services to us or to whom we outsource certain services, such as data hosting or software or technology services, insurance providers, marketing, customer service, data analytics and storage.
• Content Providers that we partner with to make training and other content or resources. We do not share your information with them for their own independent use; however, if you register for an account with one of these third parties, they will use the information you provide to them subject to their own privacy policy and terms.
• Professional Advisers, such as lawyers and accountants
• Government and/or Regulatory Authorities
• Regulators, tax authorities and/or corporate registries.

In addition, we may disclose Personal Data to other third parties under the following circumstances:

• Business transfers

  As part of any actual or potential merger, sale and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event to the extent permitted by applicable law.

• Comply with law, legal process, and ethical obligations

  To comply with the law and our ethical obligations or respond to legal process or regulatory investigations and inquiries, or where otherwise required by law or our ethical obligations. For example, we may disclose information in response to subpoenas, court orders and/or other lawful requests by regulators and/or law enforcement, including responding to national security or law enforcement disclosure requirements.

• Protect and defend rights

  Where we believe it necessary to respond to claims asserted against us, enforce, or administer our agreements and terms, or for fraud prevention, risk assessment and investigation, and to protect and defend the rights, property or safety of Aras, our customers, or others.

We may also share aggregate or de-identified information with third parties for research, marketing, analytics, and other purposes, provided such information does not identify a particular individual.

Cookies and Similar Devices

Aras may also automatically collect other information from you when you interact with our Site. Please review our Cookie Policy for more information.

Third Party Websites and Links

Our websites and services may contain links to other websites, applications, platforms, and services maintained by third parties. The information practices of these third parties may be different than ours. Visitors should consult the other sites’ privacy notices as we have no control over information that is submitted to, or collected by, these third parties.

Marketing

Aras may send periodic promotional emails to you, and where required by law, we will obtain your consent to do so. You have the right at any time to stop Aras from contacting you for marketing purposes. You may opt out of such communications at any time by following the opt-out instructions contained in the email or email us at [email protected]. If you opt out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any services you have requested or received from us.

You have the right at any time to stop Aras from contacting you for marketing purposes or giving your data to other members of Aras operating entities.

Community Forums

Aras Site may also provide online newsgroups, chat forums and blogs for our users. Any information that you disclose in these forums could become public information, which could be read, collected, or used by other users. If you choose to voluntarily disclose Personal Data, that information will be considered public information and the protections of this Privacy Policy will not apply. You should exercise caution when deciding to disclose your Personal Data in such cases.

International Transfers

Aras is a global company; when you submit Personal Data to us, or when others provide Personal Data to us, we will receive it and process it in the United States and in other locations where we are located, or where we have service providers. In order to provide Services, we also may need to transfer your Personal Data to locations in other jurisdictions.

If you are based with European Economic Area (EEA), please note that when necessary to deliver the Services, we will transfer Personal Data to countries outside the EEA (including to other Aras Affiliates). Countries outside the EEA may not provide an adequate level of protection to your Personal Data, which is why the Aras practicing entities have signed a data sharing agreement, based on the EU standard contractual clauses, to provide appropriate safeguards and an adequate level of protection for Personal Data.

You have a right to obtain details of the mechanism under which your Personal Data is transferred outside of the EEA; you may request such details by contacting us as set forth in the “How to contact us” section below.

Access and Correction

Upon request, we will provide you with reasonable access to Personal Data about you in our possession and will take reasonable steps to permit you to correct, amend, or delete Personal Data that you demonstrate to be inaccurate or incomplete. When updating Personal Data about you, we may ask you to verify your identity before we can act on your request. We may reject requests that are determined to be fraudulent, unreasonably repetitious, require disproportionate technical effort (for example, requests concerning information residing on backup tapes). Where we can provide information access and correction, we will do so at no cost to you, except where it would require a disproportionate effort.

Data Integrity

We will take reasonable steps to ensure that Personal Data that we process is reliable for its intended use, accurate, complete and current. You are responsible for the accuracy of all Personal Data you provide to us. We will use reasonable efforts to maintain the accuracy and integrity of the Personal Data we obtain, and to update it as appropriate. We will take reasonable steps to ensure that Personal Data is reliable for its intended use.

Data Security and Retention

We have implemented, and will maintain current, reasonable physical, technical, and organizational security measures designed for the purpose of protecting the Personal Data in our possession from loss, misuse, and unauthorized access, disclosure alteration, or destruction.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the Internet is not completely secure. Although we have security measures in place to protect your Personal Data, we cannot guarantee the security of your data transmitted to our Sites; any transmission is at your own risk.

We will only retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected by us, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for your Personal Data, we consider the amount, nature and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements, including the statute of limitations periods.

You Rights and Choices

Depending on your location, you may have rights in addition to those described in this Privacy Policy. To learn more about your rights and how to exercise them, please review the policy addressing the jurisdiction where you reside below:

• United States Regional Privacy Notice
• GDPR Privacy Notice

If you have any questions or concerns about the Privacy Policy for Aras or its implementation, you may contact us at [email protected].

Aras Corporation
Email: [email protected]
Telephone: +1.978.806.9400
Address: 100 Brickstone Square, Suite 100
Andover, MA 01810