Privacy Policy

CR Technology LLC (“CR Technology,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you provide to us. This Privacy Policy describes how we collect, use, share, and protect personal information when you visit our website at castlerocktechnology.com (the “Website”), interact with us, or otherwise provide information to us.

This Privacy Policy applies to information we collect through the Website, information you submit through inquiry and contact forms, information we collect automatically when you visit the Website, and information we receive from third parties about you. It does not apply to information you may provide directly to third parties, including any third parties whose services or websites are linked from the Website.

By using the Website or providing information to us, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Website or provide information to us.

2.1 Information You Provide to Us

We collect information that you voluntarily provide to us when you interact with the Website or communicate with us. This may include:

• Contact information, including your name, email address, telephone number, company name, and job title.
• Professional information, including your role, the company you represent, and the general nature of your interest in our services.
• Communications you send to us, including the content of inquiry forms, emails, and other messages.
• Information you provide when requesting materials (such as whitepapers, case studies, or service descriptions), scheduling meetings, or participating in events.
• Any additional information you choose to share with us.

2.2 Information Collected Automatically

When you visit the Website, we and our service providers automatically collect certain information about your visit. This may include:

• Device and connection information, including IP address, browser type and version, operating system, device identifiers, and similar technical information.
• Usage information, including the pages you visit, the time and duration of your visits, the links you click, the referring website or source, and similar analytics information.
• Cookie and similar technology data, as further described in Section 6 below.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Business contacts or partners who refer you to us or introduce us to you.
• Professional networking services, business directories, or other publicly available sources.
• Analytics providers and advertising partners who provide aggregated or de-identified information about Website usage.

2.4 Sensitive Information

We do not intentionally collect sensitive personal information through the Website, such as government-issued identification numbers, financial account numbers, health or biometric information, or information revealing racial or ethnic origin, religious beliefs, or similar categories. Please do not submit sensitive information through our contact forms or other Website channels.

We use the information we collect for the following purposes:

• To respond to your inquiries, fulfill your requests, and provide the information or materials you have asked for.
• To communicate with you about our services, including sending information you have requested and responding to your questions.
• To send you marketing and promotional communications about our services, industry insights, and events, where permitted by applicable law and subject to your right to opt out.
• To understand how visitors use the Website, to improve the Website's content and functionality, and to develop new features.
• To maintain the security and integrity of the Website, prevent fraud, and enforce our Terms of Use.
• To comply with applicable laws, regulations, legal processes, and governmental requests, and to protect our legal rights and the rights of others.
• To conduct internal business operations, including accounting, auditing, risk management, and similar business activities.
• For any other purpose disclosed to you at the time we collect the information or for which you provide your consent.

Where required by applicable law (such as the European Union General Data Protection Regulation), we rely on the following legal bases to process personal information:

• Your consent, which you may withdraw at any time, for processing activities that require consent.
• The performance of a contract with you, or the steps you have asked us to take before entering into a contract.
• Our legitimate interests, where our processing is necessary to operate, protect, or improve our business and does not override your rights or interests.
• Compliance with our legal obligations.
• Protection of vital interests or performance of tasks carried out in the public interest, where applicable.

We share personal information only as described in this Privacy Policy. Specifically, we may share personal information with the following categories of recipients:

5.1 Service Providers

We share personal information with third-party service providers who perform services on our behalf, including website hosting and analytics providers, email and marketing platform providers, customer relationship management providers, cloud storage providers, and similar operational service providers. These service providers are contractually required to use personal information only for the purposes for which we engage them, and to maintain the confidentiality and security of the information.

5.2 Professional Advisors

We may share personal information with our legal, accounting, insurance, and other professional advisors in connection with the services they provide to us, subject to professional confidentiality obligations.

5.3 Business Transfers

If we are involved in a merger, acquisition, sale of assets, reorganization, bankruptcy, or similar corporate transaction, personal information may be transferred to the other party in connection with such transaction. In that event, we will take reasonable steps to ensure that your personal information continues to be protected in a manner consistent with this Privacy Policy.

5.4 Legal Requirements

We may disclose personal information when required to do so by applicable law, regulation, legal process, or governmental request; to respond to subpoenas, court orders, or other legal process; to establish, exercise, or defend our legal rights; or to protect the safety of any person or the public.

5.5 With Your Consent

We may share personal information with other parties with your consent or at your direction.

5.6 Aggregated or De-Identified Information

We may share aggregated or de-identified information that does not reasonably identify you or any specific individual for any purpose, including analytics, research, and marketing.

6.1 What Are Cookies

Cookies are small text files that websites place on your device to store information. We and our service providers use cookies and similar tracking technologies (such as web beacons and analytics pixels) to collect information about your use of the Website.

6.2 Types of Cookies We Use

• Essential cookies, which are necessary for the Website to function properly.
• Analytics cookies, which help us understand how visitors use the Website and improve its performance. These may include cookies from Google Analytics or similar providers.
• Functional cookies, which remember your preferences and enhance your experience on the Website.

6.3 Managing Cookies

Most web browsers allow you to control cookies through your browser settings. You may refuse cookies, delete cookies, or be notified when cookies are being placed. However, if you disable cookies, some features of the Website may not function properly. For more information about how to manage cookies, please refer to your browser’s help documentation or visit sites such as allaboutcookies.org.

6.4 Do Not Track Signals

Some browsers transmit “Do Not Track” signals to websites. Because there is no common industry or legal standard for how to respond to these signals, the Website does not currently respond to Do Not Track signals. However, to the extent your browser transmits a Global Privacy Control or similar signal that is recognized as a valid opt-out preference signal under applicable state privacy law, we will treat that signal as an opt-out of the sale or sharing of your personal information and of targeted advertising.

Depending on the jurisdiction in which you reside, you may have certain rights with respect to the personal information we hold about you. These rights are described in general terms below; rights specific to residents of certain states and countries are described in Section 8.

General rights that may be available to you include:

• The right to access or obtain a copy of the personal information we have collected about you.
• The right to correct inaccurate personal information we hold about you.
• The right to request deletion of your personal information, subject to applicable legal exceptions.
• The right to data portability, including receiving a copy of certain personal information in a structured, commonly used, and machine-readable format.
• The right to opt out of the sale or sharing of personal information and of targeted advertising, where applicable.
• The right to opt out of certain profiling or automated decision-making, where applicable.
• The right to withdraw consent for processing based on consent, at any time.
• The right to lodge a complaint with a supervisory authority or regulator.

7.1 How to Exercise Your Rights

To exercise any of these rights, please contact us at info@castlerocktechnology.com with the subject line “Privacy Rights Request,” or by mail at the address provided in Section 14. We will respond to your request within the timeframe required by applicable law.

7.2 Verification

To protect your privacy and security, we may take reasonable steps to verify your identity before processing your request. We may ask you to provide information that matches information we have on file, or to confirm your request via a known email address. We will not use the information you provide for verification for any other purpose.

7.3 Authorized Agents

You may designate an authorized agent to make a privacy rights request on your behalf, subject to the requirements of applicable law. We may require the agent to provide written authorization from you and may require you to verify your identity directly with us.

7.4 Appeals

If we decline to act on a privacy rights request, you may appeal our decision by contacting us at the email or address set forth in Section 14 with the subject line “Privacy Rights Appeal. ” We will respond to your appeal within the timeframe required by applicable law. If we deny your appeal, you may have the right to contact the applicable regulator or attorney general in your jurisdiction.

7.5 Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you our services, charge you different prices, or provide you with a different quality of service because you exercised your privacy rights, except where such differences are reasonably related to the value of the personal information to us.

8.1 Colorado Residents

If you are a resident of Colorado, you have the following rights under the Colorado Privacy Act (“CPA”):

• The right to confirm whether we are processing your personal data and to access such data.
• The right to correct inaccuracies in your personal data.
• The right to delete personal data concerning you.
• The right to obtain a portable copy of your personal data.
• The right to opt out of the processing of your personal data for purposes of (a) targeted advertising, (b) the sale of personal data, or (c) profiling in furtherance of decisions that produce legal or similarly significant effects.
• The right to appeal our refusal to take action on a request.

To exercise these rights, please contact us as set forth in Section 7.1.

8.2 California Residents

If you are a resident of California, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”):

• The right to know what categories of personal information we have collected, the sources of that information, the business or commercial purposes for collecting or sharing it, and the categories of third parties with whom we share it.
• The right to access the specific pieces of personal information we have collected about you in the preceding twelve (12) months.
• The right to request deletion of your personal information, subject to applicable legal exceptions.
• The right to correct inaccurate personal information.
• The right to opt out of the sale or sharing of your personal information.
• The right to limit the use and disclosure of sensitive personal information, where applicable.
• The right to non-discrimination for exercising your rights.

To exercise these rights, please contact us as set forth in Section 7.1.

8.3 Other State Residents

Residents of other states, including Virginia, Connecticut, Utah, Texas, Oregon, and Montana (among others), may have similar rights under their respective state privacy laws. The rights described in Sections 7, 8.1, and 8.2 above are broadly representative of the rights available under these state laws. To exercise any rights available to you under your state’s law, please contact us as set forth in Section 7.1.

8.4 European Union and United Kingdom Residents

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under the General Data Protection Regulation (“GDPR”) and analogous laws, including the rights set forth in Section 7 above, as well as the right to object to processing based on our legitimate interests, the right to restrict processing, and the right to lodge a complaint with a supervisory authority in your country of residence. Please contact us as set forth in Section 7.1 to exercise these rights. Please note that CR Technology is not established in the European Union or United Kingdom and does not actively offer services there; this section is provided as a courtesy for any individuals in those jurisdictions who may interact with the Website.

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These safeguards are consistent with the nature and sensitivity of the information we collect and applicable legal requirements.

No method of transmission over the internet or method of electronic storage is, however, completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. You use the Website and provide information to us at your own risk.

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including to respond to your inquiries, provide the services you request, comply with our legal obligations, resolve disputes, and enforce our agreements. When we no longer need personal information for these purposes, we will securely delete, destroy, or de-identify the information, subject to any applicable legal retention requirements.

The Website is not directed to, or intended for use by, children under the age of sixteen (16). We do not knowingly collect personal information from children under the age of sixteen (16). If you believe we have inadvertently collected personal information from a child under sixteen (16), please contact us as set forth in Section 14 and we will take appropriate steps to delete such information.

The Website may contain links to third-party websites and services. We are not responsible for the privacy practices or content of these third-party websites and services. We encourage you to review the privacy policies of any third-party websites or services that you visit through links on the Website.

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable law. We will post the updated Privacy Policy on the Website, along with the date it was last updated. If we make material changes, we will provide notice as required by applicable law, which may include notice on the Website, by email, or through other appropriate means. Your continued use of the Website after the effective date of an updated Privacy Policy constitutes your acceptance of the updated terms.