Company is a data Controller with regard to any Personal Data collected from visitors pursuant to an interaction. A “Controller” is an entity that determines the purposes and the manner in which the Personal Data is Processed. Any third parties that handle your Personal Data in accordance with our instructions are our service providers and are “data processors.” You are a “user.” Users are individuals providing Personal Data to us via an interaction, such as requesting to receive information regarding our services or otherwise accessing or using our resources that we provide.
2. Legal Basis.
Purpose for Processing
- We may Process your Personal Data to provide the Website and facilitate the interactions. Specifically, we may Process your Personal Data to:
- deliver information to you and contact you regarding administrative notices;
- respond to your requests, inquiries, comments and concerns;
- personalize your interactions with us;
- provide technical, product and other support for the Website and our services;
- better understand you and/or maintain and improve the accuracy of the records we hold about you.
This use of your Personal Data is necessary for our legitimate interests (managing our business, providing the Website and services), provided our interests are not overridden by your rights and interests. Please note that you have a right to object to Processing of your Personal Data where that Processing is carried on for our legitimate interest. This use of your Personal Data is sometimes also necessary in order for us to comply with legal obligations. In certain cases, users also provide their express consent to these data uses.
- We may provide Personal Data to our suppliers and third-party service providers that help us provide, operate, analyze and improve the Website and interactions. This use of your Personal Data is necessary for our legitimate interests (managing our business, providing our Website and services, improving our Website and services and studying how users use our Website and services), provided our interests are not overridden by your rights and interests. This use of your Personal Data is sometimes also necessary in order for us to comply with legal obligations. In certain cases, users also provide their express consent to these data uses.
- We may use Personal Data to evaluate and improve the Website, our services, and our other products (i.e., identify usage trends and for data analysis, including for purposes of research, audit and reporting) and to develop new products, services, features and benefits. This use of Personal Data is necessary for our legitimate interests (managing our business, providing our services, keeping our records updated, studying how users use our Website and services, developing our Website and services, defining types of clients for our services, and informing our marketing strategy), provided our interests are not overridden by your rights and interests.
- We may use Personal Data to engage in advertising and marketing efforts and provide you with special offers and other information about the services as well as other products, events of ours, our affiliates, and non-affiliated third parties. This use of Personal Data is necessary for our legitimate interests (studying how users use our Website and services, to develop our Website and services, to grow our business and to inform our marketing strategy), provided our interests are not overridden by your rights and interests.
- We may share and transfer Personal Data if we are involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control. This use of Personal Data is necessary for our legitimate interests (managing our business and providing our Website and services), provided our interests are not overridden by your rights and interests. This use of your data is sometimes also necessary in order for us to comply with legal obligations.
We may also share Personal Data:
(i) as required or permitted by law, including any requirements from government agencies and taxing authorities; (ii) if we determine that disclosure of specific information is necessary to comply with the request of a law enforcement or regulatory agency or other legal process; (iii) to protect the rights, privacy, property, interests or safety of Company or our affiliated companies, customers, employees or the general public; (iv) to pursue available remedies or limit damages; (v) to enforce Company’s agreements; and (vi) to respond to an emergency. This use of your Personal Data is necessary in order for us to comply with legal obligations. This use may also be necessary to protect vital interests.
3. Transfer of Personal Data Outside of the Designated Countries.
To the limited extent that it is necessary to transfer Personal Data outside of the Designated Countries, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such Personal Data, including standard contractual clauses under Article 46.2 of the GDPR. Please contact us if you wish to obtain information concerning such safeguards.
4. International Transfers.
Company is located in the USA. Therefore, any Personal Data we collect will be collected and stored in the USA. For users that are in the Designated Countries, this means that their Personal Data will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of their Personal Data than the jurisdiction the user is typically a resident in. Please note that Company uses safeguards designed to protect the privacy and integrity of such Personal Data. Please contact us at firstname.lastname@example.org if you wish to obtain information concerning safeguards we employ when transferring Personal Data outside of the Designated Countries.
5. Additional Privacy Rights.
We provide you with the rights described below when you interact with us. We may limit these privacy rights (a) where denial of access is required or authorized by law, (b) when granting access would have a negative impact on others’ privacy, (c) to protect our rights and properties, or (d) where the request is frivolous or burdensome. If you would like to exercise your rights under applicable law, please contact us at email@example.com. We may seek to verify your identity when we receive your privacy rights request to ensure the security of your Personal Data.
- Right to withdraw consent. For any consent-based Processing of your Personal Data, you have the right to withdraw your consent. A withdrawal of consent will not affect the lawfulness of our Processing or the Processing of any third parties based on consent before your withdrawal.
- Right of access/right of portability. You may have the right to obtain information about the categories of your Personal Data that we are Processing, the purposes for which we Process that Personal Data, and how we share that Personal Data, among other things. You also have the right to access the Personal Data that we hold about you, and in some circumstances, have the Personal Data provided to you so that you can provide that Personal Data to another Controller.
- Right to rectification. You may request for us to correct or rectify any inaccurate or incomplete Personal Data we hold about you in our files.
- Right to erasure. In certain circumstances, you may have a right to the erasure of your Personal Data that we hold on you.
- Right to restriction. You have the right in some circumstances to request that we restrict our Processing of your Personal Data, such as where the accuracy of the Personal Data is contested by you.
- Right to object to Processing. You have a right to object to any Processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to Process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
- Rights to file a complaint. If you believe we are unlawfully Processing your Personal Data, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
- Notification to third parties. When we fulfill your individual rights requests for correction (or rectification), erasure or restriction of Processing, we will notify third parties also handling the relevant Personal Data unless this proves impossible or involves disproportionate effort. Upon your request, we will identify such third parties.
6. Exercising Your Rights.
If you wish to exercise one of these rights, please contact us at firstname.lastname@example.org. Please include your name and email address with your request. Before we can process any such request, we will need to verify your identity through the email address or telephone number associated with your interactions, and confirm your request prior to fulfilling any such request and reserve the right to deny a request where we are unable to satisfactorily complete this process. If you authorize someone to make a request on your behalf, we may also deny your request if we are unable to verify that the individual making the request is authorized to act on your behalf. We will respond to all such requests as soon as reasonably possible and, in any event, within timelines required by GDPR. Company does not and will not discriminate against you for exercising your rights under GDPR.
7. Third Party Providers/Sub-Processors.
We may use third party service providers (known as sub-processors) to facilitate use and operation of the Website and/or for other activities related to the interactions and our other business activities. We share some Personal Data with these sub-processors to help us provide, manage, secure and improve the Website and related to our interactions. Your Personal Data may be provided to and used by such sub-processors in furtherance thereof. Some of our subprocessors have privacy and security practices in place to ensure compliance with the GDPR and have contractual requirements to protect the privacy and security of the Personal Data that they sub-process.
8. Changes To This Addendum.
We reserve the right to change this GDPR Addendum from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the top of this Addendum. Your continued use of the Website or our services or other interactions with us after we make changes is deemed to be an acknowledgment of those changes, so please check this GDPR Addendum periodically for updates.