Last updated: March 27, 2020
Please read this policy addendum carefully to fully understand our practices regarding your personal information and how we will use it.
Why are we permitted to process your information?
As you are located in the EEA, we are required to set the legal grounds on which we rely in order to process your personal information. Our use of your personal information is permitted by law because:
- it is necessary for taking steps to enter into a contract with you for the products you purchase, or for carrying out our obligations under such a contract. Where we need your personal information in order to fulfil our contract with you, if you do not provide it, provide it inaccurately or require us to delete it, then we may not be able to provide you with the product or service that you have ordered from us;
- it is necessary for our legitimate interests, including to protect the security of our websites. In such cases, we have taken measures to ensure that this processing does not cause unwarranted prejudice to your privacy; and
- it is required to satisfy any legal or regulatory obligations that we are subject to.
How long do we keep your information for?
We retain your personal information in accordance with our website maintenance needs and the applicable record retention policies regarding additional personal information you provide to us. We calculate retention periods for your personal information in accordance with the following criteria:
- the length of time necessary to fulfill the purposes described in this policy;
- the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations;
- any limitation periods within which claims might be made; and
- the length of time we are required to retain any information for by law.
For example, any personal information you provide us through the Contact Us portion of our website will be retained for no more than one year, unless it relates to an existing, potential or previous contractual relationship with you.
How do I access or change my information?
You can review and change certain personal information we have about you by submitting a request via email to email@example.com. Please write “GDPR Request” in the subject line. We aim to action such requests as promptly as possible.
How do I make choices about receiving promotional communications?
We want to communicate with you only if you want to hear from us and will only do so where permitted by applicable law. If you prefer not to receive promotional information, such as information about our products and services, you can let us know (“opt-out”) at any time by contacting us via firstname.lastname@example.org or clicking the “unsubscribe” link and following the unsubscribe instructions provided in each of our promotional messages.
If contacting us via email@example.com, please be sure to include your full name and the email address you used when purchased from or contracted with our Company. If you ask us to remove your name and address from promotional lists, we will maintain your name in a “do not contact” file to ensure that we can honor your request.
Your European privacy rights
As you are located in the EEA, you have various additional rights under local law to those set out above in relation to your personal information, such as to:
- request a copy of the personal information we hold about you;
- ask that we correct or remove information you think is inaccurate or incomplete;
- ask that we delete the personal information that we hold about you, or restrict the way in which we use such personal information;
- withdraw consent to our processing of your personal information (to the extent such processing is based on consent);
- object to our processing of your personal information (including for direct marketing purposes); and
- receive your personal information in a structured and commonly used format so that it can be transferred to another data controller (‘data portability’).
If you would like to exercise these rights or understand if they apply to you, please contact at firstname.lastname@example.org.
Save as described in this policy or provided under data protection laws, there is no charge for the exercise of these rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.
Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
Transfers of my personal information
Your personal information may be transferred to and processed in other countries where laws governing the processing of personal information may be less stringent than the laws in your country (including jurisdictions outside the EEA, such as the USA).
In such cases, where required by local law we will ensure that there are adequate safeguards in place to protect your personal information. This adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission. Where we are legally required to do so, further details of these transfers and copies of these agreements are available from us on request.
If you are not content with how we manage your personal information, you can lodge a complaint about our processing of your personal information with the data protection regulator in the jurisdiction in which you live or work. A list of national data protection regulators in the EEA can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.