General Data Protection Regulation Policy

Wave Shape Wave Shape

This policy is a supplement to our general privacy policy (“Privacy Policy”) for those individuals covered by European law.  General Data Protection Regulation (“GDPR”) permits users who are in the European Economic Area (“EEA”) or European Union (“EU”) and the United Kingdom (“UK”) to request certain information regarding the control, disclosure, and use of their Personal Information.  In summary, those rights include the right to: fair processing of information and transparency over how we use your Personal Information, requires us to provide you with information regarding the information that we have about you and how we use that information, requires us to correct any mistakes in your information which we hold, requires the erasure of Personal Information concerning you in certain situations, and your right to object at any time to the processing, use, and automation of your data.  All defined terms in the Privacy Policy shall retain the same meaning as this page.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (“ICO”) on individuals’ rights under the GDPR.  If you would like to exercise any of those rights, please contact us pursuant to the “Contact Information and Requests” section of our general Privacy Policy at Privacy Policy.

 

  1. HOW WE COLLECT INFORMATION UNDER THE GDPR.

Consistent with the Privacy Policy, and subject with applicable law of the GDPR and the choices and controls available to you as set forth herein, we may collect your Information in any way we feel necessary to provide you with the best experience when using the Website or in our dealings with you, to protect your interests, communicate our interests, or generally become better informed about you as our valued customer.  Additionally, we may collect information as described in the “How We Collect Information” section of the general Privacy Policy.  For more detailed information on the information we collect, please visit our “Privacy Disclosures Page” at Privacy Disclosure.

 

  1. HOW WE USE INFORMATION UNDER THE GDPR.

Generally, we have collected and used, may have disclosed, and may have sold the following categories of Personal Information: identifiers, commercial information, Internet or other electronic network activity information, geolocation data, professional or employment-related information, audio, electronic, visual, or similar information, inferences drawn about you, and other categories of Personal Information that relate to, describe or are reasonably capable of being associated with you.

For a list of the specific data that we collect, disclose, and sell, the sources from which we collect this Personal Information, and Personal Information we use for the business and commercial purposes, please visit our “Privacy Disclosures Page” at Privacy Disclosure.

 

  1. TRANSFER YOUR INFORMATION OUT OF EUROPEAN ECONOMIC AREA.

We may transfer your Personal Information to areas outside of the EEA.  Such countries do not have the same data protections as the EEA and the UK.  The European Commission has determined some territories or countries are inadequate to receive certain data.  While we take efforts to restrict transfer to those countries, we may in some instances transfer such data because it is necessary for us or we have determined it is a compelling legitimate interest.  Where we transfer your Personal Information to countries outside of the EEA, we will take steps to ensure that your Personal Information will continue to be protected.  In those instances, we will implement appropriate safeguards for the transfer of Personal Information to our service providers in accordance with the applicable law, such as relying on our service providers’ Privacy Shield certification or implementing standard contractual clauses for data transfers.  For a list of the data transferred, please visit our “Privacy Disclosures Page” at Privacy Disclosure.

 

  1. AUTOMATED DECISION MAKING.

We may subject you to a decision based solely on automated processing, including profiling, in a manner which produces legal effects or similarly significantly affects you, without your express consent.  For a list of the purposes in which we make automated decision processing, please visit our “Privacy Disclosures Page” at Privacy Disclosure.

 

  1. HOW TO COMPLAIN UNDER GDPR.

The GDPR also gives you the right to lodge a complaint with a supervisory authority, in particular in the EU (or EEA) state where you work, normally live, or where any alleged infringement of data protection laws occurred.  We invite you to raise your concerns with us first, so that we can try to resolve them.

 

  1. GDPR RIGHTS.

You have the right to access Personal Information we hold about you and to ask that your Personal Information be corrected or erased and to port your Personal Information. You may also have the right to object to, or request that we restrict, certain processing or to withdraw consent you have previously provided.  If you have any requests regarding your Personal Information, have any inquiries regarding this Privacy Policy, or you would like to exercise your rights or receive any information about your rights, please contact us pursuant to the “Contact Information and Requests” section of our general Privacy Policy at Privacy Policy.