Last updated: April 30, 2020
Our goal is to help to understand what data we collect, why we collect it, what we do with it, and the choices and rights that are available to you. Let us state outright: we will never sell your personal information or data. We collect what is minimally necessary to conduct normal operations in the course of our business. We may reach out to market to you or your company if we believe you have a legitimate interest in our products or services.
High-level traffic statistics are collected through our website through the privacy-oriented Fathom Analytics. We do not share information resulting from the use of our products and services unless we have a legally valid reason to do.
- Affiliates – means any company, business entity, or professional service provider with whom we have a partnership, service agreement, contract, or business relationship with.
- Data Collector – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.
- Data Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Legitimate Interest(s) – means that we have a good and valid reason to use your data and that we do so in ways that do not cause harm to you or your rights and interests: i.e. a way reasonably expected as part of operating our business.
- Personal data/information – means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Our commitment to privacy
PrivacySafe is committed to complying with all data protection laws including but not limited to the GDPR, PECR, PIPEDA, and the CCPA.
We have conducted a LIA (Legitimate Interests Assessment) pursuant to the GDPR and determined that a DPIA (Data Protection Impact Assessment) is unnecessary as the data we process is not likely to result in a high risk to individuals. We understand our responsibility to protect the individual’s interests. We have verified that the processing is necessary and there is no less intrusive way to achieve the same result. We have performed a balancing test and are confident that the individual parties’ interests do not override our legitimate interest in contacting them. Individuals’ data is used in ways that they would reasonably expect and would not find intrusive. We review our LIA periodically and update it whenever circumstances change.
Types of personal data we collect
- Your name (or the name you provide to us)
- Your job title
- Your job role
- The product you purchased
- Which platform you bought the product on
- Your email address and contact number
- Your postal and/or billing address
- The name of the organization you work for
- The type of industry you work in
- Data on the transactions and purchases you make with us
- Your country of origin
- The type of web browser you use to visit our website
Specific uses of personal data
Marketing to businesses and potential customers
- We may contact you or your business in a professional capacity by email, SMS, or phone call with product news, marketing offers, and updates. We may contact you if we we have a (1) pre-existing professional or personal relationship with you, (2) a financial or contractual agreement with you, (3) if we believe the information or offer is of genuine and legitimate interest to you, (4) if we believe that the information or offer is useful or relevant to your job role or company, and (5) if you have previously provided consent for us to contact you.
- We have made efforts to ensure any contact lists obtained are GDPR, ePrivacy Regulation, and PECR compliant. However, if you do not wish to be contacted, please email our Chief Privacy Officer at email@example.com and we will permanently delete your information from our marketing lists.
Managing our customer base
- When you purchase a PrivacySafe or backup your data using our PrivacySync service, we will retain the your name, address, shipping information, and any other information required in order to provide the services necessary to fulfill our contractual obligation with you.
Regular business functions
- This includes but is not limited to information that we process because we have a contractual obligation with you, process return requests, and to meet or comply with legal or regulatory requirements.
Website traffic statistics
- We may retain your personal data for as long as is necessary for the purpose for which it was collected, or as required or permitted for legal and regulatory purposes and legitimate business purposes. We will not retain this information for longer than is reasonably necessary, unless required to do so by court order or applicable law.
- If you request to have your information deleted, we will promptly remove all of your personal data from our system (such as your name, postal address, e-mail address, and phone number) and other preferences associated with your account. Please email our Chief Privacy Officer at firstname.lastname@example.org.
- We maintain a presence on several social networking, crowdfunding, and blogging platforms, such as Twitter, Indiegogo, and LinkedIn. Through these platforms, it is possible that we may receive some personal information and web site usage information about you. Personal data acquired through our crowdfunding platform, Indiegogo, is limited to the name and email address of campaign backers. However, be advised that PrivacySafe has no control over any information collected by these platforms or their affiliates.
How do we secure personal data?
All information kept on PrivacySafe devices and servers is encrypted using cryptographic protocols and tools. Customer information is subject to a network of internal controls. Employees are required to undergo training on the handling and processing of data. We perform audits on a consistent basis and review our security measures in response to changes in the industry and new legal requirements.
- You may choose to invoke any of the rights listed below by emailing us at email@example.com.
Rectification of inaccurate or incomplete information
- You may choose to correct or otherwise rectify the information we hold about you.
Data access and portability
- You have the right to request your information in transferable form. We reserve the right to require additional information to confirm your identity before processing your request.
Data retention and erasure
- You have the right to request erasure or deletion of your information at any time, except if required to fulfill our contractual obligation with you or under applicable law within your jurisdiction. Personal information is not held longer than is necessary to fulfill our obligation(s) to you.
Withdrawing consent, restriction or objection to processing
- You have the right to withdraw consent, restrict or object to our marketing to you or processing of your information at any time using the opt-out or unsubscribe link provided in our communication with you. You may also contact us at firstname.lastname@example.org. This does not affect the lawfulness of processing based upon consent that occurred prior to your withdrawal of consent.
When do we disclose information?
- Data backed up through our PrivacySync service is encrypted and we are not able to view it. However, we may be required to produce this data in its encrypted form if required to do so by law, subpoena or court order. We may disclose your contact information that you have provided to us in the course of business if required to do so by law, valid subpoena, court or judicial order.
- We reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to: (1) protect ourselves against liability, fraudulent, abusive, or unlawful activity, (2) investigate and defend ourselves against substantive legal claims or allegations, (3) protect the integrity of our facilities or equipment used to produce or provide our products or services, or (4) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
- We may disclose contact information (e.g. a customer list) if transferred to an acquirer, successor, or assignee as part of any merger, acquisition or sale of PrivacySafe.
Links to other sites
Our website and/or email list may contain links to other sites that are not operated by us. We are not responsible for their content and encourage you to read their respective privacy policies as they may differ from this one.
We use Stripe to help process our orders, which requires collecting some information in order to do that. Stripe is a third-party service provider, which may process your data to help us process the actual payment from you. Stripe has certain data processing activities for which it acts as a data controller, and others for which it acts as a data processor. Example: when Stripe processes credit card transactions, facilitating a transaction requires the processing of personal data, such as the cardholder’s name, credit card number, the credit card expiry date, and CVC code. The cardholder’s data is sent from the Stripe user to Stripe via the Stripe API. Stripe then uses the data to complete the transaction within the systems of the credit card networks, which is a function that Stripe performs as a data processor. However, Stripe also uses the data to comply with its regulatory obligations (such as Know Your Customer (“KYC”) and Anti Money Laundering (“AML”), and in this context Stripe acts as a data controller. More about how Stripe is GDPR compliant can be found here.
COPPA (Children’s Online Privacy Protection Act) Statement
PrivacySafe does not knowingly solicit or collect personal information from minors under the age of eighteen. If you have reason to believe a minor has disclosed personal information to PrivacySafe, please notify email@example.com immediately.
CAN-SPAM Act statement
The CAN-SPAM Act sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and provides for penalties for violations. We collect your email address in order to:
- Send information, respond to your inquiries, requests and/or questions.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
In accordance with CAN-SPAM, we agree to the following:
- Not to use false or misleading subject headers or email addresses.
- Include the physical address of our business or site headquarters.
- Honor opt-out/unsubscribe requests as quickly as possible.
- Allow users to unsubscribe or opt-out by using the link at the bottom of each email.
EU-U.S. & Swiss-U.S. Privacy Shield Statement
PrivacySafe complies with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the data protection requirements when transferring personal data from the European Union and Switzerland to the United States. PrivacySafe adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
Changes to this policy
We reserve the right, at our discretion, to change, modify, add, or remove portions from this policy at any time by posting such changes here. You should review this policy regularly for changes, and by checking the “Last Updated” date above. However, if at any time in the future we plan to use personal information or data in a way that differs from this policy, we will post such changes here and provide you the opportunity to opt-out of such differing uses.