This Privacy and Security Statement does not apply to information collected on any third-party site or application (including advertising) that may link to or be accessible from our websites. We are not responsible for the privacy policies or data collection, use and disclosure practices of those sites. We encourage you to review the privacy policies of each site you visit.
Please read this Privacy and Security Statement carefully to understand our policies and practices regarding your information and how we will treat it. By accessing or using any of our websites or services (including email communications), you agree to this Privacy and Security Statement. This Statement may change from time to time, and these changes may affect how we use the information described below, so please check the Privacy and Security Statement periodically for updates.
NOTICE ABOUT HOW WE USE AND PROTECT PERSONAL INFORMATION
We collect several types of information for our business operations, including but not limited to:
Information you provide to us. When you navigate our websites or contact us, we may request or you may choose to provide us with certain information. This may include information by which you may be personally identified (“personal information”), such as name, employer, e-mail address or telephone number, and records and copies of your correspondence with us. For security purposes, we may also collect personal information from you if you visit one of our offices.
Information collected from forms on our websites. This includes information provided at the time of registering to use portions of our websites or our products and services, posting material, or requesting further services. We may ask you for information when you report a problem with our websites, products or services.
Usage details, IP addresses and cookies. As you navigate through and interact with our websites, we may automatically collect certain information about your equipment, browsing actions and patterns using common internet technologies, such as cookies and Web beacons. This may include details of your visits to our websites, including information about your connectivity, such as your IP address and browser information, location data, logs and other communication data, and the resources that you access and use on the websites. This information helps us to improve our websites and to deliver better and more personalized content and services by enabling us to estimate our audience size and usage patterns and recognize you when you return to our websites.
Email marketing. As a current or previous customer or user of our products or services, you may periodically receive emails from us containing details about features of the products you use and/or about similar products or services that we offer. Such processing may include the placing of beacons, or pixels, that let us know if you have opened our email and how long the email was open. We do this in order to see which emails are effective and which are not, so that we can improve our content and services. It helps us make sure that you are getting emails from us that you find useful and relevant. In doing so, we will never track your location or device information.
General business-related information. We may also receive other personal information from or about you in the ordinary course of our business.
We use information that we collect about you or that you provide to us, including personal information:
- To present our websites, products and services to you and continuously improve upon them.
- To provide you with information, products or services that you request from us.
- To notify you about changes to our website, products or services (including new offerings) and promotions or events.
- To maintain the integrity and security of our websites, products, and services.
- For our ordinary business operations, including human resources, recruiting, equity investments, and business research and outreach.
Legal basis for the processing. We are not allowed to process personal data if we do not have a valid legal ground. Therefore, we will only process your personal data if:
- the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request, such as when we authenticate your log-in to our services or ensure that you only have access to the services and data we have agreed to provide you with;
- the processing is necessary to comply with our legal or regulatory obligations, such as tax reporting or regulatory requirements;
- the processing is necessary for the legitimate interests of ReFRAME, and does not unduly affect your interests or fundamental rights and freedoms (see below);
- the processing is necessary for the performance of a task carried out in the public interest; or
- in some cases, and as may be requested from you from time to time, we have obtained prior consent.
To the extent that we process any special categories of data relating to you, we will do so because:
- the data has been manifestly made public;
- the processing is necessary for the establishment, exercise or defense of a legal claim;
- the processing is necessary for reasons of substantial public interest; or
- you have given your explicit consent to us to process that information (where legally permissible).
DISCLOSURE OF YOUR INFORMATION
Protecting your personal information is important to us and we neither rent nor sell your personal information to anyone. We may disclose or transfer personal information that we collect or you provide as described in this Privacy and Security Statement, including:
- To a buyer or other successor in the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of ReFRAME’s assets, in which personal information held by ReFRAME about our websites’ users is among the assets transferred.
- To our subsidiaries, affiliates, agents, contractors, service providers and other third parties we use to support our business or collaborate with and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes of providing services for or with us.
- To comply with any court order, law or legal process, including to respond to any government or regulatory request.
- To protect the rights, property or security of ReFRAME, our employees, our users or others.
ONWARD TRANSFER OF YOUR INFORMATION
To facilitate our global operations, and in accordance with applicable laws, we may transfer your personal information to, and access your personal information from, our corporate offices, subsidiaries, and affiliates in the various countries in which we operate, including the United States. Non-EEA countries may not offer the same level of personal data protection as EEA countries.
If your personal data is transferred outside the EEA, we will put in place suitable safeguards to ensure that such transfer is carried out in compliance with applicable data protection rules. To ensure this level of protection for your personal information, we may use a data transfer agreement with the third-party recipient based on standard contractual clauses approved by the European Commission or ensure that the transfer is to a jurisdiction that is the subject of an adequacy decision by the European Commission or to the US under the EU-US Privacy Shield framework. You may request additional information in this respect and obtain a copy of the relevant safeguard by exercising your rights as set out below. Where ReFRAME transfers personal data to other group companies, we rely on the standard contractual clauses.
CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION
We strive to provide you with choices regarding the personal information you provide to us. Here are a couple of ways you can have control over your information:
- Promotional Offers from the Company. If you do not wish to receive promotional e-mail messages from us, you can opt-out by sending us an e-mail at email@example.com asking to be omitted from future e-mail distributions.
DATA INTEGRITY AND PROPORTIONALITY
We only collect and retain as much personal information as needed for specific, identified purposes described in this Privacy and Security Policy and we will not use it in any way that is incompatible with those purposes.
WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
You may have a right to access and to obtain a copy of your personal data as processed by ReFRAME. If you believe that any information we hold about you is incorrect or incomplete, you may also request the correction of your personal data.
You may also have the right to:
- object to the processing of your personal data;
- request the erasure of your personal data;
- request restriction on the processing of your personal data; and/or
- withdraw your consent where ReFRAME obtained your consent to process personal data (without this withdrawal affecting the lawfulness of any processing that took place prior to the withdrawal).
We will honor such requests, withdrawal or objection as required under applicable data protection rules but these rights are not absolute: they do not always apply and exemptions may be engaged. We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to better understand your request. If we do not comply with your request, we will explain why.
EXERCISING YOUR RIGHTS
To exercise the above rights, you may send an email to firstname.lastname@example.org. If you are not satisfied with how we process your personal data, please let us know and we will investigate your concern. Please raise any concerns by contacting our Data Protection Officer at email@example.com.
If you are not satisfied with our response, you have the right to make a complaint to the data protection authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen. The contact details of each Data Protection Authority can be found at the following website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
We take your security seriously and take reasonable steps to protect and secure your personal information from unauthorized access, use, and disclosure. We have implemented adequate technical and organizational measures to protect personal data against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. These security measures have been implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of the personal data, with particular care for sensitive data.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our websites, products, or services, you are responsible for keeping this password confidential. Please do not share your password with anyone.
Although we take reasonable security measures to protect your personal information, for example, by using Secure Socket Layer encryption when you transmit your password, we cannot guarantee the security of your personal information transmitted to our websites. The transmission of information via the internet is not 100% secure and we cannot ensure or warrant the security of any information you transmit to us. We are not responsible for circumvention of any privacy settings or security measures contained on the websites.
HOW LONG DO WE STORE YOUR DATA?
We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
CHANGES TO OUR PRIVACY AND SECURITY STATEMENT
We may amend this Privacy and Security Statement from time to time. We encourage you to revisit this page periodically to read the current version of this Statement in effect. If you have any concerns or questions about this Statement or if you would like to lodge a complaint, please contact firstname.lastname@example.org.
CHILDREN UNDER THE AGE OF 13
Our websites are not intended for children under 13 years of age. If you become aware that your child has provided us with personal information without your consent, please contact us at email@example.com and we will work to delete it. We do not knowingly collect personal information from children under 13.
DATA PROTECTION OFFICER
To communicate with our Data Protection Officer, please email firstname.lastname@example.org
If you have any questions or comments about this Privacy and Security Statement, please contact us by emailing us at email@example.com