Leebry Privacy Notice
At MacPaw, we care about your privacy and are committed to protecting it. This Privacy Notice (the “Notice” or “Privacy Notice”) will help you understand who we are, how we operate, what Personal Data we collect, how we use it, on what legal grounds we rely when processing your Personal Data, how we keep your Personal Data secure, as well as your privacy rights and our commitments to comply with them, according to applicable Data Protection Laws (as defined below in the section “Definitions”).
- INTRODUCTION
This Privacy Notice applies to and governs the processing of Personal Data in connection with your interactions with Leebry, including:
- our websites https://leebry.com/, https://leebry.ai/ and/or their subdomains (the “Site”);
- web-platform, desktop application, and bot named Leebry (collectively or separately, the “Product”);
- any other products, services, programs, features, technologies, marketing and promotional activities associated with Leebry, such as events, surveys, and newsletters (the “Services”);
- any commercial or business-related interactions or transactions with Leebry.
If you do not agree with this Privacy Notice, please refrain from accessing or using the Product and/or the Site.
The Data Controller for the purposes of this Privacy Notice is:
MacPaw Way Ltd. (hereinafter “we”, “us”, “our” or “MacPaw”)
registration number 428214
Registered address: 25 Serifou, Allure Center 11, Office No. 11-12, 2nd Floor, 3046 Zakaki, Limassol, Cyprus
This Privacy Notice applies only where MacPaw acts as the Data Controller of your Personal Data. It does not apply to Personal Data that MacPaw processes as a data processor on behalf of its business customers (the "Customer"), such as any input submitted to, output generated by, or documents, content, files and other materials uploaded to our Product (the “End-User Content”).
The Product is offered to companies and other legal entities for professional use. Where a Customer deploys the Product to their end users, that Customer acts as the Data Controller in respect of their end users' Personal Data, including the End-User Content, and MacPaw processes such data solely in accordance with the Customer's instructions, the Agreement and the applicable data processing addendum. Any questions or requests relating to Personal Data processed in that context should be directed to the relevant Customer. Where MacPaw receives a data subject rights request in respect of data it processes as a data processor, it will forward that request to the relevant Customer without undue delay.
MacPaw has contracts with all Data Processors (Third Parties) that it uses in compliance with applicable data protection legislation and ensures that all Data Processors are compliant with the applicable data protection legislation. To learn more, go to the section “How we share and disclose information” of this Privacy Notice.
This Privacy Notice also does not apply to:
- Personal Data that we process about you when you interact as a user with other products/services or our branded social media pages under the brand name “MacPaw”. In such cases, the relevant privacy notice of each product/service you interact with will apply accordingly.
- Your use of and interactions with our website MacPaw (Website or Site). The Site’s policy can be found by following this link.
- The processing of personal data of business professionals, including named employees, decision-makers, founders, and other representatives of organisations, where such data is processed for the purposes of identifying, contacting, and engaging prospective business customers. Such processing is governed exclusively by our B2B Sales Privacy Policy.
- Anonymized data.
Our Product(s) and/or the Site are not intended for individuals who are considered minors under the applicable legislation in their country of residence. We do not knowingly collect or process Personal Data from individuals who have not reached the age of majority as stipulated by relevant laws. If you are a minor according to the applicable legislation, please do not use our Product(s) and/or the Site and do not provide us with any Personal Data. Should we become aware that we have inadvertently collected Personal Data from a minor without the necessary parental consent, we will take steps to delete such information promptly. If you are a parent or legal guardian and believe that your child, who is considered a minor under the relevant laws, has provided us with Personal Data, please contact us at [email protected] to exercise your rights, including the right to access, correct, or request the deletion of the data.
We do not collect and/or process any special categories of Personal Data about You (this includes details about Your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about Your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
II. DEFINITIONS
Capitalised terms used in this Privacy Notice and not otherwise defined shall have the meanings provided below:
Agreement means the Master Service Agreement entered into between MacPaw and the Customer, pursuant to which the Customer and its authorized users are granted access to the Product.
Data Controller means a natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of MacPaw.
Data Protection Laws means any applicable data protection or privacy laws or regulations as may be amended or superseded from time to time, including but not limited to: i) the EU General Data Protection Regulation (the “GDPR”) as implemented by countries within the EEA; ii) the UK General Data Protection Regulation and Data Protection Act 2018, as amended by Brexit legislation (the “UK GDPR”); iii) the California Consumer Privacy Act (the “CCPA”) and California’s Shine the Light law; and iv) any other applicable Data Protection Legislation and/or other laws or regulations that are similar, equivalent to, successors to, or that are intended to implement the laws or regulations applicable to you in relation to the transmission and processing of your Personal Data under this Privacy Notice.
Personal Data (or Personal Information) means any information relating to an identified or identifiable natural person.
Special Categories of Data means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data and data concerning health or a person’s sex life or sexual orientation. By default, the Special Categories of Data are not processed in any way by the Product or Site.
Processing/Processed refers to any operation or set of operations performed on Personal Data, as defined under applicable Data Protection Laws.
Standard Contractual Clauses means i) where the EU GDPR applies, the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council incorporating Module 1 (Controller to Controller transfers) (EU SCCs); and ii) where the UK GDPR applies, the template Addendum B.1.0 issued by the UK's Information Commissioner's Office and approved by Parliament in accordance with s119A of the Data Protection Act 2018 (UK Approved Addendum) and the accompanying Mandatory Clauses of the UK Approved Addendum, as updated from time to time and/or replaced by any further version published by the Information Commissioner's Office (UK Mandatory Clauses)
The terms and definitions used in this Privacy Notice are specific to this document. Where any inconsistency or discrepancy arises between the definitions set out herein and those used in any other document, the definitions contained in this Privacy Notice shall prevail for the purposes of personal data processing.
III. INFORMATION WE PROCESS
We collect your Personal Data in various ways, depending on how you interact with Leebry. The Personal Data may include information you provide directly to us, information collected automatically through your use of the Site, the Product and/or related Services, and information obtained from third parties. In particular, we may process the following categories of personal data:
- Contact Data means your email address, full name, company role, company name, and company address, as well as your LinkedIn profile URL, company website, company LinkedIn URL, and country. We may collect this information directly from you, your employer, colleagues, or other third parties, as well as from publicly available sources, including LinkedIn and other professional networks.
- Business Qualification Data means information we collect or derive about you and your organisation, including your industry, company size, technology stack, and internal qualification scores or tags. This data is used solely for internal marketing purposes.
- Account Data includes your email address, full name, company role, company name, and Customer ID. Upon completing the sign-up form, we will create an account for you with your unique Customer ID. Your Account Data also includes any feedback, or ratings you provide to us (whether orally, in writing, or through automated interactions).
- Location Data . This is the geographic area where you use the Site, Product or Services (as indicated by an Internet Protocol [IP] address or similar identifier). We will not track your concrete geographic location.
- Log Data. As with most websites and technology services delivered over the Internet, our servers automatically collect data when you access or use our Site and/or Product and record it in log files. This log data may include browser type and settings, the date and time of use, and cookie data.
- Usage Data. This is information about the Site and/or Product you use and how you use them, in-app usage events and actions, used by us to understand your behaviour, analyze and optimize it. This also includes authentication event data generated when you connect or authenticate third-party integrations to the Product, such as authentication status and any related error information. We may also obtain data from our third-party partners and service providers to analyze how users use our Site and/or Product. For example, we will know how many users access a specific page on the Site and which links they clicked on.
- Device Data means data from your device, such as your device type, operating system, browser type, client application type and version, and, where you access the Product via Slack, your Slack workspace plan type.
- Marketing data refers to information collected through cookies and similar technologies, as well as data shared by third-party social media and advertising platforms (e.g., Google, LinkedIn, Facebook) when you interact with us. Marketing Data also includes technical campaign metadata such as bounce status, unsubscribe status, campaign participation records, and engagement metrics. With your consent, these third-party platforms may share your Personal Data to personalize your experience and deliver content relevant to your interests, including targeted offers. For more details, please review our Cookie Policy available on the respective Site.
- Communications and Engagement Data means records of your interactions with our team, including email communication history, campaign interaction data (such as email opens, clicks, and replies), meeting booking data, call recordings, AI-generated meeting summaries, and meeting notes. Call recordings and AI-generated summaries are collected solely with your prior consent where required by applicable law.
- AI Interaction Data means data generated through your interactions with the AI-powered features of the Product, including:
- conversation, session, message, and turn identifiers;
- input modality (e.g. keyboard, voice, or image) and attachment presence and type;
- masked versions of your message inputs and AI-generated responses;
- message category, detected intent, and clarification indicators;
- AI processing metadata, including the model used, token counts, internal tool identifier, and integration service name;
- response status and source type (e.g. Confluence, Jira, or other connected integration);
- in-product feedback ratings and masked feedback text provided in response to AI-generated responses; and
- authentication event data generated when you connect third-party integrations to the Product, including authentication status and any related error information.
We use AI Interaction Data to deliver, monitor, and improve the AI-powered features of the Product.
IV. USE OF INFORMATION AND LEGAL BASIS
The table below sets out the purposes for which we process your Personal Data and the corresponding legal bases for such processing:
Categories of Personal Data | Purpose of Processing | Legal Basis |
Contact Data, Marketing Data, Communications and Engagement Data | To reach out to you at our initiative, to send product updates, marketing emails, and campaign communications | Art. 6(1)(f) - Legitimate interests; Art. 6(1)(a) - Consent where required by applicable law |
Contact Data, Communications and Engagement Data | To record and manage interactions with existing customers, including email communications, meeting bookings, and campaign engagement | Art. 6(1)(f) — Legitimate interests |
Communications and Engagement Data | To record calls and meetings and to generate AI-powered summaries and notes for internal use | Art. 6(1)(a) — Consent of a data subject |
Contact Data | To respond to your inquiry regarding our Product and/or related Services, to communicate with you for the purposes of execution of the Agreement, to conduct vendor due diligence, to conclude the Agreement, to invoice you for the provided services | Art. 6(1)(b) - Performance of or intention to enter into the Agreement |
To offer you other products under the brand name “MacPaw” | Art. 6(1)(f) — Legitimate interests | |
Account Data | To create an account for you and/or to provide access to the Product, and communicate with You | Art. 6(1)(b) - Performance of or intention to enter into the Agreement |
To send you notifications required by applicable laws (e.g., about upcoming or recent changes in the Product) | Art. 6(1)(c) - Compliance with legal obligations set forth by applicable laws and regulations | |
Account data, Location Data, Log Data, Device Data, AI Interaction Data | To provide our Product and/or the Site and related Services, to provide updates and troubleshootings, to provide customer support | Art. 6(1)(b) - Performance of or intention to enter into the Agreement |
Contact data, Account data | To receive feedback about our Product and Services; | Art. 6(1)(f) — Legitimate interests |
Contact data, Business Qualification Data, Usage Data, Marketing data, Communications and Engagement Data | To personalize experience and to deliver content relevant to your interests, including targeted offers through third-party sites and via email; to track and measure the effectiveness of our marketing campaigns | Art. 6(1)(f) — Legitimate interests; or Art. 6(1)(a) — Consent of a data subject when consent is the only proper and lawful legal basis |
Account data, Location Data, Log Data, Usage Data, Device Data, AI Interaction Data | To ensure functionality, interoperability and security of our Product, the Site, and/or related Services; to prevent fraud, theft and misconduct | Art. 6(1)(b) - Performance of or intention to enter into the Agreement; and Art. 6(1)(f) — Legitimate interests |
Contact Data, Account Data, Location Data, Log Data, Communications and Engagement Data, AI Interaction Data | Comply with our legal obligations, including reporting requirements, and defending ourselves in legal proceedings, and protect our company and our property, employees, and others through legal proceedings | Art. 6(1)(c) - Compliance with legal obligations set forth by applicable laws and regulations |
Contact data, Account data, Location Data, Log Data, Usage Data, Device Data, AI Interaction Data, Communications and Engagement Data | For our internal analytics and to generate statistical reports containing aggregated information for the purposes of improving Products and Services | Art. 6(1)(f) — Legitimate interests; or Art. 6(1)(a) — Consent of a data subject when consent is the only proper and lawful legal basis |
V. COOKIE FILES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies to provide, analyze, understand, and enhance the use of our Services; enforce the Agreement; prevent fraud; improve Site performance; monitor visitor traffic and actions on our Site; deliver and tailor our marketing activities; and understand your interactions with us. Our Site and Services may also include cookies and similar tracking technologies from third parties (e.g., Google, LinkedIn, Facebook), which may collect information about you via our Site and Services and across other websites and online services.
To find more about how we use cookies and similar technologies, visit our Cookie Policy available on the respective Site.
VI. HOW WE SHARE AND DISCLOSE INFORMATION
In the table below we provide You with information about whom we share Your Personal Data, the purposes, as well as contractual arrangements we rely on when disclosing Your Personal Data.
In most cases, your Personal Data is processed within the territory of the European Economic Area (EEA). When we transmit your Personal Data beyond EU/EEA regions, we do so only where appropriate safeguards are in place to ensure an adequate level of protection, namely, an adequacy decision of the European Commission (including, for transfers to certified recipients in the United States, the EU-US Data Privacy Framework) or the Standard Contractual Clauses, supplemented where necessary by additional technical, organizational, and contractual measures.. To find more, please follow EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification that can be found here. You may request further information about the specific transfer mechanism applied to your Personal Data, including a copy of the relevant safeguards (such as the Standard Contractual Clauses we have entered into), by contacting us.
Some third-party applications and services that work with us may ask for permission to access your Personal Data. Those applications will provide You with notice and request your consent. Please consider Your selection of such applications and services, and your permissions, carefully. Data collected by third parties through these apps and plugins is subject to each parties’ own policies. We encourage you to read those policies and understand how other companies use your Personal Data.
Third Party | Role and Purpose | Contractual arrangements |
MacPaw Corporate Transactions | MacPaw intra-group sharings between departments of software development, analytics, security IT services, and customer support For Macpaw merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding; | Standard Contractual Clauses as approved by the European Commission (EU-US DPF) and MacPaw Corporate Confidentiality obligations |
Google Ads Google Tag Manager Google Ireland Limited Google Building Gordon House, Barrow Street Dublin 4, D04 E5W5 Ireland | Google Ads is an online advertising platform utilised to deliver targeted promotional content to users Google Tag Manager is a tag management platform used to deploy and manage third-party tracking and analytics scripts on the Site without modifying the underlying code directly. Google Tag Manager itself does not collect Personal Data but facilitates the collection of data | Google Ads Data Processing Terms following this link |
BigQuery Google Ireland Limited Google Building, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland | A cloud-based data warehousing and analytics service | Cloud Data Processing Addendum following this link |
Google oAuth Google Ireland Limited Google Building, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland | An authentication and authorisation service that enables users to sign in to our Product using their Google account credentials | Google APIs Terms of Service following this link and Google API Services User Data Policy following this link |
Okta Okta, Inc. 100 First Street, 6th Floor San Francisco, CA 94105 United States of America | A cloud-based identity and access management provider offering services including single sign-on, multi-factor authentication, lifecycle management, and universal directory. We use Okta to manage and authenticate user access to our Product | Data Processing Addendum following this link |
CookieYes CookieYes Limited (3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom, company number 13074037, VAT number GB381305513) | Cookie Consent Management Tool to manage collection of cookies and other tracking technologies, to document your consent and provide you with a clear and transparent cookie banner | Data Processing Terms following this link |
Functional Software, Inc. d/b/a Sentry Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105. | Our SaaS partner in development, maintenance and errors fixing | Data Processing Addendum following this link |
eSputnik RETENTION YES SP. Z.O.O, Warsaw city, Poland Twilio Ireland Limited 70 Sir John Rogerson’s Quay, Dublin 2, D02 R296, Ireland | Our email service partners to send You marketing emails | Data processing Agreement following this link; Data Protection Addendum following this data |
Facebook Ireland Ltd. Merrion Road, Ballsbridge, Dublin D04 X2K5, Ireland | Social media provider that we use for the purposes of online marketing, in particular the marketing of advertising space based on your potential interests and the measurement of their effectiveness of Our marketing and advertising campaign | Data Processing Terms following the link |
LinkedIn Ireland Unlimited Company Wilton Plaza, Wilton Place, Dublin 2 Ireland | Professional analytics and advertising | Data Processing Agreement following this link |
Posthog PostHog Inc, 2261 Market Street 4008, San Francisco, CA 94114, USA | Product analytics provider used to analyse user behaviour and product usage | Data Processing Agreement following this link |
Hotjar Content Square SAS 7 rue de Madrid, 75008 Paris, France | Behaviour analytics and user experience research provider | Data Processing Agreement following this link |
In addition to the third-party services described in this Privacy Notice, we may also share and disclose your personal data with the third-party services listed in Section “How We Share and Disclose Information” of our B2B Sales Privacy Policy, available at here. Such sharing and disclosure shall occur solely to the extent necessary for the purposes and on the legal grounds set out in this Privacy Notice.
For more information about third parties whom we engage for marketing and analytics via Site, check our Cookie Policy available at the respective Site.
VII. DATA RETENTION
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to provide and operate the Product, comply with legal, regulatory, tax, accounting, and reporting obligations, resolve disputes, enforce agreements, and establish, exercise, or defend legal claims.
Retention periods may vary depending on the type of Personal Data:
- For the fulfilment of our contractual obligations and providing services under the Agreement we keep your Personal Data during the validity term of the Agreement. Once the contractual relationship with us is terminated, we may retain your personal data in our systems and records to ensure adequate fulfilment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to evidence our business practices and contractual obligations, or to comply with applicable legal, tax, or accounting requirements.
- For the purpose of sending you newsletters or other marketing communications, we keep your Personal Data for as long as we retain your consent. You may revoke your consent at any time by clicking “unsubscribe” in the email footer or contacting us.
- For the fulfillment of tax and accounting obligations in accordance with our legal obligations, we will retain your Personal Data usually for 7 years (depending on the applicable law).
- Cookies data and other log files will be stored until the relevant cookies expire. You can always check the duration of cookie storage in our Consent Management Tool.
- When we process your Personal Data for the purposes of exercising your rights as the data subject and respond to your access requests, we will retain your Personal Data for 5 years.
- When we process your Personal Data for the purpose of establishing, exercising, or defending against legal claims, we will keep it for as long as it is necessary to defend our specific rights and interests, and, in the case of a dispute, until the final execution of the binding decision of the competent supervisory authority.
Where we no longer have a legitimate business purpose or lawful legal ground to process your Personal Data, we will delete, anonymise, or aggregate such data. Where immediate deletion is not feasible (for example, where Personal Data is retained in backup archives), we will securely store and restrict your Personal Data from any further processing until deletion becomes possible.
If we seek to retain your Personal Data on file on the basis that a further opportunity may arise in the future, we will inform you with notice, seeking your explicit consent to retain your Personal Data for a fixed period on that basis.
If you believe that we are keeping your Personal Data illegally, please send the respective notice request to [email protected]. We will review your request at our earliest convenience and delete your Personal Data unless we are required by law to keep it for a longer period, or unless we can demonstrate legitimate grounds for processing that override your interests, rights, and freedoms. If deletion is impossible, we will securely store your Personal Data and isolate it from any further processing until deletion is permitted.
VIII. SECURITY AND CONFIDENTIALITY
We are committed to protecting the privacy and security of Your Personal Data. We have recently achieved ISO 27001 certification for Our Company, demonstrating our dedication to maintaining a high standard of information security management. This internationally recognized standard sets requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).
Here’s how we ensure the security and confidentiality of Your Personal Data:
- Information Security Policies: We have established a comprehensive set of information security policies that guide our data protection practices, which are regularly reviewed and updated to remain effective;
- Access Control: Access to Personal Data is strictly controlled. We employ user authentication, role-based access controls, and encryption to prevent unauthorized access to your Personal Data;
- Data Encryption: Your Personal Data is encrypted both in transit and at rest using industry-standard encryption methods to prevent unauthorized access or disclosure;
- Risk Management: We conduct regular risk assessments to identify potential security threats and vulnerabilities. This proactive approach helps us to implement effective measures to mitigate identified risks.
- Security Awareness and Training: Our employees receive regular training on information security and data protection best practices to ensure they understand the importance of maintaining data privacy.
- Incident Management: We have established a comprehensive incident response plan to quickly and effectively address any security incidents or breaches. This includes processes for detection, containment, investigation, and communication.
- Data Integrity and Accuracy: We implement measures to ensure the accuracy and completeness of Personal Data and prevent unauthorized alterations.
- Physical and Environmental Security: Our data centers and office locations are protected by physical security controls such as access restrictions, surveillance, and environmental controls to safeguard against physical threats.
- Supplier Security and Vendor Check: We assess and monitor our suppliers and vendors to ensure they meet our high standards of data protection and information security
- Regular Audits and Continuous Improvement: As part of our ISO 27001 certification, we conduct regular internal and external audits of our ISMS to identify areas for improvement and ensure ongoing compliance with security standards.
IX. PERSONAL DATA BREACH NOTIFICATION
We have developed a strong Incident Response Plan that, inter alia, in case of a Data Breach, will take all reasonable steps to investigate, contain, and report the Data Breach to you.
If the data breach is likely to result in a high risk to your rights and freedoms, we will communicate the Personal Data breach to you without undue delay via email and instruct you on mitigation measures. In case our communication channel with you is compromised by the incident, we will notify you using media channels, and this Site in particular.
Breaches of this Privacy Notice by staff, contractors, or officers of MacPaw will be dealt with under MacPaw’s internal grievance and disciplinary policy and may lead to a disciplinary sanction.
X. YOUR RIGHTS AS THE DATA SUBJECT
You have the following rights in respect to your Personal Data, including the right to access, correct, or delete Personal Data. You can:
- Have your Personal Data corrected or deleted. You may ask us to correct information you think is inaccurate or completely delete all information that we hold about you by emailing: [email protected].
- Access your Personal Data report by submitting a request at [email protected]. This report will include the Personal Data we have about you, provided to you in a structured, commonly used, and portable format.
- Object to us processing your Personal Data. It is your right to lodge an objection to the processing of your Personal Data by emailing: [email protected] if you feel the “ground relating to your particular situation” applies. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.
- Ask us to provide the Personal Data you have given us in a structured, commonly used, and machine-readable format, and to transmit it directly to another service provider where technically feasible. This right applies where we process your Personal Data based on your consent or a contract with you and the processing is carried out by automated means.
- Withdraw consent on marketing emails, including when we use your Personal Data to send you marketing emails. We only send marketing communications to you with your prior consent, and you may withdraw your consent at any time by clicking the “unsubscribe” link found within MacPaw emails or contacting us. Please note you will continue to receive transactional messages related to our Product, even if you unsubscribe from marketing emails.
- Withdraw consent. This right only exists where we rely on consent as a legal basis to process Personal Data about you (the “Consent Withdrawal”).
- Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority if you consider that the processing of Personal Data relating to you is in breach of the applicable laws and regulations. If you’re based in the European Economic Area (EEA) and think that we haven’t complied with data protection laws, you have a right to lodge a complaint with your local supervisory authority. You can find the list of supervisory authorities via this link.
- Request to know more details about the categories or specific pieces of Personal Data we collect (including how we use and disclose this Personal Data), to delete your Personal Data, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
You may have other rights as may be provided by Data Protection Laws.
You will not have to pay a fee to access Personal Data about you (or to exercise any of the other rights outlined above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access Personal Data about you (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one (1) month (i.e. 30 calendar days). Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Data Protection Officer
To communicate with Our Data Protection Officer, please use our dedicated email channel [email protected].
XI. CALIFORNIA ADDENDUM - FOR RESIDENTS OF CALIFORNIA
This section provides details about rights of California consumers under the California Consumer Privacy Act (the “CCPA”) and California’s Shine the Light law. Therefore, this section applies only to residents of California, United States.
- CCPA (CPRA)
In addition to the rights listed above, CCPA provides you with the following rights:
- Right to know what Personal Data is sold or shared and to whom. Under that title, you have the right to request that we disclose to you:
- The categories of Personal Data that we collected about you.
- The categories of Personal Data that we sold or shared about you and the categories of third parties to whom the Personal Data was sold or shared, by category or categories of Personal Data for each category of third parties to whom the Personal Data was sold or shared.
- The categories of Personal Data that we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
You may request such information by contacting us by e-mailing to [email protected]. Please reference California Privacy Rights in your subject line.
- Right to opt out of sale or sharing and limit use of Personal Data. We may share certain information about you with our partners for purposes of targeted advertising or data analytics, which could in certain circumstances be characterized as “selling,” “sharing,” or “targeted advertising” under California laws. You have the right to opt-out of such sale/sharing of your Personal Data by contacting us via [email protected].
We will also strive to recognize and process your opt-out preference signal as soon as possible after receiving it. - The right not to be discriminated against. Under this title, you have a right not to be discriminated against for exercising any of your rights under the California Privacy Rights Act (CPRA).
- Access rights under California’s Shine the Light
California also provides its residents with additional access rights. Under Shine the Light law, the residents may ask companies once a year what Personal Data they share with third parties for those third parties' direct marketing purposes. Learn more about what is considered to be Personal Data under the statute.
To obtain this information from us, please send an email message to [email protected], which includes “Request for California Shine the Light Privacy Information” on the subject line and your state of residence and email address in the body of your message. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
XII. UK GENERAL DATA PROTECTION REGULATION AND DATA PROTECTION ACT 2018, AS AMENDED BY BREXIT LEGISLATION (“UK GDPR”) ADDENDUM
This section provides details about individuals residing in the United Kingdom and details additional rights they have under the United Kingdom Data Protection Act 2018 (DPA) and the EU General Data Protection Regulation (GDPR) which is retained EU law after Brexit. Therefore, this section applies only to UK residents.
Your Rights and Choices in the UK.
As a UK resident, you have several rights in relation to your Personal Data under this Privacy Notice, including:
- Right to be informed: you have the right to be provided with clear, transparent, and easily understandable information about how we use your Personal Data and your rights. This is why we’re providing you with the information in this Addendum.
- Right of access: you have the right to obtain access to your Personal Data (if we’re processing it) and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your Personal Data in accordance with data protection law.
- Right to rectification: you are entitled to have your Personal Data corrected if it’s inaccurate or incomplete.
- Right to erasure: this is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Data where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
- Right to restrict processing: you have the right to ‘block’ or suppress further use of your Personal Data in certain circumstances. When processing is restricted, we can still store your Personal Data, but may not use it further.
- Right to data portability: you have the right to obtain and reuse your Personal Data in a structured, commonly used, and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
- Right to object to processing: you have the right to object to us processing your Personal Data for our legitimate interests or for direct marketing purposes (including in each case any related profiling).
- Right to withdraw consent: If we have obtained your consent to process your Personal Data for certain activities, you may withdraw your consent at any time.
- Rights related to automated decision-making and profiling: You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
To exercise any of these rights at any time, please contact us using the details in our “Contact Us” section of this Privacy Notice.
In accordance with UK data protection laws, we will handle your request related to these rights with care and in a timely manner. If you are not satisfied with our response, you also have the right to lodge a complaint with the UK’s data protection authority, the Information Commissioner’s Office (ICO). For more information, visit https://ico.org.uk/.
XIII. CHANGES TO PRIVACY NOTICE
We may need to update this Privacy Notice to keep pace with changes in our Site, Product, and Services, our business, and the laws applicable to us and you. We will, however, always maintain our commitment to respect your privacy. We will notify you of any material changes that impact your rights under this Privacy Notice by email (to your most recently provided email address) or post any other revisions to this Privacy Notice, along with their effective date, in an easy-to-find area of the Site. Therefore, we recommend that you periodically check back here to stay informed of any changes. Please note that your continued use of our Site, Product, and/or Services after any change means that you agree with and consent to be bound by the new Notice. If you disagree with any changes in this Privacy Notice and do not wish your information to be subject to it, you will need to stop using the Site, the Product and/or the Services.
XIV. CONTACT US
You may contact us with any questions relating to this Privacy Notice by e-mailing to our customer support: [email protected], or to communicate with our Data Protection Officer, please use our dedicated email channel [email protected].