Effective Date: 28 January 2020
Maintaining your privacy and your trust is very important to us at PrivacyCheq. We create privacy-enhancing technologies and services, so we strive to be especially clear on how we use your personal information if and when we collect it, and on the ways in which we can work together to protect your privacy.
- PrivacyCheq’s overriding general principles regarding your personal information
- What products and services this policy covers
- What information we might collect from you and store
- How we get your consent for the collection and storing of your information
- How we use that information
- Who we share that information with
- Your rights and choices with respect to your information
- How you can access and update your information
- The steps we take to protect your information
- What happens if/when our policy changes
- Special information regarding children, California and European residents
- How to contact us directly with questions
- How to view a less detailed, more concise summary of our policy
Our overriding general principles regarding your personal information
If and when we gather and process your personal information, we are guided by the following best practical principles:
- Personal data must be processed fairly, lawfully, and in a transparent manner.
- Personal data must only be collected for specified, explicit and legitimate purposes and must not be further processed in a manner that is incompatible with those purposes.
- Personal data must be adequate, relevant and limited to only what is necessary in relation to the purposes for which they are processed.
- Personal data must be accurate and kept up to date. Inaccurate data should be updated or deleted.
- Personal data should be kept in identifiable format for no longer than necessary.
- Personal data should be kept secure.
- We are committed to the principles of data protection by design and data protection by default.
What products and services are covered by this policy?
What information does PrivacyCheq collect from you and store?
From you directly: You can visit a PrivacyCheq site without telling us who you are and without revealing any personal information about yourself. To provide full service however, we will most often need to collect some personal information. For instance, we collect information about you when you register for an account and when you create or modify your personal data on one of our Services. The types of Information we collect may include email address, country of residence, and (optionally) your name, and phone number.
Logs: We may record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, your mobile carrier, and system configuration information.
Third Party Services: We may obtain information, including personal information, from third parties such as our partners and service providers, and combine it with other information we collect from you.
How do we get your consent for collecting and storing your information?
Prior to asking for your consent to collect personal information from you for any aspect of our Services, it is PrivacyCheq’s policy to make available the highest possible quality information explaining your options at the point of consent. To the extent possible, we believe that pre-consent “Notice” should be explicit, specific, informed, and intelligible. And, it should be easily accessible and use clear and plain language.
As to content of the notice, as appropriate, it should clearly set forth:
- Who is collecting the data, and why
- The legal basis under which your data is being collected
- A description of what your data will be used for
- How long the data controller will keep the personal data, or how that period is calculated
- If automated processing is used the notice should reveal where data subjects may lodge complaints
- The existence of important rights regarding your personal information
- Whether the controller intends to further process the data
- Any data processors the data controller hopes to use
- Information on how to reach a data privacy officer of the data collector
Once proper information supporting your options has been presented, you can make your informed choice for positive explicit consent or withhold your consent. The legal basis for processing personal data is based on the consent of the data subject as enumerated in point (a) of Article 6(1) of the GDPR.
How do we use the information we collect?
We may use the information we collect for a variety of purposes, including to:
- Make the PrivacyCheq Services work for you;
- Provide, operate, maintain, improve, personalize, and promote our Services;
- Process and complete transactions, and send you related information, including purchase confirmations and invoices;
- Communicate with you, including responding to your comments, questions, and requests; providing customer service and support;
- Providing you with information about services, transmitting technical notices, updates, security alerts, administrative messages, or advertising or marketing messages;
- Providing other news or information about us and our select partners;
- Monitor and analyze trends, usage, and activities in connection with our Services;
- Investigate and prevent fraudulent transactions, unauthorized access to our Services and other illegal activities;
- We may also use the information we collect for other purposes about which we notify you in subsequent versions of this document.
Who does PrivacyCheq share information with?
PrivacyCheq is not in the business of selling your personal information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your personal information with third parties, as set forth below:
With your express consent: We will not share your personal information with companies, organizations, or individuals who are not associated with PrivacyCheq unless we have your affirmative consent to do so.
For your use: When you use our Services, certain features allow you to make some of your personal data (such as what applications you give your consent to process your data) accessible to organizations that use our Services in their applications. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
Access by a PrivacyCheq support administrator: PrivacyCheq support may be able to:
- Access information in and about an account on one of our Services
- Disclose, restrict, or access information that you have provided or that is made available to you when using a PrivacyCheq Service
- Delete your PrivacyCheq Services account(s).
Credit Card Processing: We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use billing information except for the sole purpose of credit card processing on PrivacyCheq’s behalf.
Agents, Consultants and Related Third Parties: PrivacyCheq sometimes hires other companies to perform certain business-related functions on our behalf. Examples of such functions include mailing information, maintaining databases, maintaining websites, marketing, and processing payments. When we employ another company to perform a function of this nature, we only provide it with the information that it needs to perform its specific function. Compliance with Laws and Law Enforcement Requests, Protection of Our Rights: We may disclose your information (including your personal information) to a third party if:
- We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request
- To protect the security or integrity of PrivacyCheq’s products and services
- To protect the property, rights, and safety of PrivacyCheq, our customers or the public from harm or illegal activities
- To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
- To investigate and defend ourselves against any third-party claims or allegations.
Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.
Aggregate or Non-identifying Data: We may share aggregate or other non-personal information that does not directly identify you with third parties in order to improve the overall experience of our Services.
What are your rights and choices with respect to your information?
PrivacyCheq’s policy is to always provide you with an informed choice where providing your personal information is concerned. In all of our operations regarding your privacy, we strive for full compliance with the European Union’s General Data Protection Regulation (also known as Regulation (EU)2016/679 or “GDPR”). The GDPR enumerates a number of Rights of Data Subjects which we respect as your rights. A partial list includes:
- The right to have information presented to you in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.
- The right to have access to your data and the ability to correct inaccuracies and omissions.
- The right to be informed about your data including what data is processed, and the purpose for which it is processed.
- The right to object – If you ask, we will stop processing your data.
- The right of erasure, or right to be forgotten – If you ask, we will erase the personal data that we hold.
You may decline to share certain personal information with us, in which case we may not be able to provide some of the features and functionality of our Services. You may make changes to your personal information at any time by logging onto the appropriate PrivacyCheq service web page and navigating to the account settings page. You may optionally choose to never receive normal email communications from PrivacyCheq. In the interest of security, even after you opt out from receiving email messages from us, you will continue to receive security-related administrative messages from us regarding our Services.
You can learn more about the specific EUs rights granted by GDPR at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights/what-are-my-rights_en.
How can you access and update your information?
Manual requests made to PrivacyCheq to access, change or delete personal information will be addressed within 15 business days. We will only retain your personal information for as long as your account is active or as needed to provide you products or services. We will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
What steps do we take to protect your information?
The security of your personal information is very important to us. When you enter personal information on our registration pages or dashboards, we follow generally accepted security standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, please contact us at email@example.com.
How does PrivacyCheq address the privacy of children?
Children could potentially try to use some of the PrivacyCheq Services. We do not knowingly collect personal information from children under the age of consent in your location. Instead, our Services will guide a child to ask a responsible adult to create an account, prove their identity, and give their parental consent for us to collect that child’s personal information. If we become aware that a child under the age of consent has provided us with personal information without a parent or guardian’s consent, we will take steps to delete such information. If you become aware that a child has provided us with personal information without parental consent, please contact us at firstname.lastname@example.org.
How does PrivacyCheq comply with California privacy rights?
PrivacyCheq complies with the California Consumer Privacy Act of 2018 (CCPA) regarding the privacy rights of Californians. To learn more about the specifics of this law please visit https://oag.ca.gov/privacy/ccpa.
PrivacyCheq does not sell your personal information for any purpose. As an indication of our compliance with CCPA’s notice regulations, we may display a choice labelled Do Not Sell My Personal Information. Operationally, selecting this choice will simply provide reassurance that PrivacyCheq does not sell personal information.
California Civil Code Section 1798.83 permits State of California residents using PrivacyCheq’s Services to request information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, or to convey an opt-out choice for any use of your information, please contact us at email@example.com.
Privacy Shield Notice (For Users in the European Union)
In compliance with the EU-US Privacy Shield Principles, PrivacyCheq is committed to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Privacy Shield policy should first contact PrivacyCheq at firstname.lastname@example.org.
PrivacyCheq has further committed to refer unresolved Privacy Shield complaints to the EU Data Protection Authorities. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. PrivacyCheq will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints brought under Privacy Shield. These recourse mechanisms are available to you at no cost.
The US Federal Trade Commission has jurisdiction over PrivacyCheq’s compliance with this Policy and the EU-US Privacy Shield Framework. As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission.
What if I have questions about this policy?
If you have any questions or comments about our privacy policies, about your personal information, about our use and disclosure practices, or about your consent choices, please email us at email@example.com and we will respond promptly.
A summary of Privacy Facts in a more simple format can be viewed here.