Cordial Privacy Policy

EFFECTIVE DATE: August, 31 2022

Cordial Experience, Inc. (“Cordial,” “we,” ”our” or “us”) provides a customer engagement platform that allows our Business Clients (“Business Clients”) to communicate with their customers. This privacy policy (“Policy”) describes how Cordial collects, uses, discloses and otherwise processes the personal data described in this Policy, as well as the rights and choices individuals have regarding such personal data. This Policy applies to the extent we process personal data on our own behalf, as a controller or business.

If you are a resident of California, please refer to Section 12. Additional Privacy Information for California Residents below, for information about the categories of personal data we collect and your rights under California privacy laws.

If you are a resident of the UK or EEA, please refer to Section 13: Additional Information for UK/EEA residents.

1. Scope

Except as otherwise noted below, this Policy applies to the personal data we process as a controller or business related to:

users of our sites where this Policy is posted, including Cordial.com, our SaaS platform, and the services we provide through these, as well as any other products and services provided by us that display or include a link to this Policy (collectively, the “Services”).
current, former and prospective Business Clients, vendors and partners;
individuals who register for or participate in our webinars and other events;
individuals who are receive news, information and marketing communications from us;
individuals who participate in surveys and research conducted by us; and
individuals who communicate with us or otherwise engage with us related to our Services.

Not In Scope. This Policy does not apply to the personal data that we collect and process about our employees and personnel or job applicants and candidates. In addition, this Policy does not apply to the extent we process personal data, as a processor or service provider, on behalf of our Business Clients (“Client Customer Data”). Our processing of Client Customer Data is subject to the terms of our written contracts with each Business Client, who is the controller or business for the Client Customer Data that we process on their behalf. Our Services may contain links to third party sites. Please be aware that we are not responsible for the privacy practices of other sites.

2. Personal Data Collected

As further described below, we collect personal data directly from individuals, as well as from third parties and automatically related to the use of our Services or other interactions with us.

Personal Data Collected Directly. The personal data we collect from our Business Clients depends upon how they use our Services or otherwise interact or engage with us and includes:

Registration and account information. When our Business Clients register for an account with us, we collect certain personal data, such as name, company, email and physical address, and other information submitted to us through the account.
Payments and purchases. When our Business Clients make a payment through the Services, we and/or our payment processors collect information in order to process payment.
Communications and interactions. When individuals, including our Business Clients, email, call, or otherwise communicate with us and with members of our team, we collect and maintain a record of contact details, communications and our responses. We also maintain records of communications and information provided to us related to any Business Client support requests.
Surveys. We may ask our Business Clients to provide feedback or participate in surveys. We may use this information, some of which may be personal data, to improve our Services and in any manner consistent with our policies.
Events and other requests. We also collect personal data related to participation in our events as well as other requests submitted to us related to our Services. For example, if an individual registers for or attends an event that we host or sponsor, we may collect information related to the registration and participation in such event. When a Business Client or individual fills out a ‘Contact Us’ form, signs for our mailing lists, or otherwise requests information from us, we collect and maintain records of those requests.

Personal Data from Third Parties. We may collect personal data from third party sources, such as public databases, joint marketing partners, social media platforms or other third parties. We may receive lead and prospect information from third parties about prospective Business Clients that may be interested in our Services. We may also engage with third parties to enhance or update our Business Client information.

Personal Data Collected Automatically. We automatically collect personal data related to the use of our Services and interactions with us and others, including information we collect automatically (e.g., using cookies, pixel tags and other technologies), as well as information we derive from the use of the Services. Such information includes:

Device and browsing information. We use cookies, log files, pixel tags and other tracking technologies to automatically collect information, which may include personal data, when users access or use our Services, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider, referring and exiting URLs, operating system, language, clickstream data, and similar device and usage information. For more information, see Section 5. Cookies and Tracking, below.
Activities and usage. We also collect activity information related to the use of the Services, such as information about the links clicked, searches, features used, items viewed, time spent within the Services.
Location information. We may collect or derive general location information about users of our Services, such as city, state or country.

3. Purposes of Collection and Processing

Generally, we collect, use and otherwise process the personal data we collect for the following purposes:

Services and support. To provide and operate our Services, communicate with our Business Clients about their use of the Services, provide troubleshooting and technical support, respond to inquiries, fulfill orders and requests, process payments, communicate, and for similar service and support purposes.
Analytics and improvement. To better understand how users access and use the Services, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our services and business operations, to develop services and features, and for internal quality control and training purposes.
Customization and personalization. To tailor content we may send or display on the Services, including to offer customized help and instructions and to otherwise personalize experiences.
Marketing and advertising.. For marketing and advertising purposes. For example, to send information about our Services, such as offers, newsletters and other marketing content, including about third party products and services we think may be of interest. We also may use certain information we collect to manage and improve our advertising campaigns so that we can better reach people with relevant content.
Planning and managing events. For event planning and management, including registration, attendance, and providing updates about relevant events and Services.
Research and surveys. To administer surveys and questionnaires, such as for market research or member satisfaction purposes.
Security and protection of rights. To protect the Services and our business operations, including to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, situations involving potential threats to the safety or legal rights of any person or third party; or violations of our Terms of Use or this Policy.
Legal proceedings and obligations. To comply with the law and our legal obligations, to respond to legal process and related to legal proceedings.
General business and operational support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.

4. Disclosures of Personal Data

Generally, we disclose the personal data we collect in order to provide our Services to our Business Clients, respond to and fulfill orders and requests, as otherwise directed or consented to by you, and for the purposes otherwise described in this Policy, including:

Services and support. To provide and operate our Services, communicate with you about your use of the Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes.
Analytics and improvement. To better understand how users access and use the Services, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our services and business operations, to develop services and features, and for internal quality control and training purposes.
Marketing, advertising and campaign management. We may disclose certain information that includes personal data to third party ad network providers, analytics and measurement services, who may use this data to improve and measure the effectiveness of our ads and those of third parties. For more information, see Section 6. Advertising and Targeting, below.
In support of business transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. We may also disclose certain personal data as necessary prior to the completion of such a transfer, such as to lenders, auditors, and third party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for the transfer.
Compliance, governance and legal requirements. To comply with the legal and compliance obligations, to respond to legal process and related to legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. We may also disclose information, including personal data, related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.
Security and protection of rights. To protect the Services and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use or this Policy.

We disclose and make available personal data, for the purposes described above, to:

Vendors and service providers. We may disclose personal data we collect with our service providers, processors and others who perform functions on our behalf. These may include, for example, IT and help desk service providers, payment processors, analytics providers, consultants, auditors and legal counsel.
Affiliates. We may disclose personal data we collect with our affiliates and subsidiaries, who will use and disclose this personal data in accordance with the principles of this Policy.
Business Clients. Any Business Client personal data such as employee or user information that we process on behalf of our Business Clients will be disclosed as directed by those Business Clients.
Third party platforms, providers and networks. We may disclose or make available personal data to third party platforms and providers that we use to provide or make available certain features or portions of the Services, or as necessary to respond to your requests. We may also make certain information (such as browsing information) available to third parties in support of our marketing, advertising and campaign management.
Others as required by applicable law. We may also disclose personal data to third parties to the extent required by applicable law and legal obligations. This may include regulators, government entities, and law enforcement as required by law or legal process.

Aggregate and de-identified information. We may disclose aggregated derived from our Services and the personal data we collect, that does not identify or refer to any particular individual or Business Client. We may also disclose de-identified information, which is no longer reasonably linkable to an identifiable individual or Business Client, with third parties who have committed not to attempt to re-identify such data. We do not reidentify de-identified information.

5. Cookies and Tracking

We and our third party partners use cookies, pixels, java script, log files, and other mechanisms to automatically collect information browsing, activity, device and similar information within our Services. We use this information to, for example, analyze and understand how users access, use and interact with others through our Services, as well to identify and resolve bugs and errors in our Services and to assess secure, protect, optimize and improve the performance of our Services. You have certain choices about our use of cookies within the Services, as described in this section and Section 6. Advertising and Targeting. For more information on the types of personal data we collect via cookies and similar mechanisms, please see Section 2. Personal Data Collected.

Cookies. Cookies are alphanumeric identifiers that we transfer to a device or browser. Some cookies allow us to make it easier to navigate our Services, while others are used to enable a faster log-in process, support the security and performance of the Services, or allow us to track activity and usage data within Service.
Pixel tags. Pixel tags (sometimes called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. While cookies are stored locally on a device, pixel tags are embedded invisibly within web pages and online content. We may use these, in connection with our Services to, among other things, track the activities of users, help us manage content and compile usage statistics. We may also use these in e-mails we send to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Third party analytics and tools. We use third party tools, such as Google Analytics, to evaluate usage of our Services and to help us improve performance and user experiences. These third party tools may use cookies and other tracking technologies, such as pixel tags, to perform their services. You can also download the Google Analytics Opt-Out Browser Add-on at https://tools.google.com/dlpage/gaoptout.
Do-Not-Track. Currently, our systems do not recognize browser “do-not-track” requests. Individuals may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies). Individuals may opt out of targeted advertising by following the instructions in Section 6. Advertising and Targeting.
Global Privacy Control. Global Privacy Control (“GPC”) is a technical specification that you can use to inform sites of your privacy preferences regarding ad trackers. To set up GPC, you can visit the Global Privacy Control page at https://globalprivacycontrol.org/. If you do choose to set up GPC, we will turn off all non-required cookies on our site. Please note that this may impact the functionality of our sites or your account. via the "Cookies Settings" or "Do not sell my personal information" (California residents) links, located in the footer on https://cordial.com/.

6. Advertising and Targeting

We work with third parties, such as ad networks, analytics and measurement services and others to personalize content and to display and manage our advertising on third party sites. Cookies, pixel tags, and other tools are used to collect information within our Services and on third party sites and services for the purposes of providing more relevant ads and content and to evaluate the success of such ads and content.

Ad Preferences We make available several ways for you to manage your preferences regarding third party advertising and cookies within our Services. Most of these are browser and device specific, which means that you need to set the preference for each browser and device you use; in addition, if you delete or block cookies, you may need to reapply these preferences. Further, opting out of cookies and advertising as discussed below does not mean that you will no longer receive advertising content from us. You may continue to receive generic or “contextual” ads from us.

Cookie preference manager. You can review or change your preferences for targeting cookies and tags by adjusting your cookie settings via the "Cookies Settings" or "Do not sell my personal information" (California residents) links, located in the footer on https://cordial.com/. In addition, our site responds to “global privacy control” signals—or GPC—which means that if we detect a browser GPC signal, we will apply that to opt that browser and device out of certain third party cookies on our site. See Section 12. Additional Privacy Information for California Residents, below, for more information about GPC.
Industry ad choice programs. You can also control how participating third party companies use the information that they collect about your visits to our site, and those of third parties, in order to display more relevant targeted advertising to you. If you are in the US, UK/EU or Canada, you can obtain more information and opt out of receiving targeted ads from participating third party ad networks at aboutads.info/choices (US Digital Advertising Alliance), youronlinechoices.eu (European Interactive Digital Advertising Alliance) and youradchoices.ca/choices/ (Digital Advertising Alliance of Canada).

Please note that opting out of participating ad networks does not opt you out of being served advertising. You may continue to receive generic or ‘contextual’ ads on our Services. You may also continue to receive targeted ads on other sites from companies that do not participate in the above programs.
Browser settings and controls. If you wish to prevent cookies from tracking your activity on our site or visits across multiple sites, you can set your browser to block certain cookies or notify you when a cookie is set. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our site and Services who disable cookies will be able to browse the site, but some features may not function.

Custom Lists and Matching. Unless you have opted out, we may share certain hashed Business Client list information (such as your name, email address and other contact information) with third parties so that we can better target ads and content to our users, and others with similar interests, within third party sites, platforms and services. You may opt out of being targeted by us in this manner, as set forth in Section 7. Privacy Choices.

7. Privacy Choices

You have certain choices regarding our processing of your personal data. For example:

Marketing communications. You can opt out or unsubscribe from marketing emails by using the unsubscribe link in the footer of each marketing email we send. You can also opt out by logging in to your account, as applicable, or changing your marketing and communications preferences here: https://cordial.com/choose-your-email-adventure/.
Cookie preferences. You can review or change your preferences for many cookies and tags on our site, other than those that are necessary by adjusting your cookie settings via the "Cookies Settings" or "Do not sell my personal information" (California residents) links, located in the footer on https://cordial.com/. These preferences are browser and devices specific so you will need to set your preferences for each browser and device you use, and if you subsequently delete or block cookies, you may need to reapply these settings. You may also adjust your advertising preferences as set forth in Section 6. Advertising and Targeting.
Custom list and third party matching. If you would like to opt out of receiving targeted marketing and advertising from us as part of a custom list as described in Section 6. Advertising and Targeting, please click here to submit a request/email us at [email protected].
Privacy settings. You can update much of the personal data we maintain about you, by logging into your account, as applicable, and updating your information or by contacting us at [email protected] or https://cordial.com/choose-your-email-adventure/

Residents of certain jurisdictions have additional rights, as set forth in Section 12. Additional Privacy Information for California Residents and Section 13. Additional Information For EEA/UK Residents).

For more information about our privacy practices and your privacy choices, you may contact us as set forth in Section 11. Contact Us.

8. Minors

Our Services are not designed for minors, and we do not knowingly collect personal data from children. If we discover that a minor has provided us with personal data in violation of applicable law, we will delete such information from our systems. If you’re a parent and you believe we have collected your minor’s information in violation of applicable law, please contact us as set forth below, in Section 11. Contact Us.

9. Security

We have implemented safeguards that are intended to protect the personal data we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

10. Changes to this Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any updates to the Policy on our site.

11. Contact Us

If you have questions about this Policy or our privacy practices, you may contact us at Cordial Experiences, Inc., 402 W Broadway, Suite 700, San Diego, CA 92101, Attn: Privacy Officer or [email protected].

12. Additional Privacy Information for California Residents

Last Updated: Sept 9, 2022

In this section, we provide additional information to California residents about how we handle their personal data, as required under California privacy laws including the California Consumer Privacy Act, as amended (“CCPA”). This section does not address or apply to our handling of personal data of our employees or applicants (see https://cordial.com/careers/) or that is exempt under the CCPA.

Note that these rights only apply to personal data that we collect and process under this Policy as a business or a controller. For personal data that we process on behalf of our Business Clients in our capacity as a processor or service provider, please submit your request directly to the Business Client, and we will provide reasonable assistance to that Business Client as necessary to enable them to respond to your requests to exercise your privacy rights.

Categories of Personal Data Under the CCPA
While our processing of personal data varies based upon our relationship and interactions with you, in this section we describe, generally, how we have collected, used, shared and disclosed personal data (as defined by the CCPA) about California residents in accordance with the CCPA.

Categories of Personal Data Collected and Disclosed. We have collected the following categories of personal data as a business or controller:

Identifiers: Includes direct identifiers, such as name, user ID, username, account number; unique personal identifier; phone number, email and physical address and other contact information; IP address and other online identifiers.

Business Client Records: Includes personal data, such as name, account name, user ID, contact information, account number, and financial or payment information that individuals who work for our Business Clients provide us in order to purchase or obtain our products and services. For example, this may include information collected when an individual registers for an account, purchases Services, or enters into an agreement with us on behalf of a Business Client.

Commercial Information: Includes browsing history, clickstream data, search history, and information regarding interactions with an internet site, application, or advertisement, including other usage data related to use of any of our Services or other online services. 

Audio, visual and other electronic data: Includes audio, electronic, visual, thermal, olfactory, or similar information such as, temperature screenings and CCTV or other video footage (e.g., collected from visitors to our offices or online events), photographs and images (e.g., that you provide us or post to your profile) and call recordings (e.g., Business Client support calls).

Professional Information: Includes professional and employment-related information (such as current and former employer(s) and position(s), business contact information and professional memberships).

Inferences: Includes inferences drawn from any of the information identified above to create a profile or segment reflecting preferences, characteristics, behavior or attitudes.

Sources of personal data. In general, we may collect the categories of personal data identified above from the following categories of sources: directly from you; advertising networks; Internet service providers; data analytics providers; government entities; operating systems and platforms; social networks; data brokers; Business Clients; and other users who we notify you of or to which you consent.

Third parties with whom we disclose personal data. In general, we disclose personal data to service providers; affiliates; advisors and agents; regulators, government entities and law enforcement; affiliates and subsidiaries; advertising networks; data analytics providers; social networks; internet service providers, operating systems and platforms; Business Clients; and other users.

Purposes for collecting and disclosing. As described in more detail in Section 3. Purposes of Collection and Processing and Section 4. Disclosures of Personal Data, in general, we collect and process the above personal data for the following business or commercial purposes: Services and support; analytics and improvement; customization and personalization; marketing, advertising and campaign management; planning and managing events; in support of business transfers; research and surveys; security and protection of rights; governance, compliance, legal purposes and obligations; general business; operational support and otherwise upon notice or consent, as applicable.

Retention. We retain the personal data we collect as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. For example, we will retain transactional data for as long as necessary to comply with our tax, accounting and recordkeeping obligations, to provide customer service to our Business Clients, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and for legal purposes.

Sales of personal data. The CCPA also requires that we disclose how we ‘sell’ personal data. Under the CCPA, a ‘sale’ is defined broadly. As such, while we do not disclose personal data to third parties in exchange for monetary compensation, we may, pursuant to the CCPA, sell Internet and electronic network activity information, and identifiers (not including government identifiers), which we may disclose or make available to ad networks, data analytics providers and social networks in support of advertising and campaign management, to analyze use of the Services, to optimize and develop our products and services, to improve and measure our ad campaigns, and to reach users with more relevant ads and content on third party sites and services. We do not, however, knowingly sell or share any personal data about minors under 16 years old.

California Residents’ Rights

CCPA Rights. In general, California residents have the following rights with respect to their personal data, subject to certain exceptions:

Do-not-sell (opt-out):California residents may opt out of sales of their personal data by submitting a request to our preference manager via the "Cookies Settings" or "Do not sell my personal information" (California residents) links, located in the footer on https://cordial.com
Right of deletion: to request deletion of their personal data that we have collected about them and to have such personal data deleted (without charge), subject to certain exceptions.
Right to know:
- categories of personal data collected;
- categories of sources of personal data;
- categories of personal data we have disclosed for a business purpose or sold;
- categories of third parties we have disclosed to or sold for a business purpose;
- the business or commercial purposes for collecting or selling personal data; and
- a copy of the specific pieces of personal data we have collected about them.
Right to correct: the right to request that a business that maintains inaccurate personal data about the resident correct that personal data.
Right to non-discrimination: the right not to be subject to discriminatory treatment for exercising their rights under the CCPA.

Submitting CCPA Requests. California residents may exercise their California privacy rights as set forth below subject to certain exceptions.

Requests to know, access, correct, and delete. California residents may submit requests to know, access, correct, and delete the personal data maintained by us in our role as a business through one of the following methods: logging into their account and emailing us at [email protected].

We will take steps to verify your request including by asking you to log into your account or we will match the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor. Authorized agents will be required to provide proof of their authorization, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Requests to Opt Out of Sales. California residents may submit a request to opt out by:

Submitting a request through our link to opt out via the "Cookies Settings" or "Do not sell my personal information" (California residents) links, located in the footer on https://cordial.com/
Clicking the Do Not Sell My Personal Information link in the footer of our site, or accessing our preference manager
Turning on the GPC signals through your browser, which our site shall process as a request to opt out of sales for the relevant browser and device

For more information about our privacy practices, you may contact us as set forth in Section 11. Contact Us above.

13. Additional Information For EEA/UK Residents.

International Transfers.

Cordial stores and processes personal data using servers located in the United States (“US”). However, certain of our Business Clients and processors may be located in areas outside of the US including in member states of the European Union (“EU”), Switzerland (together the “EEA”) and the United Kingdom (“UK”). As such, your personal data may be transmitted across international borders and processed in the US, which is a different country from that in which it was collected. Because the US may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective), we have implemented appropriate safeguards and international transfer mechanisms such as entering into and complying with Data Processing Agreements that incorporate the EU or UK Standard Contractual Clauses.

In addition, while EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework has been invalidated as a transfer mechanism as set forth by the US Department of Commerce (“Privacy Shield”) for the processing of personal data transferred from the UK, EU member countries and Switzerland to the US, Cordial previously certified and continues to adhere to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability (“Privacy Shield Principles”). Therefore, Cordial is subject to the investigatory and enforcement powers of the US Federal Trade Commission. In connection with onward transfers, Cordial has responsibility for the processing of personal data that it receives and subsequently transfers to any third party, who is acting as an agent on Cordial’s behalf. Cordial commits to resolve complaints about the processing of your personal data.

If there is any conflict between the policies in this Policy and the Privacy Shield principles, the Privacy Shield principles shall govern with respect to EU, UK and Swiss individuals. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

We will conduct regular compliance audits of our privacy practices to verify compliance with the Privacy Shield principles and this Policy. Any questions or concerns about our privacy practices should be sent to the address or email below. We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal data in accordance with the provisions of this Policy.

In compliance with the Privacy Shield Principles, Cordial commits to resolve complaints about your privacy and our collection or use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding this Policy should first contact us either at [email protected] or write to us at: Cordial Experiences, Inc., 402 W Broadway, Suite 700, San Diego, CA 92101, Attn: Privacy Officer.

Cordial has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the US and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. The Cordial Services of the BBB EU Privacy Shield are provided at no cost to you. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield panel.

Notice to EU Residents

The following terms, obligations, and rights apply only to individuals residing in the EU, UK or Switzerland if and to the extent we make our Services available to those individuals in our role as a controller.

1. Legal Basis for Processing Information. If you are located in the EU, UK or Switzerland, we rely on several legal bases to process your personal data. These legal bases include where:

The processing is necessary to perform our contractual obligations, such as to provide you with the Services;
You have given your prior consent, which you may withdraw at any time (such as for marketing purposes or other purposes we obtain your consent for from time to time);
The processing is necessary to comply with a legal obligation, a court order or to exercise or defend legal claims;
The processing is necessary for the purposes of our legitimate interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described above.

If you have any questions about, or would like further information concerning, the legal basis on which we collect and use your personal data, please contact us by emailing [email protected].

2. Rights Under the General Data Protection Regulation. If you are located in the EU, UK or Switzerland, you have the following rights in respect of your personal data that we hold in our role as a controller:

Right of access. The right to obtain access to your personal data.
Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.
Right to portability. The right to portability allows you to move, copy, or transfer personal data easily from one organization to another.
Right to object. You have a right to object to processing based on legitimate interests and direct marketing.

If you wish to exercise one of these rights, please log into your account or email [email protected]. Before acting on your request, we may request additional information to verify your identity. Please note that we may be legally or contractually prohibited from acting on your request. For example, if there is a legal requirement that we retain the personal data. For personal data that we process on behalf of our Business Clients in our capacity as a processor, please submit your request directly to the Business Client, and we will provide reasonable assistance to that Business Client as necessary to enable them to respond to your requests to exercise your privacy rights. To contact our designated Data Protection Officer, please send an email to [email protected].

You also have the right to lodge a complaint with your local data protection authority. Further information about how to contact your local data protection authority is available at https://ico.org.uk/global/contact-us for the UK and https://edpb.europa.eu/about-edpb/about-edpb/members_en for the EU.