Partner privacy notice
Date Last Revised: January 14, 2021
1.1. "Applicable Data Protection Laws" means the GDPR and its implementation in the national law of, as applicable, the United Kingdom (Data Protection Act 2018) or the Czech Republic (Act No. 110/2019 Coll., on personal data processing), as well as the laws implementing or supplementing the GDPR in each EU Member State, as amended, replaced or superseded from time to time, and which are applicable to the Company as regards the privacy, protection, processing, collection, use or disclosure of Personal Data of Authorized Personnel.
1.2. "Consent", "Controller", "Personal Data", "processing" (including its derivatives), "Processor" and "Supervisory Authority" as used in this Notice shall have the meanings given to such terms in the GDPR.
1.3. "GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
By registering a Partner Account and using the Services, each of the Authorized Personnel acknowledges and confirms that they (i) are at least eighteen (18) years old, or of the legal age of majority in the jurisdiction applicable to such Authorized Personnel, and (ii) have carefully reviewed this Notice and consent to the collection, use, and processing of their Personal Data as described in this Notice.
3. Collection of personal data
When creating a Partner Account, the Company will collect certain information, including Personal Data relating to Authorized Personnel, such as:
first name/last name;
the name of the company represented by such Authorized Personnel and on whose behalf such Authorized Personnel is acting;
any other information that we may require during the registration or post-registration of Partner Account in order to validate Partner’s intended use of the Services and/or to upgrade the status of Partner Account.
4. Legal bases for processing
The Company’s legal bases for processing the Personal Data collected as described in this Notice will depend on the type of Personal Data and the circumstances under which it is collected. We will collect and process Personal Data based on the following legal bases:
processing is necessary for compliance with a legal obligation to which the Company is subject;
processing is based on Authorized Personnel’s Consent when subscribing to receive our newsletter or other informational emails regarding our products and services.
If there is another legal basis for the Company to collect and process Personal Data, we will provide the required notification to Authorized Personnel at or before the time the Personal Data is collected.
5. Use of personal data
The Company will use and process the collected Personal Data of Authorized Personnel for the following purposes:
to provide, maintain, administer, support, protect and improve the Services;
to handle and process enquiries submitted by Partner;
to send system alert messages relating to the Services and Partner Account;
to send our newsletter and product updates to which Authorized Personnel has subscribed;
to investigate any illegal or fraudulent activity in connection with the Services or under the Partner Account;
to protect the rights, property and safety of the Company and third parties;
to comply with legal obligations to which the Company is subject; and
to respond to Authorized Personnel’s requests for exercising their rights under the Applicable Data Protection Laws.
6. Disclosures and transfers
We will disclose or transfer Personal Data to third parties to the extent necessary or required in order to provide the Services, or for business or legal reasons. Personal Data may be processed in and transferred to jurisdictions other than Authorized Personnel’s country of residence which may have different data protection and privacy laws. In this respect, the Company may disclose or transfer Personal Data as follows:
disclosure and/or transfer to subcontractors: we have put in place adequate contractual (including data protection, confidentiality and security provisions) and other technical and organizational measures with subcontractors that we may engage from time to time in connection with the provision, operation, security and/or maintenance of the Partner Dashboard, Partners API, Services or any part thereof. At the date of this Notice the Company engages the following entity as subcontractor: Salt Edge Inc., 150 Elgin Street, Floor 10, Ottawa, ON, K2P 1L4, Canada.
disclosure and/or transfer to Processors: the Company may disclose and/or transfer Personal Data to Processors engaged by us to carry out the processing of Personal Data on our behalf in connection with the provision of Services. We will ensure that any engaged Processor provides sufficient guarantees that appropriate technical and organizational measures are implemented and that processing of Personal Data by Processor will meet the requirements set forth in this Notice and the Applicable Data Protection Laws. At the date of this Notice the Company engages the following entity as Processor: Salt Edge Inc., 150 Elgin Street, Floor 10, Ottawa, ON, K2P 1L4, Canada.
disclosure for legal reasons: we may disclose Personal Data when we believe in good faith that the disclosure of such information is reasonably necessary or appropriate:
- to comply with the Applicable Data Protection Laws, any subpoena, enforceable request from the competent authorities, or other legal process;
- to help detect, curb or investigate fraud or other prohibited or illegal activities that affect or hurt the interests of the Company or third parties;
- to identify, contact or bring legal action against someone who may be causing injury to, or interference with (either intentionally or unintentionally), the Company’s rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities; and
- to help us comply with a legal obligation to which we are subject, or accounting or security requirements, in which case we may disclose such information to our auditors, professional consultants, accountants and/or legal advisors.
In all the foregoing cases, the Company will disclose Personal Data only as required or permitted by the Applicable Data Protection Laws.
First-party cookies: We use session cookies and persistent cookies when Authorized Personnel navigate in the Partner Dashboard and use the Services. These types of cookies are essential to the operation of the Partner Dashboard and the provision of Services. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the individual’s computer. They store information in the form of a session identification that does not personally identify the individual. The persistent cookies are set with expiration date and are stored on the individual’s hard drive until they expire or are deleted. We do not collect any Personal Data in the session and persistent cookies. We use session and persistent cookies for technical purposes, including but not limited to verifying the origin of requests, distributing requests among multiple servers, authenticating Authorized Personnel and determining what functionality of the Services or areas within the Partner Dashboard such Authorized Personnel are allowed to access.
8. Data retention and deletion
We will delete Personal Data of Authorized Personnel from our production servers when:
Authorized Personnel request deletion of their Personal Data;
As a result of the deletion, Personal Data of Authorized Personnel will be deleted and excised permanently from our production servers, subject to our right to retain Personal Data or portions thereof: (a) in backup files on its backup servers for a period of up to one (1) month from the date of deletion from the production servers in accordance with general internal retention procedures; and (b) in log files in order to comply with the requirements of the applicable laws or regulations, to exercise or defend (ongoing) legal claims, and to meet audit or statutory requirements.
It is Partner’s responsibility to ensure that the information relating to Authorized Personnel acting under the Partner Account is accurate and up-to-date. Should any Authorized Personnel leave Partner’s organization, Partner should remove such Authorized Personnel from the Partner Account without undue delay and provide the required information for the relevant replacement.
9. Personal data rights under GDPR
Taking into account the nature of the processing and the type of Personal Data processed, Authorized Personnel have the right to exercise the following rights as set forth in the GDPR:
the right to be informed
the right of access
the right to rectification
the right to erasure (right to be forgotten)
the right to restrict processing
the right to data portability
the right to object
rights in relation to automated decision-making and profiling
the right to lodge a complaint with the applicable Supervisory Authority
the right to withdraw Consent (provided that the Consent is the legal basis for processing)
Authorized Personnel may exercise any of the foregoing rights at any time by contacting the Company (see further Section 12 for contact details). We will endeavor to respond to any submitted requests in the manner and as set forth in the GDPR. Where the requests for exercising the rights under GDPR are manifestly unfounded or excessive, in particular because of their repetitive character, or further copies of the Personal Data undergoing processing are requested, the Company may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested.
10. Personal data security
We are committed to maintaining the confidentiality, integrity and security of the Personal Data under our custody or control. The Company employs advanced security techniques to safeguard Personal Data against unauthorized access, use and/or disclosure. We strictly restrict access to Personal Data in accordance with specific internal procedures governing access to such information. We carefully select the individuals privileged with access to Personal Data in accordance with internal security policies and practices, and each such individual is bound by confidentiality obligations. Access to our systems requires multiple levels of authentication, and industry-vetted encryption techniques are applied when processing Personal Data.
11. Updates to this notice
The Company reserves the right to change this Notice at any time and from time to time in order to reflect changes in the Services or the Applicable Data Protection Laws. If we decide to change this Notice in the future, we will post an appropriate notice at the top of this page. Any non-material changes (such as clarifications) to this Notice will become effective on the date the changes are posted and any material changes will become effective thirty (30) days from the date of their publication. The date this Notice was last revised appears at the top of this document. Authorized Personnel are advised to print a copy of this Notice for reference and revisit this Notice from time to time to ensure that they are aware of any changes. Authorized Personnel’s continued use of the Services after the changes to this Notice become effective signifies their acceptance of any such changes.
12. Contact Information
In case of any questions, comments or feedback regarding this Notice or our collection, use, disclosure or processing of Personal Data, or any other privacy or security concern, please address them to the Company using the following contact details: