PARTNER PRIVACY NOTICE

Date Last Revised: 10 September 2019

This Partner Privacy Notice ("Notice") describes and summarizes the policies and procedures of Salt Edge with respect to the collection, use, storing, processing, disclosure and protection of Personal Data of Authorized Personnel in connection with the provision of Services to Partner. Capitalized terms used in this Notice and not defined herein shall have the same meanings given to them in the Partner Terms of Use.


1. DEFINITIONS

For the purposes of this Notice, in addition to the capitalized terms defined elsewhere in this Notice or Partner Terms of Use, the following terms shall have the meanings given to them as follows:

"Applicable Data Protection Laws" means the Data Protection Act, GDPR and laws implementing or supplementing the GDPR in each Member State, as amended, replaced or superseded from time to time, and that are applicable in the jurisdiction of Authorized Personnel as regards the privacy, protection, processing, collection, use or disclosure of Personal Data.

"Consent", "Controller", "Personal Data", "processing" (including its derivatives), "Processor" and "Supervisory Authority" as used in this Notice shall have the meanings given to such terms in the GDPR.

"Data Protection Act" means the Data Protection Act 2018 (c.12) of the United Kingdom.

"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.


2. ACKNOWLEDGEMENT

By registering a Partner Account and using the Services, each of the Authorized Personnel acknowledges and confirms that he/she (i) is at least eighteen (18) years old, or of the legal age of majority in the jurisdiction applicable to such Authorized Personnel, and (ii) has carefully reviewed this Notice and consents to the collection, use, and processing of their Personal Data as described in this Notice.


3. COLLECTION OF PERSONAL DATA

When creating a Partner Account, Salt Edge will collect certain information, including Personal Data relating to Authorized Personnel, such as:


  • first name/last name;
  • the name of the company represented by such Authorized Personnel;
  • email address;
  • password; and
  • any other information that Salt Edge may require during the registration or post-registration of Partner Account in order to validate Partner’s intended use of the Services and/or upgrade the status of Partner Account.

4. LEGAL BASIS FOR PROCESSING

Salt Edge’s legal bases for processing the Personal Data collected as described in this Notice will depend on the type of Personal Data and the circumstances under which it is collected. Salt Edge will collect and process Personal Data based on the following legal bases:

  1. processing is necessary for the performance of a contract to which Partner is a party, particularly for the provision of the Services under the Partner Terms of Use;
  2. processing is necessary for compliance with a legal obligation to which Salt Edge is subject;
  3. processing is necessary for the purposes of the legitimate business interests pursued by Salt Edge in order to ensure the security and integrity of the Partner Dashboard, Partners API and Services, and monitor Partner’s compliance with the Partner Terms of Use; and
  4. processing is based on Authorized Personnel’s Consent when subscribing to receive Salt Edge’s newsletter or other informational emails on Salt Edge’s products and services.

If there is another legal basis for Salt Edge to collect and process Personal Data, Salt Edge will provide the required notification to Authorized Personnel at or before the time the Personal Data is collected.


5. USE OF PERSONAL DATA

Salt Edge will use and process the collected Personal Data of Authorized Personnel for the following purposes:

  • to provide, maintain, administer, support, protect and improve the Services;
  • to handle and process enquiries submitted by Partner;
  • to send system alert messages relating to the Services and Partner Account;
  • to send Salt Edge’s newsletter and product updates to which Authorized Personnel has subscribed;
  • to monitor and enforce compliance with, and exercise our rights under, the Partner Terms of Use;
  • to investigate any illegal or fraudulent activity in connection with the Services or under the Partner Account;
  • to protect the rights, property and safety of Salt Edge and third parties;
  • to comply with legal obligations to which Salt Edge is subject; and
  • to respond to Authorized Personnel’s requests for exercising their rights under the Applicable Data Protection Laws.

6. DISCLOSURES AND TRANSFERS

Salt Edge will disclose or transfer Personal Data to third parties to the extent necessary or required in order to provide the Services, or for business or legal reasons. Personal Data may be processed in and transferred to jurisdictions other than Authorized Personnel’s country of residence which may have different data protection and privacy laws. In this respect, Salt Edge may disclose or transfer Personal Data as follows:

  1. disclosure and/or transfer to subcontractors: Salt Edge has put in place adequate contractual (including data protection, confidentiality and security provisions) and other technical and organizational measures with subcontractors that Salt Edge may engage from time to time in connection with the provision, operation, security and/or maintenance of the Partner Dashboard, Partners API, Services or any part thereof. At the date of this Notice Salt Edge engages the parent company Salt Edge Inc. as subcontractor.
  2. disclosure and/or transfer to Processors: Salt Edge may disclose and/or transfer Personal Data to Processors engaged by Salt Edge to carry out the processing of Personal Data on Salt Edge’s behalf in connection with the provision of Services. Salt Edge will ensure that any engaged Processor provides sufficient guarantees that appropriate technical and organizational measures are implemented and that processing of Personal Data by Processor will meet the requirements set forth in this Notice and the Applicable Data Protection Laws. At the date of this Notice Salt Edge engages the parent company Salt Edge Inc. as Processor.
  3. disclosure for legal reasons: Salt Edge may disclose Personal Data when Salt Edge believes in good faith that the disclosure of such information is reasonably necessary or appropriate:
    • to comply with the Applicable Data Protection Laws, any subpoena, enforceable request from the competent authorities, or other legal process;
    • to enforce Salt Edge’s rights under the Partner Terms of Use, including investigation of actual or alleged violations;
    • to help detect, curb or investigate fraud or other prohibited or illegal activities that affect or hurt the interests of Salt Edge or third parties;
    • to identify, contact or bring legal action against someone who may be causing injury to, or interference with (either intentionally or unintentionally), Salt Edge’s rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities; and
    • to help Salt Edge comply with a legal obligation to which Salt Edge is subject, or accounting or security requirements, in which case Salt Edge may disclose such information to its auditors, professional consultants, accountants and/or legal advisors.

In all the foregoing cases, Salt Edge will disclose Personal Data only as required or permitted by the Applicable Data Protection Laws.


7. USE OF COOKIES

Salt Edge uses cookies for various purposes, including without limitation tracking movements within the Partner Dashboard, analyzing trends, gathering statistical data and improving user experience and the overall quality of the Services. Cookies can be disabled or controlled by setting a preference within the Authorized Personnel’s web browser or on their device. However, if cookies are disabled some features of the Services may not function properly or Salt Edge may not be able to customize the delivery of information to Authorized Personnel. For detailed guidance on how to control, manage and delete cookies, please visit https://www.aboutcookies.org/. Salt Edge uses first-party cookies and third-party cookies:

  1. First-party cookies: Salt Edge uses session cookies and persistent cookies when Authorized Personnel navigate in the Partner Dashboard and use the Services. These types of cookies are essential to the operation of the Partner Dashboard and the provision of Services. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the individual’s computer. They store information in the form of a session identification that does not personally identify the individual. The persistent cookies are set with expiration date and are stored on the individual’s hard drive until they expire or are deleted. Salt Edge does not collect any Personal Data in the session and persistent cookies. Salt Edge uses session and persistent cookies for technical purposes, including but not limited to verifying the origin of requests, distributing requests among multiple servers, authenticating Authorized Personnel and determining what functionality of the Services or areas within the Partner Dashboard such Authorized Personnel are allowed to access.
  2. Third-party cookies: Salt Edge uses third-party cookies of Google Analytics and Google Tag Manager. Salt Edge has integrated Google Analytics and Google Tag Manager, analytics tools provided by Google Inc., in the Partner Dashboard in order to collect and analyze data about users’ activity. Google Analytics and Google Tag Manager use cookies that collect information allowing Salt Edge to understand how users interact with the Partner Dashboard. Such information contains online identifiers, including cookie identifiers, IP addresses and device identifiers, which may be considered Personal Data under the Applicable Data Protection Laws. Salt Edge has enabled the IP address anonymization feature that prevents the storage of full IP address information in Google Analytics cookies. Google Inc. uses the collected information to provide online reports and other related services that help Salt Edge enhance user experience and evaluate the use of the Partner Dashboard. The collected information may be transferred to and stored in the U.S.A. by Google Inc. or any third-party service providers acting on its behalf. If Authorized Personnel object to the collection and processing of such data by Google Inc., they must install a browser add-on (available at https://tools.google.com/dlpage/gaoptout) which will prevent further collection and transmission of information via Google Analytics cookies. Additional details about Google Analytics cookie usage can be found here.

8. DATA RETENTION AND DELETION

Salt Edge will retain Personal Data for no longer than what is necessary for the purposes for which such Personal Data is collected and processed. The retention period depends on the requirements of the applicable laws or regulations Salt Edge must comply with, the purposes of the collection and processing of Personal Data, and the legitimate interests of Salt Edge to establish, exercise or defend our legal rights in connection with the Partner Terms of Use.

Salt Edge will delete Personal Data of Authorized Personnel from our production servers when:

  • Authorized Personnel request deletion of their Personnel Data;
  • Partner deletes its Partner Account or such account is terminated by Salt Edge in accordance with Partner Terms of Use; or
  • Salt Edge terminates access to the Partner Dashboard and Partner API, and the provision of Services under the Partner Terms of Use.

As a result of the deletion, Personal Data of Authorized Personnel will be deleted and excised permanently from Salt Edge’s production servers, subject to Salt Edge’s right to retain Personal Data or portions thereof: (a) in backup files on its backup servers for a period of up to one (1) month from the date of deletion from the production servers in order to ensure compliance with internal business continuity and disaster recovery procedures; and (b) in log files in order to comply with the requirements of the applicable laws or regulations, to exercise or defend (ongoing) legal claims, and to meet audit or statutory requirements.

It is Partner’s responsibility to ensure that the information relating to Authorized Personnel acting under the Partner Account is accurate and up-to-date. Should any Authorized Personnel leave Partner’s organization, Partner should remove such Authorized Personnel from the Partner Account and provide the required information for the relevant replacement.


9. PERSONAL DATA RIGHTS UNDER GDPR

Taking into account the nature of the processing and the type of Personal Data processed, Authorized Personnel have the right to exercise the following rights as set forth in the GDPR:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure (right to be forgotten)
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • rights in relation to automated decision-making and profiling
  • the right to lodge a complaint with the applicable Supervisory Authority
  • the right to withdraw Consent (provided that the Consent is the legal basis for processing)

Authorized Personnel may exercise any of the foregoing rights at any time by contacting Salt Edge at privacy@saltedge.com. Salt Edge will endeavor to respond to any submitted requests in the manner and as set forth in the GDPR. Where the requests for exercising the rights under GDPR are manifestly unfounded or excessive, in particular because of their repetitive character, or further copies of the Personal Data undergoing processing are requested, Salt Edge may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested.


10. PERSONAL DATA SECURITY

Salt Edge is committed to maintaining the confidentiality, integrity and security of the Personal Data under its custody or control. Salt Edge employs advanced security techniques to safeguard Personal Data against unauthorized access, use and/or disclosure. Salt Edge strictly restricts access to Personal Data in accordance with specific internal procedures governing access to such information. Salt Edge carefully selects the individuals privileged with access to Personal Data in accordance with internal security policies and practices, and each such individual is bound by confidentiality obligations. Access to Salt Edge’s systems requires multiple levels of authentication, and industry-vetted encryption techniques are applied when processing Personal Data.


11. UPDATES TO THIS NOTICE

Salt Edge reserves the right to change this Notice at any time and from time to time in order to reflect changes in the Services or the Applicable Data Protection Laws. If Salt Edge decides to change this Notice in the future, Salt Edge will post an appropriate notice at the top of this page. Any non-material changes (such as clarifications) to this Notice will become effective on the date the changes are posted and any material changes will become effective thirty (30) days from the date of their publication. The date this Notice was last revised appears at the top of this document. Authorized Personnel are advised to print a copy of this Notice for reference and revisit this Notice from time to time to ensure that they are aware of any changes.


12. DATA PROTECTION OFFICER

Salt Edge’s data protection officer can be reached at any time by email at dpo@saltedge.com. in case of any questions with respect to Salt Edge’s collection, use, disclosure or processing of Personal Data. Salt Edge is also registered with the Information Commissioner’s Office - the Supervisory Authority in the United Kingdom (reference number: ZA516320).


13. CONTACT

Any questions, comments or feedback regarding this Notice or any other privacy or security concern may be sent by email to support@saltedge.com.

Salt Edge Limited
Level 39, One Canada Square, Canary Wharf
London E14 5AB
United Kingdom