Date Last Revised: 10 September 2019
"Applicable Data Protection Laws" means the Data Protection Act, GDPR and laws implementing or supplementing the GDPR in each Member State, as amended, replaced or superseded from time to time, and that are applicable in the jurisdiction of Authorized Personnel as regards the privacy, protection, processing, collection, use or disclosure of Personal Data.
"Consent", "Controller", "Personal Data", "processing" (including its derivatives), "Processor" and "Supervisory Authority" as used in this Notice shall have the meanings given to such terms in the GDPR.
"Data Protection Act" means the Data Protection Act 2018 (c.12) of the United Kingdom.
"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
By registering a Partner Account and using the Services, each of the Authorized Personnel acknowledges and confirms that he/she (i) is at least eighteen (18) years old, or of the legal age of majority in the jurisdiction applicable to such Authorized Personnel, and (ii) has carefully reviewed this Notice and consents to the collection, use, and processing of their Personal Data as described in this Notice.
3. COLLECTION OF PERSONAL DATA
When creating a Partner Account, Salt Edge will collect certain information, including Personal Data relating to Authorized Personnel, such as:
- first name/last name;
- the name of the company represented by such Authorized Personnel;
- email address;
- password; and
- any other information that Salt Edge may require during the registration or post-registration of Partner Account in order to validate Partner’s intended use of the Services and/or upgrade the status of Partner Account.
4. LEGAL BASIS FOR PROCESSING
Salt Edge’s legal bases for processing the Personal Data collected as described in this Notice will depend on the type of Personal Data and the circumstances under which it is collected. Salt Edge will collect and process Personal Data based on the following legal bases:
- processing is necessary for compliance with a legal obligation to which Salt Edge is subject;
- processing is based on Authorized Personnel’s Consent when subscribing to receive Salt Edge’s newsletter or other informational emails on Salt Edge’s products and services.
If there is another legal basis for Salt Edge to collect and process Personal Data, Salt Edge will provide the required notification to Authorized Personnel at or before the time the Personal Data is collected.
5. USE OF PERSONAL DATA
Salt Edge will use and process the collected Personal Data of Authorized Personnel for the following purposes:
- to provide, maintain, administer, support, protect and improve the Services;
- to handle and process enquiries submitted by Partner;
- to send system alert messages relating to the Services and Partner Account;
- to send Salt Edge’s newsletter and product updates to which Authorized Personnel has subscribed;
- to investigate any illegal or fraudulent activity in connection with the Services or under the Partner Account;
- to protect the rights, property and safety of Salt Edge and third parties;
- to comply with legal obligations to which Salt Edge is subject; and
- to respond to Authorized Personnel’s requests for exercising their rights under the Applicable Data Protection Laws.
6. DISCLOSURES AND TRANSFERS
Salt Edge will disclose or transfer Personal Data to third parties to the extent necessary or required in order to provide the Services, or for business or legal reasons. Personal Data may be processed in and transferred to jurisdictions other than Authorized Personnel’s country of residence which may have different data protection and privacy laws. In this respect, Salt Edge may disclose or transfer Personal Data as follows:
- disclosure and/or transfer to subcontractors: Salt Edge has put in place adequate contractual (including data protection, confidentiality and security provisions) and other technical and organizational measures with subcontractors that Salt Edge may engage from time to time in connection with the provision, operation, security and/or maintenance of the Partner Dashboard, Partners API, Services or any part thereof. At the date of this Notice Salt Edge engages the parent company Salt Edge Inc. as subcontractor.
- disclosure and/or transfer to Processors: Salt Edge may disclose and/or transfer Personal Data to Processors engaged by Salt Edge to carry out the processing of Personal Data on Salt Edge’s behalf in connection with the provision of Services. Salt Edge will ensure that any engaged Processor provides sufficient guarantees that appropriate technical and organizational measures are implemented and that processing of Personal Data by Processor will meet the requirements set forth in this Notice and the Applicable Data Protection Laws. At the date of this Notice Salt Edge engages the parent company Salt Edge Inc. as Processor.
- disclosure for legal reasons: Salt Edge may disclose Personal Data when Salt Edge believes in good faith that the disclosure of such information is reasonably necessary or appropriate:
- to comply with the Applicable Data Protection Laws, any subpoena, enforceable request from the competent authorities, or other legal process;
- to help detect, curb or investigate fraud or other prohibited or illegal activities that affect or hurt the interests of Salt Edge or third parties;
- to identify, contact or bring legal action against someone who may be causing injury to, or interference with (either intentionally or unintentionally), Salt Edge’s rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities; and
- to help Salt Edge comply with a legal obligation to which Salt Edge is subject, or accounting or security requirements, in which case Salt Edge may disclose such information to its auditors, professional consultants, accountants and/or legal advisors.
In all the foregoing cases, Salt Edge will disclose Personal Data only as required or permitted by the Applicable Data Protection Laws.
- First-party cookies: Salt Edge uses session cookies and persistent cookies when Authorized Personnel navigate in the Partner Dashboard and use the Services. These types of cookies are essential to the operation of the Partner Dashboard and the provision of Services. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the individual’s computer. They store information in the form of a session identification that does not personally identify the individual. The persistent cookies are set with expiration date and are stored on the individual’s hard drive until they expire or are deleted. Salt Edge does not collect any Personal Data in the session and persistent cookies. Salt Edge uses session and persistent cookies for technical purposes, including but not limited to verifying the origin of requests, distributing requests among multiple servers, authenticating Authorized Personnel and determining what functionality of the Services or areas within the Partner Dashboard such Authorized Personnel are allowed to access.
8. DATA RETENTION AND DELETION
Salt Edge will delete Personal Data of Authorized Personnel from our production servers when:
- Authorized Personnel request deletion of their Personnel Data;
As a result of the deletion, Personal Data of Authorized Personnel will be deleted and excised permanently from Salt Edge’s production servers, subject to Salt Edge’s right to retain Personal Data or portions thereof: (a) in backup files on its backup servers for a period of up to one (1) month from the date of deletion from the production servers in order to ensure compliance with internal business continuity and disaster recovery procedures; and (b) in log files in order to comply with the requirements of the applicable laws or regulations, to exercise or defend (ongoing) legal claims, and to meet audit or statutory requirements.
It is Partner’s responsibility to ensure that the information relating to Authorized Personnel acting under the Partner Account is accurate and up-to-date. Should any Authorized Personnel leave Partner’s organization, Partner should remove such Authorized Personnel from the Partner Account and provide the required information for the relevant replacement.
9. PERSONAL DATA RIGHTS UNDER GDPR
Taking into account the nature of the processing and the type of Personal Data processed, Authorized Personnel have the right to exercise the following rights as set forth in the GDPR:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure (right to be forgotten)
- the right to restrict processing
- the right to data portability
- the right to object
- rights in relation to automated decision-making and profiling
- the right to lodge a complaint with the applicable Supervisory Authority
- the right to withdraw Consent (provided that the Consent is the legal basis for processing)
Authorized Personnel may exercise any of the foregoing rights at any time by contacting Salt Edge at email@example.com. Salt Edge will endeavor to respond to any submitted requests in the manner and as set forth in the GDPR. Where the requests for exercising the rights under GDPR are manifestly unfounded or excessive, in particular because of their repetitive character, or further copies of the Personal Data undergoing processing are requested, Salt Edge may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested.
10. PERSONAL DATA SECURITY
Salt Edge is committed to maintaining the confidentiality, integrity and security of the Personal Data under its custody or control. Salt Edge employs advanced security techniques to safeguard Personal Data against unauthorized access, use and/or disclosure. Salt Edge strictly restricts access to Personal Data in accordance with specific internal procedures governing access to such information. Salt Edge carefully selects the individuals privileged with access to Personal Data in accordance with internal security policies and practices, and each such individual is bound by confidentiality obligations. Access to Salt Edge’s systems requires multiple levels of authentication, and industry-vetted encryption techniques are applied when processing Personal Data.
11. UPDATES TO THIS NOTICE
Salt Edge reserves the right to change this Notice at any time and from time to time in order to reflect changes in the Services or the Applicable Data Protection Laws. If Salt Edge decides to change this Notice in the future, Salt Edge will post an appropriate notice at the top of this page. Any non-material changes (such as clarifications) to this Notice will become effective on the date the changes are posted and any material changes will become effective thirty (30) days from the date of their publication. The date this Notice was last revised appears at the top of this document. Authorized Personnel are advised to print a copy of this Notice for reference and revisit this Notice from time to time to ensure that they are aware of any changes.
12. DATA PROTECTION OFFICER
Salt Edge’s data protection officer can be reached at any time by email at firstname.lastname@example.org. in case of any questions with respect to Salt Edge’s collection, use, disclosure or processing of Personal Data. Salt Edge is also registered with the Information Commissioner’s Office - the Supervisory Authority in the United Kingdom (reference number: ZA516320).
Any questions, comments or feedback regarding this Notice or any other privacy or security concern may be sent by email to email@example.com.
Salt Edge Limited
Level 39, One Canada Square, Canary Wharf
London E14 5AB