Effective Date: December 7, 2018
- “Client” means a customer of IFDAQ.
- “Client Data” means personal data, reports, preferences in electronic form that a User of the Service stores within the Service.
- “Personal Data” means any information relating to an identified or identifiable natural person.
- “Public Area” means the area of the Site that can be accessed both by Users and Visitors, without needing to log in.
- “Restricted Area” means the area of the Site that can be accessed only by clients and users, and where access requires logging in.
- “User” means an employee, agent, or representative of a Client, who primarily uses the restricted areas of the Site for the purpose of accessing the Service in such capacity.
- “Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.
- Information We May Collect & Process
We collect different types of information from your use of our Website with your specific knowledge and consent. The processing is necessary for providing the Service and the processing of which is carried out in our legitimate interests, which are further explained in the section “How We Use the Information We Collect” of this Policy. We may also process data upon your consent, asking for it as appropriate.
- Contact information (such as your name, email address, postal address, telephone number and any other personal data) that you provide by completing forms on the Website, including if you register and create an account on the Website;
- Details of any transactions made by you;
- Personal data that may be contained in communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding the Website or its content;
- Credit/debit card information;
- Information about your use and navigation of our Website, such as your IP address and other device identifiers, your operating system and browser type, and information about the Website pages you visit, collected by cookies or other tracking technologies; and
- Personal information collected from third parties, such as data that you agree to share with us on publicly accessible social networks (e.g., Facebook, Instagram, etc.) and/or that we may collect from other publicly accessible databases.
You are under no obligation to provide any such information. Providing your personal data to us (in particular, your personal details, your email, your address, your credit/debit card numbers and bank code and your telephone number) is necessary for processing your order for the purchase of services on the Website, supplying other services provided on the Website upon your request, or when your personal data is needed to fulfil obligations required by law or regulations. The refusal to provide us with any personal data necessary for performing the above purposes may consequently prevent us from processing your order for the purchase of products sold on the Website or fulfilling obligations required by law and other regulations. Therefore, failure to provide personal data may constitute, in some cases, a legitimate and justified reason for not processing your order for the purchase of products sold on the Website or not providing the Website’s services.
Disclosure of further personal data to us other than that required for fulfilling legal or contractual obligations and to properly browse our services with necessary traffic data is, on the contrary, optional and does not have any effect on the use of the Website and of its services or on the purchase of products on the Website. We will inform you at every step whether disclosing your personal data to us is required or optional by marking with an appropriate symbol (*) the information that is required, or data needed for the purchase of products and/or for the provision of requested services on the Website.
- Information We Do Not Collect & Process
We do not collect or otherwise Process Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive under GDPR (collectively, “Sensitive Personal Information”) in the ordinary course of our business.
Where it becomes necessary to Process Sensitive Personal Information under GDPR, we would rely on one of the following legal bases:
- Compliance with applicable law: We may Process your Sensitive Personal Information where the Processing is required or permitted by applicable law;
- Detection and prevention of crime: We may Process your Sensitive Personal Information where the Processing is necessary for the detection or prevention of crime (including the prevention of fraud);
- Establishment, exercise or defense of legal rights: We may Process your Sensitive Personal Information where the Processing is necessary for the establishment, exercise or defense of legal rights; or
- Consent: We may Process your Sensitive Personal Information where we have, in accordance with applicable law, obtained your prior, express consent prior to Processing your Sensitive Personal Information.
- Children: The Services are not intended for use by children, especially those under 18. No one under the age of 13 should provide any Personal Information. We do not knowingly collect Personal Data from children under the age of 18 without obtaining parental consent. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 18 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the Service, then you may alert us at firstname.lastname@example.org and request that we delete that child’s Personal Data from our systems.
- How We Collect Information
We may collect User Information about you from the following sources:
4.1 User-provided Information - We may obtain your Personal Information when you provide it to us across our Services (e.g. register for site membership or create a profile or account on any part of the Services; perform search queries through the Website; contact us via email, telephone or by any other means. We may also collect or obtain your Personal Information that you clearly choose to make public, including via social media (e.g., we may collect information from your social media profile(s) if you make a public post about us.
- How We May Use Your Information
The purposes for which we process your personal data are the following:
- Administer your account with us, verify and carry out financial transactions in relation to payments you make, audit the downloading of data from the Website
- Identify visitors to the Website, carry out data analytics and market research, Carry out data enrichment, such as by analyzing your product preferences, interactions with the Website together with data collected from third parties, such as data that you agree to share with us on social networks (e.g., Facebook, Instagram, etc.) and/or that we may collect from publicly accessible databases, Correspond with you to resolve your queries or complaints
Whenever we process your personal data, we do so on the basis of a lawful "justification" (or legal basis) for processing. In the majority of cases, the processing of your personal data will be justified on one of the following bases:
- processing is necessary to perform a contract with you or take steps that you have requested in order to enter into a contract (e.g., sale contract);
- processing is necessary for us to comply with a legal obligation;
- processing is in our legitimate interests as a business, and our interests are not overridden by your interests, fundamental rights or freedoms. Our legitimate interests may include our interest in using customer and Website user personal data to conduct and develop our business activities (including by carrying out standard marketing activities), with current and potential customers and Website users; and in establishing, exercising or defending legal claims; or
- processing is based on your prior explicit consent, such as segmented and customized marketing activities.
- Cookies and Analytics
Tracking Technologies & Analytics-
Tracking technologies on the Services may be deployed by IFDAQ and/or by our service providers, or partners. Certain tracking technologies enable us to assign a unique identifier to you, and relate information about your use of the Services to other information about you, including your User Information. We may match information collected from you through different means or at different times and use such information along with offline and online information obtained from other sources (including from third parties), including, but not limited to, demographic information and updated contact information.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need to know basis to resolve technical issues, administer the Site and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify Visitors or Users.
We and our partners (including but not limited to affiliates, and analytics providers) also may use technologies such as pixel tags, e-tags, IP addresses, Local Shared Objects, Local Storage, Flash cookies and HTML5 to analyze trends; administer the Services; collect and store information such as user settings, anonymous browser identifiers and video viewing history; supplement our server logs and other methods of traffic and response measurement; track users’ location and movements around the Services; gather demographic information about our user base; and to improve our understanding of traffic on the Services, visitor behavior, and responses to promotional campaigns. We may receive reports based on the use of these technologies by these third-party companies on an individual and aggregated basis. For example, we may connect information about your IP address to known corporate or User Information and use the associated information related to aggregate content preferences to assist in our efforts to market services to you or the originating corporation(s). Various browsers may offer their own management tools for removing Local Storage. To manage Flash Local Shared Objects please click here.
- Information We Disclose to Third Parties
We may disclose your personal data to any of our affiliate companies, for legitimate business purposes (including operating the Website, and providing services to you), in accordance with applicable law, or to our service providers who assist us in providing the services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analyzing data, providing support services or in performing other tasks, from time to time. For the avoidance of doubt, we will get your express opt-in consent before we share your personal data with any third- party company other than IFDAQ for marketing purposes. We may also share your personal data with third parties in connection with potential or actual sale or restructuring of our company or any of our assets, or those of any associated company, in which case personal data held by us about our users may be one of the transferred assets. We will also respond to requests for personal data where required to do so by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.
7.1 Law Enforcement, Legal Process and Compliance - We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.
- Transfer of Information
Because of the international nature of our business, we may need to transfer your User Information to third parties as noted in Section 9 above, in connection with the purposes set out in this Policy. For this reason, we may transfer your User Information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located. The IFDAQ is committed to subjecting all Personal Information received from European Union (E.U.) member countries and Switzerland. Information collected through our website may be stored and processed in the United States, Europe, or any other country. We may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or European Economic Area, please note that we will not transfer information, including personal data, to a country outside of the European Union or European Economic Area.
To ensure the protection of your personal data is consistent with applicable law, such transfers outside your country of residence or the EEA will be made pursuant to the EU Model Clauses, the EU-US or CH-US Privacy Shield certification. We will comply with GDPR requirements providing adequate protection for the transfer of personal information from Europe to the U.S. Binding Corporate Rules or other acceptable legal mechanisms of which you can request a copy via email@example.com.
- Data Security
We place great importance on the security of all personal data associated with our users. We have adopted security measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access. For the best possible protection of your personal data outside the limits of our control, your device should be protected (such as by updated antivirus systems) and your internet service provider should take appropriate measures for the security of network data transmission (such as, for example, firewalls and anti-spam filtering).
While we take reasonable steps to protect your personal data, we cannot guarantee that the personal data you disclose to us will be 100% secure, nor that any data breach will not occur. Because the internet is an open system, the transmission of information via the internet is not completely secure. You accept the inherent security implications of dealing on-line over the Internet and will not hold IFDAQ or its processors responsible for any data breach. Any such transmission is at your own risk and you are responsible for ensuring that any Personal Information that you send to us are sent securely.
- Data Retention
We take every reasonable step to ensure that your User Information is only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will keep your User Information are as follows: we will retain copies of your User Information in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period.
We generally retain your personal data for three years from the end of our relationship or from the last contact from you, unless local law requires otherwise. However, in some circumstances we may retain personal data for longer periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements.
In specific circumstances we may also retain your personal data for longer periods of time corresponding to the applicable statute of limitations so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
- Your Choices: What Can you Do to Control your Information?
You may directly take steps to change your preferences as follows:
- Location Based Services - You may opt-out of having your Precise Location Data collected by The IFDAQ at any time by editing the appropriate setting on your mobile device (which is usually located in the Settings area of your device).
- Navigation Information - You may opt out from the collection of navigation information about your visit to the Site by Google Analytics by using the Google Analytics Opt-out feature.
- EU Residents - GDPR provides certain rights for EU residents. You may decline to share certain information with us, in which case we may not be able to provide some of the features and functionality of the Website. These rights include, in accordance with applicable law, the right to object to or request the restriction of processing of your information, and to request access to, rectification, erasure and portability of your own information. Where we process your information on the basis of your consent, you have the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Information in reliance upon any other available legal bases). Requests should be submitted by contacting us (using the contact instructions in Section 14 below). If you are an EU resident and have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Supervisory Authority and lodge a complaint.
- Do not Track Policy - Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the website or online service that a user visits, indicating that the user does not wish to be tracked. IFDAQ does not act on “do not track” requests from your browser because, there is not yet a common understanding of how to interpret Do Not Track signals and this way, we are able to personalize your experiences on our Websites.
- Privacy Settings - Although we may allow you to adjust your privacy settings to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons.
- Your Rights
You have the following rights with respect to your personal data:
- you contest the accuracy of the personal data until we have taken sufficient steps to correct or verify its accuracy;
- the processing is unlawful, but you do not want us to erase the data;
- we no longer need your personal data for the purposes of the processing, but you require such data for the establishment, exercise or defense of legal claims; or
- you have objected to processing justified on legitimate interest grounds (see below) pending verification as to whether we have overriding compelling legitimate grounds to continue processing.
- Where personal data is subject to restriction in this way, we will only process it with your consent or for the establishment, exercise or defense of legal claims.
You also have the right to lodge a complaint with a supervisory authority if you consider that
the processing of your personal data infringes applicable law.
For further information regarding your rights, to exercise any of your rights, or if you have any complaints or questions regarding the processing of your personal data please contact firstname.lastname@example.org.
- How to Contact Us
Please contact us with any questions, comments or concerns about any of the information in this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at email@example.com. If you are an EU resident, for matters relating to privacy and data protection, you may contact our Data Protection Officer by email at firstname.lastname@example.org.