PRIVACY POLICY
DeskAlerts (ToolbarStudio Inc.) |
|||
Organisation Information Technology |
Type Policy |
||
Subject Privacy Policy |
Effective Date 06.24.2024 |
Replaces 04.12.2024 |
|
Distribution External |
Issued By Information Security |
Approvals Executive Committee |
Next Review 04.12.2025 |
Table of Contents
1. Purpose
3. Uses made of end-users information
4. Purposes for which we will use end-users personal data
5. Marketing
7. Disclosure of end-users information
10. Retention
11. End-users rights
13. Links to and from our site
14. Changes to end-users personal data
15. Changes to our privacy policy
16. Cookies
17. Contact
1. Purpose
ToolbarStudio Inc. ("we", “us” or “our”) are committed to protecting and respecting end-users' privacy.
This policy sets out the basis on which any personal data we collect from end-users, or that end-users provide to us, when end-users visit our website will be processed by us, and when we store end-user’s data in DeskAlerts product.
ToolbarStudio Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ToolbarStudio Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. ToolbarStudio Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.
For the purposes of the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), the Data Protection Act 2018, the UK GDPR, and any future legislation which updates, revokes, supplements or replaces either of them (the “Data Protection Legislation”), the data controller of the data of citizens of countries in the European Economic Area (“EEA”) is ToolbarStudio Inc. (815 N Royal St Ste 202, Alexandria, Virginia, 22314, US).
For any citizen of a non-EEA, non-UK, and/or not Switzerland country, the data controller of end-users’ data is the company with which end-users have dealings.
It is important that end-users read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about end-users so that end-users are fully aware of how and why we are using end-users’ data. This privacy policy supplements the other policies and notices and is not intended to override them.
2. Information we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (known as “anonymous data”).
We may collect, use, store and transfer the following data about users:
- Information end-users give us. This is information about end-users that end-users give us by filling in forms on our website or by corresponding with us by phone, e-mail, trade shows or otherwise. It includes information end-users provide when end-users apply for our services, subscribe to our services or publications, request marketing to be sent to end-users, enter a competition, promotion or survey, when end-users report a problem with one of our sites, and when end-users give us feedback. The information end-users give us may include end-users’ name, end-users’ firm or company, end-users’ practices, address, e-mail address, phone number, gender, marital status, date of birth, financial and credit card information.
- Information we collect about end-users. With regard to each of end-users’ visits to our site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect end-users’ computer to the Internet, end-users’ login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about end-users’ visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products end-users viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
- Information we receive from other sources. We may receive personal data about end-users from various third parties including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers.
As part of the audience synchronization process in the DeskAlerts product, we may collect information about end-users, including their first name, last name, domain, email, and phone number. This synchronization is initiated by the administrator role in the DeskAlerts product on the customer’s side.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from end-users’ personal data but is not considered personal data in law as this data does not directly or indirectly reveal end-users’ identity. However, if we combine or connect aggregated data with end-users’ personal data so that it can directly or indirectly identify end-users, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any special categories of personal data about end-users (this includes details about end-users race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about end-users health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Where we need to collect personal data by law, or under the terms of a contract we have with end-users and end-users fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with end-users (for example, to provide end-users with services). In this case, we may have to cancel a product or service end-users have with us but we will notify end-users if this is the case at the time.
3. Uses made of end-users information
We will only use end-users personal data when the law allows us to. Most commonly, we will use end-users personal information:
- to authenticate end-user in DeskAlerts product and enable the sending of alerts, scrolling tickers, surveys, and other content;
- to carry out our obligations arising from any contracts entered into between end-users and us or to take steps at end-users request before entering into any contracts;
- to comply with any legal obligations to which we are subject; or
- where it is necessary for our or a third party’s legitimate interests, including for the purposes of preventing fraud, except where such interests are overridden by end-users' interests or fundamental rights and freedoms.
Generally, we do not rely on consent as a legal basis for processing end-users personal information other than in relation to sending third party direct marketing communications to end-users via email.
4. Purposes for which we will use end-users personal data
We have set out below, in a table format, a description of all the ways we plan to use end-users personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process end-users personal data for more than one lawful ground depending on the specific purpose for which we are using end-users data. Please contact us if end-users need details about the specific legal ground we are relying on to process end-users personal data where more than one ground has been set out in the table below.
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
To register end-users as a new customer |
Identity and contact details |
Performance of a contract with end-users |
To manage our relationship with end-users which will include: (a) Notifying end-users about changes to our terms or privacy policy; (b) Asking end-users to leave a review or take a survey |
Identity, contact details, and marketing preferences |
(a) Performance of a contract with end-users (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
To enable end-users to partake in a prize draw, competition or complete a survey |
Identity, contact details and marketing preferences |
(a) Performance of a contract with end-users (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
Identity, contact details and technical data such as IP address |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to end-users and measure or understand the effectiveness of the advertising we serve to end-users |
Identity, contact details, technical data such as IP address, marketing preferences |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
Technical data such as IP address |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To use data for an end-user authentication and sending alerts and other content |
end-user employee first and last name, employee phone, email, group and IP address |
Performance of a contract with end-users |
To make suggestions and recommendations to end-users about goods or services that may be of interest to end-users |
Identity, contact details, usage data and marketing preferences |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
5. Marketing
We strive to provide end-users with choices regarding certain personal data uses, particularly around marketing and advertising.
We may use end-users' identity, contact details, usage data, technical data and marketing preferences to form a view on what we think end-users may want or need, or what may be of interest to end-users. This is how we decide which products, services and offers may be relevant for end-users.
End-users will receive marketing communications from us if end-users have requested information from us or purchased services from us or if end-users provided us with end-users details when end-users entered a competition or registered for a promotion and, in each case, end-users have not opted out of receiving that marketing.
We will get end-users express opt-in consent before we share end-users personal data with any company outside the ToolbarStudio Inc. for marketing purposes.
End-users can ask us or third parties to stop sending end-users marketing messages at any time by contacting us at any time.
Where end-users opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
6. Change of purpose
We will only use end-users personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If end-users wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use end-users personal data for an unrelated purpose, we will notify end-users and we will explain the legal basis which allows us to do so.
Please note that we may process end-users personal data without end-users knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7. Disclosure of end-users information
We may have to share end-users personal information with the third parties set out below, or any other third parties notified to end-users, for the purposes set out in paragraph 3 above:
- Professional advisers including lawyers, bankers, auditors and insurers based in the USA.
- Regulators and other authorities who require reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer or mere parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use end-users personal data in the same way as set out in this privacy policy.
- Fraud prevention agencies.
We require all third parties to respect the security of end-users personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use end-users personal data for their own purposes and only permit them to process end-users personal data for specified purposes and in accordance with our instructions.
We may also be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
8. International transfers
If end-users are located in the EU, the UK (and Gibraltar), or Switzerland, some of our external third parties may be based outside the EU, the UK (and Gibraltar), and Switzerland, so their processing of end-users personal data will involve a transfer of data outside the EU, the UK (and Gibraltar), and Switzerland.
Whenever we transfer end-users personal data out of the EU, the UK (and Gibraltar), or Switzerland, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We may transfer end-users personal data to a country where it has been deemed to provide an adequate level of protection for personal data by the European Commission; or
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EU, the UK, and Switzerland; or
Where we use providers based in the US, we may transfer data to them if they are part of the Data Privacy Framework which requires them to provide similar protection to personal data shared between the EU, the UK, Switzerland and the US.
ToolbarStudio Inc. hosts its cloud instances on the AWS cloud. Security and compliance are shared responsibilities between AWS and ToolbarStudio Inc. regarding AWS cloud instances. Please visit the AWS Shared Responsibility Model website to learn more.
If, in the future, ToolbarStudio Inc. does transfer personal information to a third party acting as an agent on its behalf, ToolbarStudio Inc. remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless ToolbarStudio Inc. proves that it is not responsible for the event giving rise to the damage.
Please contact us if end-users want further information on the specific mechanism used by us when transferring end-users personal data out of the EU, UK and/or Switzerland at privacy@deskalerts.com
9. Data security
We have put in place appropriate security measures to prevent end-users personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to end-users personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process end-users personal data on our instructions and they are subject to a duty of confidentiality.
However, the transmission of information via the internet is never completely secure. Although we will do our best to protect end-users personal data, we cannot guarantee the security of end-users data transmitted to our site; any transmission is at the end-users own risk.
We have put in place procedures to deal with any suspected personal data breach and will notify end-users and any applicable regulator of a breach where we are legally required to do so.
10. Retention
We will only retain end-users personal information for as long as is necessary to carry out the purpose for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of end-users personal data, the purposes for which we process end-users personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize end-users personal data (so that it can no longer be associated with end-users) for research or statistical purposes in which case we may use this information indefinitely without further notice to end-users.
11. End-users rights
If end-users are an EEA citizen and/or located in the EU, the UK (and Gibraltar), or Switzerland, then under the Data Protection Legislation and the DPF Principles end-users may be entitled to the following rights:
- Where end-users have provided end-users consent to the processing of end-users personal data for any purpose, end-users have the right to withdraw such consent at any time by contacting us at ToolbarStudio Inc. (address by email to privacy@deskalerts.com ).
- End-users can ask us to rectify any inaccuracies in the personal information that we hold about end-users.
- To request the erasure of personal information that we hold about end-users where there is no good reason for us to continue processing it, where end-users have successfully exercised end-users right to object to processing, where we may have processed end-users information unlawfully or where we are required to erase end-users personal data to comply with local law.
- To object to our processing of end-users personal data where we are relying on a legitimate interest (or that of a third party) and there is something about end-users particular situation which makes end-users want to object to processing on this ground as end-users feel it impacts on end-users fundamental rights and freedoms. End-users also have the right to object where we are processing end-users personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process end-users information which override end-users rights and freedoms.
- To restrict our processing of end-users personal data (a) if end-users want us to establish the data's accuracy; (b) where our use of the data is unlawful but end-users do not want us to erase it; (c) where end-users need us to hold the data even if we no longer require it as end-users need it to establish, exercise or defend legal claims; or (d) end-users have objected to our use of end-users data but we need to verify whether we have overriding legitimate grounds to use it.
- To request a copy of end-users personal data from us in a commonly used and machine-readable format or that we transmit end-users personal data to another data controller.
- Not to be subject to automated decision-making, including profiling, which has legal or other significant effects on end-users.
- To access information held about end-users. End-users will not have to pay a fee to access end-users personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if the end-users request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with end-users' requests in these circumstances.
Any data subject, even located outside of the EEA, can in any case exercise any of the above rights at any time by contacting us at ToolbarStudio Inc. by email to privacy@deskalerts.com
12. Dispute Resolution
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, ToolbarStudio Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact ToolbarStudio Inc. at privacy@deskalerts.com.
ToolbarStudio Inc. will respond within 45 days.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, ToolbarStudio Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR-AAA), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of the ICDR-AAA DPF IRM are provided at no cost to you.
Please note, an individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Please, refer to Annex I for additional information: ANNEX-I-introduction
The Federal Trade Commission has jurisdiction over ToolbarStudio Inc.’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
13. Links to and from our site
Our site may, from time to time, contain links to and from the websites of our partners and affiliates. If end-users follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before end-users submit any personal data to these websites.
14. Changes to end-users personal data
It is important that the personal data we hold about end-users is accurate and current. End-users should please keep us informed if end-users personal data changes during the end-users relationship with us.
15. Changes to our privacy policy
Any changes we make to our privacy policy in the future will be posted on our website. End-users should check back frequently to see any updates or changes to our privacy policy.
16. Cookies
Our website uses cookies to distinguish end-users from other users of our website. This helps us to provide end-users with a good experience when end-users browse our website and also allows us to improve our site. Our cookie policy is available at Cookie Policy.
17. Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to ToolbarStudio Inc. by sending an email to privacy@deskalerts.com.