EU General Data Protection Regulation Privacy Notice
Effective Date: December 8th, 2019
This Privacy Notice applies to Idaealy Solutions, LLC, WebKlaxon Series ("Company") and is intended to comply with the European Union’s (“EU”) General Data Protection Regulation (“GDPR”). This Privacy Notice applies to personal data that the Company collects or processes about an individual (“Data Subject”) while the Data Subject is located in the EU, regardless of whether the Data Subject is a citizen or permanent resident of an EU country. “Personal Data” means any information relating to an identified or identifiable Data Subject.
Lawful Basis or Bases for Collecting and Processing Personal Data
Company is a business that offers data monitoring and analysis services. The business collects, processes, and uses Personal Data to communicate and invoice to its customers.
The Company’s lawful basis for collecting and processing personal data include the following:
- Processing is necessary for the legitimate interests pursued by Company or third parties in promoting the use of Company's services.
- Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which Company is subject.
- The Data Subject has given consent for the processing of his or her Personal Data for one or more specific purposes. In the case of a Data Subject who is under 16 years of age, consent must be given or authorized by the Data Subject’s parent or legal guardian.
- Processing is necessary for the performance of a task carried out in the public interest.
Types of Personal Data Collected/Processed and Purpose
Company collects and processes the following categories of Personal Data in order to run its business activities.
- Contact information including, without limitation, email address, physical address, phone number, and other location data
- IP address, and other unique personal identifiers and biographical information (e.g. date of birth)
- Photographs of you
- Details of your education and/or employment qualifications
- Information related to visa requirements, copies of passports and other documents to ensure compliance with U.S. laws
- Financial information gathered for the purposes of administering subscriptions, fees and charges, loans, etc.
- Information related to the prevention and detection of crime and the safety of employees
The Personal Data that the Company collects may be shared with other company offices and collaborating institutions to review, process and/or provide financial oversight of contracts. Personal data may also be shared with other institutions to ensure compliance with export control regulations and shared with federal agencies involved in the oversight of compliance.
If you have specific questions regarding the collection and use of your Personal Data, please contact us.
If Data Subject refuses to provide Personal Data that Company requires in connection with the business's lawful basis for collecting such Personal Data, such refusal may make it impossible for Company to provide requested services.
Where Company gets Personal and Sensitive Personal Data
Company receives personal and sensitive Personal Data from multiple sources. Most often, the Company gets this data directly from the Data Subject or under the direction of the Data Subject who has provided it to a third party.
Individual Rights of the Data Subject under the GDPR
In addition to the right to receive the information provided in this Privacy Notice, Data Subjects covered by this Privacy Notice have the right to:
- Request from Company access to and rectification or erasure of Personal Data or restriction of processing concerning the Data Subject, the right to object to processing and the right to portability of Personal Data;
- Where processing is based upon consent, to withdraw consent at any time, without affecting Company’s right to process Personal Data based upon consent before its withdrawal;
- The right to file a complaint with a supervisory authority appointed by an EU member state for the purpose of receiving complaints;
- Additional notice of the existence of automated decision-making, including profiling;
- If the Personal Data is going to be further processed for a purpose other than that for which it was collected, then notice of the purpose and basis for the further processing;
- If Personal Data is collected for Company’s legitimate interests or for a task carried out in the public interest, then the Data Subject has the right to object, on the grounds of his or her particular situation, to the processing of Personal Data concerning him or her (including profiling);
- Where Personal Data are processed for direct marketing purposes, the right to object at any time to processing Personal Data concerning him or her for such marketing; and
- Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her; provided, however, that this right does not apply if the decision is (a) necessary for entering into, or performance of, a contract between the Data Subject and Company; or (b) is based upon the Data Subject’s consent.
- Note: Excercising any of these rights guarantees access to a process but does not guarantee any particular outcome.
Any Data Subject who wishes to exercise any of the above-mentioned rights may do so by filling such request with the Company.
Cookies are files that many websites transfer to users’ web browsers to enable the site to deliver personalized services or to provide persistent authentication. The information contained in a cookie typically includes information collected automatically by the web server and/or information provided voluntarily by the user. Company’s website uses persistent cookies in conjunction with a third party technology partner to analyze search engine usage and web traffic patterns. This information is used in the aggregate to monitor and enhance our web pages. It is not used to track the usage patterns of individual users.
Security of Personal Data subject to the EU GDPR
All Personal Data and sensitive Personal Data collected or processed by Company under the scope of the GDPR must comply with the security controls and systems and process requirements and standards set forth in Company’s Policies and Procedures as they are amended from time-to-time.
Company will not share your Personal Data with third parties except:
- as necessary to meet one of its lawful purposes, including but not limited to, its legitimate interest, contract compliance, pursuant to consent provided by the Data Subject, or as required by law;
- as necessary to protect Company’s interests;
- with service providers acting on Company’s behalf who have agreed to protect the confidentiality of the Personal Data.
Company maintains records for the time periods specified in its Records Retention and Disposal Policy or in compliance with the requirements of the sponsor and relevant regulations.