Prior to your use of the Service, we may request certain personal information about yourself, including, but not limited to, your: (i) first name and last name; (ii) email address; (iii) mailing address; (iv) telephone number(s); (v) organization information; and (vi) credit card information. Such personal information is considered “Personal Data,” which means information that can directly or indirectly identify you as a natural person. There are two types of Personal Data we may collect, including “regular data” and “special categories of personal data.” Regular data may include your name, address, email address, photo, IP address, geographical location data, online behavior (cookies), profiling and analytics data. Special categories of personal data would include race, religion, political opinions, trade union membership, sexual orientation, health information, biometric data, and genetic data. Not all such personal data is collected by us.
Additional information, which may not identify you (as described below) and other Personal Data may include: browser type and version, operating system, information about your visits to and use of the Service including the referral source, length of visit, page views, and website navigation paths; email address, profile information that you voluntarily provide to us, including, e.g. profile pictures, gender, birthday, relationship status, interests and hobbies, educational details, employment details, and credit card information. Information may also include your click history, the times and dates at which you access the Service, the particular portions of the Service you use, and the details of transactions you conduct using the Service.
Personal Data may be collected and/or used by us as a “Controller” as such term is defined in the European Union General Data Protection Regulation (“GDPR”), or our “Processor” designee, which is also defined within the GDPR. A “Controller” is a person or entity that determines the purposes and means of the processing of personal data. As such, we will endeavor to implement appropriate technical and organizational measures to ensure that such processing activities, if any, protect your privacy. A “Processor” stores or maintains data on behalf of a Controller, but does not decide which items of personal data are going to be stored, or how that data is used.
Whether as a Controller or Processor, we will adhere to the following data protection (privacy) principles. Personal Data will be processed lawfully, fairly and transparently. Upon request, we will be clear and transparent about how your personal data is going to be processed, by whom and why. Personal Data will be collected only for specific legitimate purposes, and it will be relevant and limited to that which is necessary. Provided that you communicate to us updated information, we will keep your Personal Data accurate and up to date. We will only store it for so long as is necessary, and we will ensure appropriate security, integrity and confidentiality against unauthorized processing and against accidental loss, destruction or damage.
In the event of any data breach, you will be notified without undue delay and, in no event, later than 72 hours of our discovery of any such breach, including whether we believe there is any risk to your rights and freedoms (e.g., identity theft and personal safety). There is an exception where the data breach is unlikely to result in any harm to you. In the event of a breach, you will be notified of: (1) a description of the data breach, including the number of data subjects affected and the categories of data affected; (2) the name and contact details of our privacy personnel; (3) the likely consequences of the data breach; and (4) any measures taken to remedy or mitigate the breach. We may be exempt if the risk of harm is remote because the affected data are protected (e.g., through strong encryption), we have taken measures to protect against the harm (e.g., suspending affected accounts), or the notification requires disproportionate effort (in which case a public notice of the breach is required). We will keep records of all data breaches, including the facts and effect of the breach and remedial action taken. Credit card information is used solely for billing purposes, and is encrypted and transmitted securely via HTTPS to Stripe (our payment processing provider) for processing. More information on Stripe security is available here. Your credit card information is never stored on the Service’s systems anywhere.
We may also record information about your use of the Service, such as your local internet address.
Your personal information remains your property at all times, subject to the permissive uses granted hereunder.