Data Protection Officer
Our President acts as our Data Protection Officer. The Data Protection Officer is responsible for assisting our personnel and subcontractors in ensuring that privacy policies and procedures are implemented and followed and may be contacted using the contact information in the “Contact Information” section below.
What Data Do We Collect and How Do We Process It?
- We may collect and process data about your use of our website (“usage data”). The usage data may include your internet protocol IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is monitoring and improving our website and services.
- We may collect and process your personal data (“account data”). The account data may contain standard, non-sensitive information including your name, e-mail address, employer, job title, company address, industry and phone number. The source of the account data is you or your employer and the account data may be collected when you submit an inquiry form on our website, subscribe to a newsletter or correspond with us by phone or e-mail.
The account data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is your consent or the performance of a contract between you and us or taking steps, at your request, to enter into such a contract.
You are not required to provide us with account data in order to access or use portions of our website, but you may be unable to access the entirety of the website (including without limitation portions we make available only to subscribers) and you will be unable to contact us or receive (or engage to receive) services.
- We do not collect or receive any Individually Identifiable Health information (IIHI) (any information that is a subset of health information, including demographic information collected from an individual that relates to the past, present or future physical or mental health condition of an individual and that identifies the individual; or with respect to which there is a reasonable basis to believe the information can be used to identify the individual) and is not considered a Covered Entity or Business Associate of such an Entity by regulatory definition. Should we come into possession of such information we shall ensure that it is de-identified (health information that is not considered individually identifiable because particular identifiers specified in the regulations are removed from the health information) and will otherwise treat and protect such information in accordance with applicable regulations. Further, we will treat Potentially Sensitive Personal Information (PSPI) of a personal nature (e.g., Financial Records, Bank Records, etc.) in a manner consistent with its sensitivity.
- Our website uses Google Analytics and HubSpot to collect usage data. This usage data may contain information about the website that you came from, the pages of our website which you visit, IP addresses, the type of browser you use and the times you access this website. This is statistical data about our users’ browsing actions and does not identify any individual.
- No collected usage data is linked to any Personally Identifiable Information. Our marketing system uses this data to provide you with a smooth, efficient and personalized experience while using our services. When Google Analytics and HubSpot collect usage data, they are data processors. Both companies have data processing policies compliant with the EU General Data Protection Regulation (GDPR).
Data Disclosure and Storage
- We do not sell, rent or lease collected data to any third parties. As your data controller, we are responsible for your information and keep your data stored on secure cloud providers, including Microsoft 365, Mailchimp, Code Two and HubSpot, in accordance with applicable data protection laws.
- We may retain account data until such time that it is requested to be removed, in accordance with applicable international regulations and our policies.
- We may share your data for conducting business and when it is explicitly necessary to share your information to fulfill our obligations to you. In those circumstances, we will share data with our trusted vendors and service partners that have an obligation not to use that data for any purpose other than to perform services for us. We also may share data with parties regarding which you specifically have requested information, including without limitation service suppliers or customers that also have signed up for accounts on our website.
- Our main offices are located in the United States. If you live in another jurisdiction, your data may be transferred into the United States for storage and processing, in compliance with applicable law.
- We do not use any automated decision-making in the provision of any of our services.
Your Rights Over Your Personal Data We Hold
- You can reasonably request access to the personal data we hold on you, in a commonly used and machine-readable format (sometimes referred to as “data portability”), at any time, and we will provide that information free of charge within 28 days of your request at the latest. To make a request, contact us at the information below.
- You can request inaccurate or incomplete personal data held on you to be rectified or completed or for your personal data to be restricted or suppressed, and we will respond within 28 days of your request at the latest. To make a request, contact us at the information below.
- You have a right to be forgotten or for your personal data to be erased, and a right to withdraw your consent or otherwise object to our use of your personal data. You can ask us to erase your personal data at any time or withdraw our right or object to our use of your personal data by contacting us at the information below.
- If you request that your personal data be restricted, suppressed or erased, or you withdraw your consent or object to our use of your personal data, we may no longer be able to provide services to you. We will inform you of any such limitation when we respond to your request.
- If you live in a EU member state, you have a right to file a complaint regarding our use of your personal data with a local data protection authority. If you would like information about the local data protection authority in your jurisdiction, please contact us at the information below.
Changes to This Policy
We will post any changes that we make to this policy on this page, and for substantive revisions, we will note the changes in the “Revision History” section below. If we make material changes to how we treat your personal data, we will notify you either by email or through a separate notice on the website.