Yes! If you are based in the European Union (EU) and use our Services, you agree to these additional terms pertaining to the General Data Protection Regulation (the “GDPR Addendum”).
We are committed to complying with the GDPR when handling Account and Marketing Data about our users based in the EU. The GDPR regulates the collection, processing, and transfer of an end user’s personal data if the user is located in the EU.
1. Processing Personal Data. The Account and Marketing Data the Company may process is described in the Policy. The legal basis for our processing of Account and Marketing Data is your consent. For certain Account and Marketing Data, processing is also necessary for the performance of a contract to which you are a party. In addition, we may process any of your personal data where such processing is necessary for compliance with applicable laws. To use the Site, you do not have to provide us with your name or contact information. However, you must provide us with your name and contact information when using the Services. We will not be able to provide all of our Services to you if you do not provide your name and contact information.
2. Your Rights under GDPR. Your rights in relation to your personal data under the GDPR include the following:
2.1. Right to Access – If you request from us, we will confirm whether we are processing your personal data and provide you with a copy of that personal data.
2.2. Right to Data Portability – You may obtain your personal data from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal data in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal data directly to another data controller;
2.3. Right to be Erased – We delete your personal data when it is no longer needed for the purposes for which you provided it, or for the duration required for compliance with applicable law, whichever is longer. We will delete your personal data upon your written request if deletion does not contravene any applicable laws. If we have shared your personal data with any third parties, we will take reasonable steps to inform those third parties to delete your personal data;
2.4. Right to Object to Processing – You may request that we stop processing your personal data at any time, and we will do so to the extent required by the GDPR;
2.5. Right to Rectification – If the personal data we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take every reasonable step to ensure personal data which is inaccurate is rectified. If we have shared your personal data with any third parties, we will tell them about the rectification where possible;
2.6. Right to Report to a Supervisory Authority – You may report any concerns you have about our privacy practices to the relevant data protection supervisory authority.
2.7. Right to Restrict Processing – You may request that we restrict or block the processing of your personal data in certain circumstances. If we have shared your personal data with third parties, we will tell the third parties about this request where possible;
2.8. Right to Withdraw Consent – You may withdraw your content at any time if the basis of our processing of your personal data is consent.
Where your personal data is processed for the purposes of direct marketing, you have the right to object to such processing. If you would like to exercise any of the above rights, please contact us at email@example.com.
International Transfer of Data. The Account and Marketing Data may be transferred to, and stored in, a country operating outside the European Economic Area (EEA). Under the GDPR, the transfer of personal data to a country outside of the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal data provided appropriate safeguards are in place.
Some of the Account and Marketing Data we collect is processed in the United States (where our registered office is located). This country is not subject to an adequacy decision by the European Commission and instead, in transferring your personal data to this country, we take other appropriate safeguards as prescribed by the GDPR. We adhere to the guidelines under the EU-US Privacy Shield framework.
Data Retention Policy. Account and Marketing Data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.
Contact Us. If you have any questions about this Policy, and its addendums, please reach out to us at firstname.lastname@example.org.