Privacy Policy

Privacy Policy

Effective Date: May 23, 2018

Introduction

Cyanotech Corporation (“Cyanotech”, “us”, “we” or “our”) respects your privacy and is committed to protecting it through our compliance with this privacy policy (“Privacy Policy”), which was created to advise you about our information policies and practices, such as the types of information we collect and how we may use that information, and to inform you about your privacy rights and how the law protects you. This Privacy Policy applies to our website www.cyanotech.com (the “Website” as defined below).

Please read the following carefully to understand our policies and practices regarding your personal information and how we will treat it. You should review this Privacy Policy carefully, because if you do not agree with our practices, your ultimate choice is not to use the Website. By using any part of our website, you accept and agree to our privacy practices. If we update this Privacy Policy, your continued use of our website (means that you accept and agree to the terms of any revisions to our Privacy Policy, so please check the policy periodically for updates.

This Privacy Policy is provided in a layered format so you can click through to the specific areas set out below.

Individuals in the European Union (“EU”) should be sure to read the important information provided here, in addition to the other provisions in this Privacy Policy.

  1. IMPORTANT INFORMATION AND WHO WE ARE 
  2. THE INFORMATION WE COLLECT ABOUT YOU 
  3. HOW IS YOUR PERSONAL INFORMATION COLLECTED 
  4. HOW WE USE YOUR PERSONAL INFORMATION 
  5. DISCLOSURES OF YOUR PERSONAL INFORMATION 
  6. YOUR CHOICES 
  7. DATA SECURITY 
  8. USERS OUTSIDE OF THE UNITED STATES AND INTERNATIONAL TRANSFERS 
  9. CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS 
  10. QUESTIONS
  11. ADDITIONAL INFORMATION FOR RESIDENTS OF THE EUROPEAN UNION 

 
1. IMPORTANT INFORMATION AND WHO WE ARE
A. APPLICATION OF THIS PRIVACY POLICY
This Privacy Policy applies to www.cyanotech.com and all other websites, features, or online services that are owned or controlled by Cyanotech and that post a link to this Privacy Policy (collectively, the “Website”), whether accessed via computer, mobile device, or otherwise. Note, however, this Privacy Policy does not apply to your use of unaffiliated websites that link to our Website. Once you enter another website, whether through an advertisement, service, or content link, be aware that we are not responsible for the privacy practices of such other websites. Furthermore, this Privacy Policy only covers information collected on the Website or via e-mail and does not cover any information collected by us through other means, such as direct mail, paper applications, in person communications, or other offline methods (unless specifically stated).

B. PURPOSE OF THIS PRIVACY POLICY
This Privacy Policy aims to give you information on how Cyanotech collects and uses your personal information through your use of the Website, including any information you may provide through the Website when you sign up to receive our newsletter(s), or request further information from us.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or using personal information about you so that you are fully aware of how and why we are using your information. This Privacy Policy supplements the other notices and is not intended to override them.

C. CHILDREN
Our Website is not intended for children and we do not knowingly collect information relating to children. If Cyanotech discovers that it has inadvertently collected personal information from anyone younger than the age of 16, it will delete that information. If you are under 16, please do not register on the Website, or send any information about yourself to us, including your name, address, telephone number or e-mail address. If you believe that we might have any information from or about a child under 16, please contact us at [email protected].

D. CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES
This version was last updated on May 23, 2018 and historic versions can be obtained by contacting us.

We reserve the right, at any time and without notice, to add to, change, update or modify this Privacy Policy, simply by posting such change, update or modification on the Website. Any such change, update or modification will be effective immediately upon posting on the Website. If we make material changes to this privacy policy, we will notify you by e-mail or through a notice on our home page.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us. You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information. If you contact us with changes, we will make good faith efforts to make requested changes in our then-active databases as soon as reasonably practicable. Note, however, that information may persist internally for our administrative purposes and that residual data may remain on backup media or for other reasons.

E. THIRD PARTY CONTENT, LINKS TO OTHER WEBSITES, AND CYANOTECH CONTENT FOUND OUTSIDE THE WEBSITE
The Website may include links to third-party websites, plug-ins and applications and certain content on the Website may be hosted and served by third parties that Cyanotech does not control. Clicking on those links or enabling those connections may allow third parties to collect or share personal information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Website, we encourage you to read the privacy policy of every website you visit.

In addition, Cyanotech content may be included on web pages and websites that are not associated with Cyanotech and over which we have no control. These third parties may collect data through the use of their own cookies, web beacons or other technology, independently collect information or solicit personal information, and may have the ability to track your use of their websites and services. Cyanotech is not responsible for the privacy practices or the content of any third party.

 
2. THE INFORMATION WE COLLECT ABOUT YOU
Personal information or personal data means any information about an individual from which that person can be identified. It does not include information where the identity has been removed (anonymous data).

We and our third-party service providers may collect, use, store and transfer different kinds of personal information about you that we have grouped together follows:

  • Contact Information includes name and email address.
  • Technical Information includes internet protocol (IP) address, your login data, browser type and version, time zone setting and geographical location, browser plug-in types and versions, operating system and platform and other technology or other unique identifier (a set of numbers or characters that is assigned to your computer, mobile phone, or other device when you are on the Internet) (“Device Identifier”) for any computer, mobile phone, tablet or other device (any of which are referred to herein as a “Device”) used to access the Website.
  • Usage Data includes information about how you use our website including all of the areas within our Website that you visit or use and the time of day you visited the Website, among other information.
  • Marketing and Communications Information includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Location Information includes information about your location using a variety of technologies, such as GPS, IP address, and connected or nearby Wi-Fi networks.
  • User Content Information includes text (including questions, comments, and suggestions), pictures, audio, videos, or other content (collectively, “User Content”) you share by participating and posting content publicly in reviews, interactive features, or other communication functionality (“Community Features”).

We also collect, use and share Aggregated Information such as statistical or demographic information for any purpose. Aggregated Information may be derived from your personal information but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Information with your personal information so that it can directly or indirectly identify you, we treat the combined information as personal information that will be used in accordance with this Privacy Policy.

We do not collect any Special Categories of Personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.

 
3. HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We use different methods to collect information from and about you including through:

  • Direct interactions. You may give us your Identity, Demographic, Contact, Financial, Profile, or Marketing and Communications Information by filling in forms or by corresponding with us by mail, phone, email, or otherwise. This includes personal information you provide when you:
    • purchase our products or services;
    • create an account on our website;
    • subscribe to publications;
    • request services or other information;
    • enter a competition, promotion or survey; or
    • give us feedback about products, services, or the Website.
  • Automated technologies or interactions. As you navigate through the Website, we may automatically collect Technical, Usage, and Location Information about your equipment, browsing actions and patterns. We collect this personal information by using cookies, web beacons, embedded scripts and other similar technologies. We may also receive Technical Information about you if you visit other websites employing our cookies. Please see information about our cookie policies for further details.
    • Cookies – Cookies are data files sent to and stored on the Device you use to view a website. Cookies can be used for many purposes, including to monitor use of our Website, to customize content specific to your interests, to ensure that you do not see the same advertisement repeatedly, to speed up your searches and purchases and to recognize you when you return to our Website and/or store your user name and password so you do not have to re-enter it each time you visit the Website. You may refuse to accept cookies by activating the appropriate setting on your browser. However, if you choose to disable cookies on your Device, some features of the Website or our content may not function properly.
    • Web Beacons – Web Beacons are small graphic images or other web programming code (also known as “1×1 GIFs” or “clear GIFs”) that may be included on the Website and in our e-mail messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or e-mail can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to the Website, to monitor how users navigate the Website, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed.
    • Embedded Scripts – Embedded scripts are programming code designed to collect information about your interactions with the Website, such as the links you click. The code is temporarily downloaded onto your Device from our web server or a third-party service provider, is active only while you are connected to the Website.
  • Third parties or publicly available sources. We may receive personal information about you from various third parties. For example, if you are on another website and you opt-in to receive information from us, the other website will forward your contact and other information to us so that we may contact you as requested. If your company has provided you with access to the Website, we may receive information about you from your company. We also may supplement the information we collect with outside records from third parties in order to provide you with information, services or goods you have requested, to enhance our ability to serve you, and to tailor our content to you. We may combine the information we receive from those other sources with information we collect through the Website. In those cases, we will apply this Privacy Policy to the combined information. Examples of third party sources include:
    • Technical Information from the following parties:
      • analytics providers;
      • advertising networks; and
      • search information.
    • Contact, Financial and Transaction Information from providers of technical, payment and delivery services.
    • Identity and Contact Information from publicly available sources.

 
4. HOW WE USE YOUR PERSONAL INFORMATION
We may use the information we collect about you, including personal information and Usage Data:

  • to send you information about Cyanotech or our products or services
  • to process your registration with the Website, including verifying your contact information is active and valid;
  • to present our Website and its contents in a suitable and effective manner for you and for your computer;
  • to improve the Website, our products and services and for internal business purposes;
  • to notify you about changes to our service;
  • for compliance fraud prevention and safety, including enforcing our terms of service and this Privacy Policy, protecting our rights privacy, safety, or property and/or that of you or others, and protecting against, investigating or deterring fraudulent, harmful, unauthorized, unethical or illegal activity;
  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • contact you with regard to your use of the Website and, in our discretion, changes to the Website policies or functionality; and
  • for purposes as disclosed at the time you provide your information, with your consent, or as further described in this Privacy Policy.

A. PROMOTIONAL OFFERS FROM US
We may use your Identity, Contact, Technical, Usage and Profile Information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

You will receive marketing communications from us if you have requested information from, purchased goods or services from us, or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have consented receiving that marketing.

B. COOKIES
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use cookies for the following purposes:

  • authentication – we use cookies to identify you when you visit our website and as you navigate our website. These are strictly necessary and will be used without consent;
  • personalization – we use cookies to store information about your preferences and to personalize the website for you;
  • analysis – we use cookies to help us to analyze the use and performance of our website and services. These are strictly necessary and will be used without consent; and
  • cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally.

Third Party Cookies

In addition, some of our service providers may use cookies and those cookies may be stored on your computer when you visit our website. Examples include:

  • Google Analytics: We use Google Analytics to analyze the use of our Website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our Website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/.
  • Google AdSense: To determine your interests, Google will track your behavior on our website and on other websites across the web using cookies. This behavior tracking allows Google to tailor the advertisements that you see on other websites to reflect your interests (but we do not publish interest-based advertisements on our website).] You can view, delete or add interest categories associated with your browser by visiting: https://adssettings.google.com. You can also opt out of the AdSense partner network cookie using those settings or using the Network Advertising Initiative’s multi-cookie opt-out mechanism at: http://optout.networkadvertising.org. However, these opt-out mechanisms themselves use cookies, and if you clear the cookies from your browser your opt-out will not be maintained. To ensure that an opt-out is maintained in respect of a particular browser, you may wish to consider using the Google browser plug-ins available at: https://support.google.com/ads/answer/7395996.
  • Constant Contact: We use Constant Contact to collect names and email addresses and distribute content. This service uses cookies to identify users behind a shared IP address. You can view the privacy policy of this service provider at https://www.constantcontact.com/legal/service-provider/.
  • Cloudflare: We use Cloudflare to distribute content and secure our service. This service uses cookies to identify users behind a shared IP address. You can view the privacy policy of this service provider at https://www.cloudflare.com/cookie-policy/.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Examples of how to disable cookies on various browsers can be found below. If you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly.

Managing cookies

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain information about blocking and deleting cookies for some commonly used browsers via the links below:

Again, please note that blocking all cookies will have a negative impact upon the usability of many websites and if you choose to block cookies, you may not be able to use all the features on our website.

 
5. DISCLOSURES OF YOUR PERSONAL INFORMATION
We may share non-personally identifiable information, such as aggregated user statistics, in our discretion and without restriction.

We may disclose the information we have collected about you, including personal information, as disclosed at the time you provide your information, with your consent, as described in this Privacy Policy, or in the following circumstances:

A. INTERNAL THIRD PARTIES
Cyanotech may disclose information including personal information with its parent, subsidiaries and affiliates (including, without limitation, Cyanotech Corporation) for a variety of purposes, including for business, operational, and marketing purposes. Cyanotech may, and reserves the right to, share your information with any other company that is not presently, but becomes, a Cyanotech parent, subsidiary, or affiliate.

B. EXTERNAL THIRD PARTIES
Third Party Service Providers

We may share personal information with third party service providers in connection with the performance of services to, or on behalf of, Cyanotech and the Website. Examples of these service providers include:

Service Provider Function Link to Service Provider’s Privacy Policy
Google Analytics Website usage analysis https://www.google.com/policies/privacy/
Constant Contact Marketing https://www.constantcontact.com/legal/service-provider
CloudFlare Web DNS and Security https://www.cloudflare.com/security-policy/

These service providers may store or use your information outside of the EU or United States.

Administrative & Legal Reasons

We may transfer and disclose information, including personal information, to third parties:

  • to comply with a valid legal inquiry or process such as a search warrant, subpoena, statute or court order, or if in our opinion such disclosure is required by law;
  • to obtain or maintain insurance coverage, manage risks, obtain professional advice, or establish, exercise or defend legal claims, whether in court proceedings or in an administrative or out-of-court procedure;
  • to protect the safety, interests, rights, property or security of Cyanotech, you, or any third party; this may include exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction;
  • to respond to a breach or attempted breach of the security of our Website;
  • to defend or assert our legal rights pursuant to any of the Website’s Terms of Use, any policies applicable to the Website, or any other agreement you may have with Cyanotech; or
  • at the request of governmental authorities conducting an investigation.

We may also use Technical Information to identify users, and may do so in cooperation with copyright owners, Internet service providers, wireless service providers, or law enforcement agencies in our discretion.

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to use your personal information for specified purposes and in accordance with our instructions.

C. SHARING BETWEEN CYANOTECH COMPANIES; BUSINESS TRANSFERS
Cyanotech may also disclose and transfer your personal information: (i) to a subsequent owner, co-owner or operator of the Website or applicable database, or of our products or services; (ii) if Cyanotech (or any of its affiliated, parent, or subsidiary companies) assigns its rights regarding any of your information to a third party; or (iii) in connection with a corporate merger, consolidation, restructuring, the sale of certain of Cyanotech’s ownership interests, assets, or both, or other company change, including, without limitation, during the course of any due diligence process. These transfers and disclosures may be carried out without notice to you.

 
6. YOUR CHOICES
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

A. ACCESSING, UPDATING, CORRECTING OR DELETING INFORMATION
You may review, update, or correct some of your personal information by logging into the Website and visiting your account profile page and making changes. However, if you want to delete your account or information you cannot change by logging into the website, may also send us an e-mail at [email protected] to request we correct or delete any personal information that you have provided to us. However, we may need to delete your user account in order to delete your personal information.

You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information. If you contact us with changes, we will make good faith efforts to make requested changes in our then-active databases as soon as reasonably practicable. Note, however, that information may persist internally for our administrative purposes and that residual data may remain on backup media or for other reasons.

B. OPTING OUT
We will only send you direct emails or other contacts if you opt-in to receive such emails.  In the future, if you do not wish to have your e-mail address or other contact information used for promotional purposes by Cyanotech, you can opt-out in your user profile by sending us an e-mail stating your request to [email protected]. If we have sent you a promotional e-mail, you may send us a return e-mail asking to be omitted from future e-mail distributions.

 
7. DATA SECURITY
Cyanotech takes commercially reasonable security measures to help protect your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot ensure, warrant, or guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 
8. USERS OUTSIDE OF THE UNITED STATES AND INTERNATIONAL TRANSFERS
The Website is hosted and operated in the United States and Cyanotech and its third-party service providers and partners operate in the United States and other jurisdictions. If you are located outside of the United States, please be aware that any information you provide to us may be transferred to and processed in the United States and other countries. By using the Website, or providing us with any information, you consent to this transfer, processing and storage of your information in countries where the privacy laws may not be as comprehensive as those in the country where you reside or are a citizen.

 
9. CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS
Pursuant to California Civil Code Section 1798.83, residents of the State of California have the right to request from companies conducting business in California certain information regarding Cyanotech’s disclosure within the immediately preceding calendar year of that California resident’s personal information to third parties (and in some cases, affiliates) for their direct marketing purposes.

If you are a California resident and you have questions about our practices with respect to sharing information with third parties and affiliates for their direct marketing purposes, please send your request to the following email address: [email protected] or write to us at the following mailing address: Cyanotech Corporation, 73-4460 Queen Kaahumanu Hwy., Suite #102, Kailua-Kona, Hawaii 96740. You must put the statement “Your California Privacy Rights” in the subject field of your e-mail or include it in your writing if you choose to write to us at the designated mailing address. You must include your name, street address, city, state, and ZIP code. We are not responsible for notices that are not labelled or sent properly, or do not have complete information.

 
10. QUESTIONS
If you have any questions or concerns regarding our privacy policy or practices, please feel free to contact us via email at [email protected]. We can also be contacted by mail at:

Cyanotech Corporation

Attn: Information Privacy Department

73-4460 Queen Kaahumanu Hwy., Suite #102,

Kailua-Kona, Hawaii 96740

or via our telephone number:

1-800-453-1187

 
11. ADDITIONAL INFORMATION FOR RESIDENTS OF THE EUROPEAN UNION

A. PERSONAL INFORMATION
References to “Personal Information” in this Privacy Policy are equivalent to “Personal Data” governed by European data protection legislation.

B. LEGAL BASES FOR PROCESSING PERSONAL DATA
We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform obligations relating to a contract to which you are a party or to take steps at your request before entering into such a contract.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include those related to conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
  • Where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal information other than in relation to sending communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us using the contact information provided above.

We have set out below, in a table format, a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity Type of Information Lawful basis for processing including basis of legitimate interest
To register you as a new customer or user for news releases (a) Identity

(b) Contact

(c) Profile

Performance of a contract with you and/or taking steps, at your request, to enter such a contract
To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or Privacy Policy

(b) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you and/or taking steps, at your request, to enter such a contract

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Location

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

 
C. CONTROLLER
Cyanotech is registered in The United States, and our registered office is at 73-4460 Queen Kaahumanu Hwy, Ste 102, Kailua Kona, HI 96740. This Privacy Policy is issued on behalf of Cyanotech Corporation and its subsidiaries and affiliates so when we mention “Cyanotech”, “we”, “us” or “our” in this Privacy Policy, we are referring to the relevant company responsible for processing your data.

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the details set out below.

D. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, you can ask us to delete your data: see the Request Erasure subsection below for further information.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

E. CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

F. EU RESIDENT PERSONAL DATA RIGHTS

Under certain circumstances, EU Residents may have rights under data protection laws in relation to your personal data as outlined below:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it affects your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact [email protected].

No Fee Usually Required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What We May Need From You

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time Limit To Respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints to Supervisory Authority

EU Residents may have the right to make a complaint at any time to the supervisory authority for data protection issues. However, we would appreciate the chance to deal with your concerns before you approach the supervisory authority so please first contact us directly to allow us to do so.