Graphika, Inc. (phone: [646-653-9769], email: email@example.com, hereinafter as “Graphika”, “we”, “us”, or “our”) is the controller of your Personal Information in the meaning of Art. 4 no. 7 of the EU General Data Protection Regulation (“GDPR”).
Information We Collect Directly from You
We may collect Personal Information directly from You. If You create an account with us, we collect Your name, email address, username, password, and/or Twitter or other social media handle. We will also collect any other Personal Information that You provide to us through your use of our Site or our Services, such as Your name, title and email address if You sign up for our marketing materials (newsletter) or updates or you fill out our contact form at our Site. Information We Collect from Third Parties
We may collect publicly available Personal Information of our Users from third parties. For example, if You are a User and provide us with Your Twitter handle, we may collect certain Personal Information about You from Twitter. Please note that Graphika is not responsible for the privacy practices of third parties from which it receives information about You. Please see our Third-Party Sites section below for more information.
Information We Collect Automatically
We automatically collect information about You through Your use of our Site or App: IP address, browser type, domain name, the website that led You to our Site/App, the website to which You go after leaving our Site/App, the dates and times You access our Site/App, device ID, and activities within our Site/App (e.g., links You click, searches You run, etc.). Further, we may collect your Personal information with the help of cookies and other tracking mechanisms– in this respect please see our Cookies and Other Tracking Mechanisms section below for more information.
HOW WE USE INFORMATION
We use Your Personal Information for the following purposes:
- Operating our Site and App. To provide, maintain, secure and improve our Site/App. In such case the collection and processing of your Personal Information is based on Art. 6 para. 1 (f) GDPR (necessary for the purpose of the legitimate interests of the data controller). Our legitimate interest is to provide the Site/App at an appropriate technical level and to continuously maintain and improve them.
- Providing Our Services. To provide and maintain our Services, and for other customer service and support purposes. In such case the collection and processing of your Personal Information is based on Art. 6 para. 1 (b) GDPR (necessary for the performance of a contract with you).
- Improving Our Services. To improve our Services; to develop new features or services; to perform technical operations, such as updating software. In such case the collection and processing of your Personal Information is based on Art. 6 para. 1 (f) GDPR (necessary for the purpose of the legitimate interests of the data controller). Our legitimate interest is to continuously improve our Services.
- Research and Analytics. To analyze how You interact with our Site or App; to monitor and analyze usage and activity trends; and for other research, analytical, and statistical purposes. In such case the collection and processing of your Personal Information is based on Art. 6 para. 1 (f) GDPR (necessary for the purpose of the legitimate interests of the data controller). Our legitimate interest is to continuously improve our Services.
- Communications. To communicate with You, in particular to send You updates or respond to Your inquiries in case you fill out our contact form at the Site. In such case the processing of your personal data is based on Art. 6 para. 1 (f) GDPR (necessary for the purpose of the legitimate interests of the data controller or a third party). Our legitimate interest is to (a) respond to inquiries of our Users and to communicate with them, (b) inform our Users in an efficient way about our Services.
- Marketing. To provide You with news and newsletters, special offers, promotions, and other information we think may interest You, and for other informational, marketing, or promotional purposes, subject to your prior consent. In such case the processing of your personal data is based on Art. 6 para. 1 (a) (your consent). Please note that You have the right to object at any time against the processing of Your Personal Information for direct marketing purposes – in this case Your Personal Information will no longer be processed for such purpose. Our communications with You may include communications via email. Please see our section regarding Your Choices for more information about how to change Your communications preferences.
- Recruitment. If you visit the career page of our Site and submit an application via our Site, we process your Personal
Information provided by you in the course of your application to manage the application procedure. In such case the
processing of your Personal Information is based on Art. 6 (1) b) GDPR (processing is necessary in order to take steps
at the request of the data subject prior to entering into a contract). If we conclude a contract with you, the submitted
data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If
no contract is concluded, the application data and documents will be automatically erased six months after notification
of the refusal decision at the latest, provided that no other legitimate interests of the controller are opposed to the
.In each case we comply with the principles of data processing as set out in the GDPR, in particular with the principles of purpose limitation and data minimization.
HOW WE DISCLOSE INFORMATION
We disclose Your Personal Information as consented by You before disclosure, or as follows:
- Users. To other Users for purposes of providing our Services. For example, Your organization may have an administrator account, and the administrator may be able to see information about the various accounts under it. You may also be able to elect to share information with other Users to, for example, enable collaboration. In such case the collection and processing of your Personal Information is based on Art. 6 para. 1 (b) GDPR (necessary for the performance of a contract with you).
- Service Providers. To our vendors, service providers, agents, or others who perform functions on our behalf as data processors. We use third parties to send emails on our behalf, for hosting internet services, for log processing and analysis, analyzing the use of our Site/App and for security monitoring. We may share your Personal Information with these third parties only for the purposes of performing these functions and providing such services and subject to the required data processing contracts. We ensure that in connection with the engagement of our service providers we comply with the provisions of Art. 28 GDPR. We engage only service providers who provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing ensures the protection of Your rights. We primarily engage service providers located within the European Economic Area. Should we engage service providers in third countries (i.e. located outside of the European Economic Area), we make sure that Art. 44-49 GDPR are complied with. We currently engage service providers in the U.S. (such as Google and Intercom).
- Business Transfers. To another entity in connection with, including during negotiations of, an acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer. In such case the transfer of the Personal Information is based on Art. 6 (1) lit. f) GDPR (necessary for the purpose of the legitimate interests of the data controller or a third party). The legitimate interest is to enable corporate transactions.
- Legal Compliance. To authorities or courts in order to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; in response to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request from law enforcement or a government official. In such case the disclosure of your personal data is based on Art. 6 (1) lit. c) GDPR (necessary for compliance with a legal obligation).
- Aggregate and De-Identified Information. To business partners, marketing or advertising agencies we may disclose aggregate, anonymous, or de-identified information for marketing, advertising, research, compliance, or other purposes. Such disclosure does not affect Personal Information.
- Cookies Cookies are alphanumeric identifiers that we transfer to a computer’s hard drive through a web browser for record-keeping purposes. Some cookies allow us to make it easier for You to navigate our Site, while others are used to enable a faster log-in process or to allow us to track Your activities while using our Site/App. Most web browsers automatically accept cookies, but if You prefer, You can edit Your browser options to block them in the future. The Help portion of the toolbar on most browsers provides information about how to prevent a computer from accepting new cookies, how to have the browser notify upon receiving a new cookie, or how to disable cookies altogether. If You disable cookies, You may be able to browse certain areas of the Site/App, but some features may not function (e.g., You may not be able to stay logged into Your account).
- Clear GIFs, pixel tags, and other technologies Clear GIFs are tiny graphics with a unique identifier, similar in
function to cookies. In contrast to cookies, which are stored on a computer’s hard drive, clear GIFs are embedded
invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection
with our Services to, among other things, track Your activities, help us manage content, and compile statistics about
usage of our Services. We and our service providers also use clear GIFs in HTML emails to You, to help us track email
response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Third-Party Services We may use third-party analytics companies, such as Google Analytics, to evaluate use of our Site,
App and Services. We or our service providers use these tools to help us understand use of, and to improve, our Site,
such as web beacons or local storage objects (“LSOs”), to perform their services.
- Google Analytics This website uses Google Analytics, a web analytics service provided by Google, Inc. (1600 Amphitheatre
Parkway Mountain View, CA 94043, USA; “Google”). The use includes the “Universal Analytics” operating mode. This
facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus
the analysis of a user's activities across devices.
Google Analytics uses “cookies”, which are text files placed on your computer, to help analyze how users use the Site/App. The information generated by the cookie about your use of the website/App (including your IP address) is usually transmitted to and stored by Google on servers in the United States, a country that does not offer an equivalent level of protection of privacy to that applicable in the European Union. However, IP anonymisation is activated on the Site/App, i.e. the Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking), thus Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand, so that a direct connection to the individual user is eliminated. Google will truncate/anonymize the last octet of the IP address within Member States of the European Union or in other states parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. Google obliged itself to process all personal data received from the EU in accordance with the EU-US Privacy Shield Framework (Art. 45 (3) GDPR).
On behalf of Graphika, Google will use this information for the purpose of evaluating your use of the Site/App, compiling reports on website or App activity and providing other services relating to Site/App activity and usage. Google will not associate your IP address with any other data held by Google.
Sessions and campaigns are terminated after a certain period of time. By default, sessions are closed after 30 minutes without activity and campaigns after six months. The time limit for campaigns may not exceed two years. To learn more about Google’s privacy practices, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.
- Do Not Track Disclosure Our Site may not respond to Do Not Track signals. You can learn more about Do Not Track signals at http://www.allaboutdnt.com/. You may, however, disable certain tracking as discussed in the Cookies and Other Tracking Mechanisms section above (e.g., by disabling cookies).
- Interest-Based Advertising We use third parties such as network advertisers to display advertisements on our Site/App,
to assist us in displaying advertisements on third-party services, and to evaluate the success of our advertising
campaigns. You may opt out of many third-party ad networks, including those goperated by members of the Network
Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding this
practice by NAI members and DAA members, and Your choices regarding having this information used by these companies,
including how to opt out of third-party ad networks operated by NAI and DAA members, please visit their respective
websites: www.networkadvertising.org/optout_nonppii.asp (NAI) and www.aboutads.info/choices (DAA).
Opting out of one or more NAI member or DAA member networks only means that those members no longer will deliver targeted content or ads to You. It does not mean You will no longer receive any targeted content or ads on our Site/App. You may continue to receive advertisements, for example, based on the particular website that You are viewing (i.e., contextual advertising) or from entities that are not members of the NAI or DAA. Also, if Your browsers are configured to reject cookies when You visit an opt-out page, or You subsequently erase Your cookies, use a different computer or change web browsers, Your NAI or DAA opt out may no longer be effective.
- Google Analytics This website uses Google Analytics, a web analytics service provided by Google, Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The use includes the “Universal Analytics” operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user's activities across devices.
- Right to information. Upon request, we will inform you in writing as to whether and, if so, what Personal Information we have stored about you. You may view your Personal Information at any time free of charge and request their rectification, erasure or the restriction of processing. You also have the right to receive the Personal Information we retain about you in a structured, commonly used and machine-readable format. Upon your request, we will transfer your Personal Information to another data controller. In order to exercise any of the rights mentioned in this section or should you have any questions regarding the processing of your Personal Information, please contact us at firstname.lastname@example.org. You may also contact us at email@example.com and we will be happy to provide any information you may require or deal with any suggestions or complaints you may have. You also have the right to lodge a complaint with the competent data protection authority.
- Opting out of processing. Where processing is based on your consent, you have a right to withdraw consent at any time, without affecting the lawfulness of the processing before withdrawal.
- Opting out of Email Communications. Subject to your opt-in, we may send periodic promotional or informational emails to You. You may opt out of such communications by following the opt-out instructions contained in the email or contacting us at firstname.lastname@example.org. Please note that it may take up to 10 business days for us to process opt-out requests. If You opt out of receiving marketing emails from us, we may still send You non-promotional emails (e.g., about Your account with us).
- Children. Our Site/App are not targeted to children under thirteen years of age, and we do not knowingly collect personal information from children under thirteen. If we discover that a child under thirteen has provided us with personal information, we will promptly delete such personal information from our systems. Contact Us. If You have questions about the privacy aspects of our Site/App or for further information about our data privacy policies and practices, please contact us at email@example.com.
COOKIES AND OTHER TRACKING MECHANISMS
Visitors and Users of our Site/App receive notification of the types of cookies and other tracking technologies used when accessing our Site/App for the first time. They are asked whether they consent to our use of the cookies/tracking technologies.
We have implemented a number of measures to help protect the Personal Information we collect in line with Art. 32 GDPR. These measures include limiting access to Personal Information to employees with a need to access it and encrypting Personal Information provided through our Site using Secure Socket Layer (SSL) technology. Please note, however, that while we endeavor to keep our security measures up-to-date, no data security measures can guarantee complete security. In addition, there are steps that You can take to help protect Personal Information, including choosing a robust password for your device and/or account that nobody else knows or can easily guess and keeping Your log-in and password private. If an unauthorized third party compromises our security measures, Graphika is not responsible for any direct or indirect damages caused by such unauthorized party’s access, acquisition, or distribution of Your personal information. If You believe that Your Personal Information has been compromised, we encourage You to notify us immediately. You can also learn more about steps you can take to protect your Personal Information at https://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-secure.
Please note that we retain Personal Information about You - in accordance with our record retention policies -- as long as necessary for the achievement of the purposes of the processing as mentioned above (e.g. to enforce any Agreements or to ensure the security of our Site and App). Your Personal Information will be erased or anonymized as soon as such data are not anymore necessary for the purpose of their collection. In particular this means that we erase Visitors’ automatically collected data within 7 days if no suspicious event (e.g. security incident) occurs, and we erase User data without delay if your User account is deleted; unless (i) legal retention obligations do not permit the erasure (e.g. under German law we are obliged to retain letters and emails for six years; documents relevant for tax purposes for ten years) – in such case your personal data will be stored for the statutory retention period; (ii) another legal basis applies and permits the retention or processing in line with art. 6 (1) GDPR, in particular if Graphika has a legitimate interest in storing the data (e.g. for the purpose of using such data in a potential lawsuit). In any case, your Personal Information will be erased or anonymized without delay if the processing is based on your consent and you withdraw your consent to the processing of your personal data.