Last Revised: Dec 18, 2022
1. Information We Collect
A. Personally Identifiable Information
In order to serve our customers, we collect personally identifiable information, like names, addresses, phone numbers, email addresses, and sometimes credit card information when such information is voluntarily submitted by our visitors.
In accordance with the General Data Protection Regulation (GDPR), we will only process personal data where it is required for a lawful purpose. The lawful purposes include (amongst others): whether the individual has given their consent, the processing is necessary for performing a contract with the individual, for compliance with a legal obligation, or for the legitimate interest of the business. When sensitive personal data is being processed, additional conditions must be met.
We will only use your personal information for the following purposes:
- To deliver the products and/or services to you that you have requested;
- To validate your compliance with the terms and conditions;
- For content improvement and feedback purposes;
- To reach you, when necessary, regarding your use of the Website or product(s); and
- For the few situations described below to better serve you.
Partners: In some cases we may provide services or sell product lines jointly with other businesses. For these co-branded offerings in which a third party is involved in your transactions, we will sometimes share or jointly collect customer information related to those transactions with that third party. On the co-branded registration pages we will state who is collecting or receiving the information and whose privacy statement governs its use so that you will know at the time you create your account exactly how your information will be used.
If you are registered with Company through a partnership and you request to opt out of receiving promotional updates, in order to comply with the provisions in the CAN-SPAM Act, we will also provide your email address to that partner so that they may also discontinue sending you messages on behalf of Company.
Affiliated Entities: We may sometimes share or jointly collect information with our parent entity and the wholly owned subsidiaries and affiliated divisions of our parent company entity. Sharing this information helps us make your customer experience more seamless and efficient by allowing us to improve our marketing efforts to better target customer needs, streamline our processes and consolidate our backend business systems.
In the event we are ever sold or acquired by a third party, we would also transfer your information as part of the business being sold to that third party.
Email Usage: By submitting your email address on this Website, you agree to receive email from us. You can cancel your participation in any of these email lists at any time by clicking the opt-out link or other unsubscribe option that is included in the respective email.
We only send emails to people who have authorized us to contact them, either directly, or through a third party. We do not send unsolicited commercial emails, because we hate spam as much as you do.
By submitting your email address, you also agree to allow us to use your email address for custom audience targeting on sites like Facebook, where we display custom advertising to specific people who have opted-in to receive communications from us.
Telephone: In addition, you agree that by submitting your telephone contact information on this Website and/or registering to receive the product and/or service offered herein, such act constitutes a purchase, an inquiry, and/or an application for the purposes of the Amended Telemarketing Sales Rule (ATSR), 16 CFR ‘310 et seq. and any applicable state and local “do not call” regulations. We retain the right to contact you via telemarketing in accordance with the ATSR and the applicable state regulations.
Updating Your Personal Information: If you wish to change or review your personal information, go to your My Profile page. There you can access or update the personal information and account history we have on file.
Please contact us [email protected] using the contact info in the Contacting Us section if you need assistance in updating or reviewing your information. We will respond to your request to review the information we have on file for you within 30 days.
B. Non-Personally Identifiable Information
We also may collect various types of non-personally identifiable information to help us make your experience more enjoyable, measure site activity to identify future improvements that should be made, and compile aggregate data to help serve site visitors better.
For example, we may use session and persistent “cookies,” session logs, web beacons, GIF/pixel tags, banner ads, third-party click tracking analytics tools (such as Google Analytics), third party retargeting networks that may display our advertisements to you on other sites that you visit to remind you about us, and third party networks that serve user-requested emails (e.g., for a refer-a-friend email) to collect non-personally identifiable or other aggregated information about site visitors.
To maintain our quality of service and to assist in the analysis of product performance, we may gather data on connection information, including the timing and size of all packets sent over the Internet during a session. The gathered information is used only to ensure the highest quality experience possible when using our products.
We continuously improve our websites and our products and we utilize different third party web analytics tools to help us do so. We are interested in how visitors use our websites, our desktop tools, our mobile applications, what they like and dislike, and where they have problems. Our products, desktop tools and mobile applications use analytical tools to understand feature usage patterns, to enhance and improve your product experience and offer you specific usage tips and guidance. In connection with normal business operations, as well as to increase functionality and enhance your user experience, this usage information may be linked to personal information that we have about individual users. We maintain ownership of this data and we do not share this type of data about individual users with third parties.
We may also conduct surveys and ask users to volunteer demographic information to be used on an aggregate basis for internal market research, presentation to advertisers and joint research projects with outside companies involved in product development. We use such information to better focus our product and personalize the scope of services offered to each individual user.
Emails or newsletters that we send electronically may use techniques such as web beacons or pixel tags to gather email metrics and information to improve the reader’s experience, such as the number of emails that are opened, whether they were forwarded or printed, the type of device from which they were opened, and the location (e.g. city, state, and county) associated with the applicable IP address.
Our Site includes Social Media Features (often called an “Open ID”), such as the Facebook and Twitter buttons. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. These services will also authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign up form. These Services may give you the option to post information about your activities on our websites to your profile page to share with others within your network.
Please note that you do have the option to configure most web browsers to NOT accept cookies. However, be aware that disabling cookies may keep you from having access to some functions or services on our Website or the web-hosted software that runs on our Website.
2. Third Party Actions
We do not control and are not liable for the actions of any third parties who we may promote and/or link to from this Website.
We pride ourselves in recommending quality companies, but have no control over the actions of those third parties, the content they provide, or their privacy practices.
While we are not liable for any of the actions of those third parties, you should feel free to give us feedback from time to time on your experiences with any third parties to whom we work with so that we may enhance our future service to all customers.
3. Children’s Privacy
We do not knowingly intend to collect personally identifiable information from children under 18 years of age.
If your minor child has provided us with personally identifiable information, you may contact us at the phone number or mailing address listed in the section entitled “Contacting Us” if you want this information deleted from our records. We will then make reasonable efforts to remove your child’s information from the database that stores the information.
4. IP Addresses
We may use your IP address to help prevent fraud, to help diagnose problems with our server, to gather broad demographic information, and to offer you products and services.
5. Commitment to Data Security
All information collected from you is stored in a technically and physically secure environment. Furthermore, employees, contractors, and vendors who have access to your personally identifiable information in connection with providing services for us are required to keep the information confidential.
We use SSL encryption to protect sensitive information online, and we do everything we can to protect user information offline. Unfortunately, no transmission over the Internet can be guaranteed to be 100% secure. As a result, while we take reasonable measures to protect your information, we cannot ensure or warrant the security of the information that you transmit to us, and you do so at your own risk.
6. Contacting Us
If you need to contact us, you can email us at [email protected].
8. Note To California Residents
If you live in the State of California, under the California Civil Code, you have the right to request that companies who conduct business in California provide you with a list of all third parties to which the company has disclosed Personal Information during the preceding year for direct marketing purposes.
If you are a California resident and want to request information about how to exercise your third party disclosure choices, you must send a request to the following address with a preference on how our response to your request should be sent (email or postal mail). Please send an email to the Privacy Administrator at [email protected].
All requests sent via email must be labeled “Your California Privacy Rights” on the email subject line clearly stated on the actual request. For all requests, please include your name, street address, city, state, and zip code. Please include your zip code for our own recordkeeping.
We do not accept requests via the telephone, mail, or by facsimile. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.
9. Changes to this Policy
We may modify this Privacy Statement at any time, but we will provide prominent advance notice of any material changes to this Statement, such as posting a notice through the Services, on our websites, or sending you an email, to provide you the opportunity to review the changes and choose whether to continue using the Services.
Data Protection Addendum
Addendum last updated: Jan 26, 2021
EU General Data Protection Regulation (GDPR) Protection Law
The GDPR (General Data Protection Regulation) protection law describes how organizations who conduct business with individuals or entities located in EU (European Union) nations — including Consulting.com — must collect, handle, and store personal information.
These rules apply regardless of whether data is stored electronically, on paper, or in any other manner.
To comply with the law, personal information must be collected and used fairly, stored safely, and not disclosed unlawfully.
The EU GDPR is underpinned by eight core principles. These state that personal data must:
- Be processed fairly and lawfully
- Be obtained only for specific, lawful purposes
- Be adequate, relevant, and not excessive
- Be accurate and kept up to date
- Not be held for any longer than necessary
- Processed in accordance with the rights of data subjects
- Be protected in appropriate ways
- Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection
This Data Protection Addendum, henceforth referred to as the “Addendum”, is entered into by and between SAXOPA KFT.. , henceforth referred to as “Saxopa.com”, and the customer agreeing to this Addendum, henceforth referred to as the “Customer”.
This Addendum will be effective from the Addendum Effective Date (as defined below) and replace any previously applicable data protection addendum.
If you are accepting this Addendum on behalf of Customer/Affiliate, you represent and warrant that:
• You have read and understood this Addendum
• You have full legal authority to bind yourself, or the applicable entity, to these Terms
• You agree, on behalf of the party you represent, to this Addendum.
If you do not have the legal authority to bind Customer, please do not “Sign/Accept/Opt IN”.
Terms Defined by the General Data Protection Regulation (GDPR):
A. “Addendum Effective Date” is defined as the date on which Customer clicked to accept or opt-in to this Addendum.
B. “Adequate Country” is defined as a country which is deemed adequate by the European Commission under Article 25(6) of Directive 95/46/EC or Article 45 of GDPR.
C. “Data Subject” is defined as the identified or identifiable person who is the subject of Personal Data.
D. “Personal Data” is defined as any information included in the Customer Data relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity.
E. “Processing” is defined by the applicable EU Data Protection Law and “process”, “processes” and “processed” will be interpreted accordingly.
F. “Data Controller” is defined as the party that determines the purposes and means of the Processing of Personal Data.
G. “Data Processor” is defined as the party that Processes Personal Data on behalf of, or under the instruction of, the Data Controller.
H. “Data Transfer Mechanism” is defined as an alternative data export solution for the lawful transfer of Customer Data (as recognized under EU Data Protection Law) outside the EEA.
I. “Data Protection Laws” are defined with respect to a party, all privacy, data protection, information security-related, and other laws and regulations applicable to such party, including, where applicable, EU Data Protection Law.
J. “Data Protection Authority” is defined as the competent body in the jurisdiction charged with enforcement of applicable Data Protection Law.
K. “EEA” means the European Economic Area, United Kingdom, and Switzerland.
L. “EU Data Protection Law” means
• Prior to 25th May 2018, European Union Directive 95/46/EC; and
• On and after 25th May 2018, European Union Regulation 2016/679 (“GDPR”)
M. References to “written instructions” and related terms mean Data Controller’s instructions for Processing of Customer Data, which consist of
• The terms of the Agreement and this Addendum,
• Processing enabled by Data Controller through the Service, and
• Other reasonable written instructions of Data Controller consistent with the terms of the Agreement.
N. “Model Contracts” are defined as the Standard Contractual Clauses for Processors as approved by the European Commission under Decision 2010/87/EU in the form made accessible in the Saxopa.com Workspace.
O. “Security Incident” is defined as any unauthorized or unlawful confirmed breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data in Data Processor’s control.
P. “Subprocessor” is defined as any Third Party engaged by Data Processor or its affiliates to process any Customer Data pursuant to the Agreement or this Addendum.
Q. “Third Party” shall mean any natural or legal person, public authority, agency, or any other body other than the Data Subject, Data Controller, Data Processor, Subprocessors, or other persons who, under the direct authority of the Data Controller or Data Processor, are authorized to Process the data.
R. Other capitalized terms not defined herein have the meanings given in the Agreement.
Terms Defined by Saxopa.com with Respect to GDPR:
A. “Data Subjects” are defined to include the individuals about whom data is provided to Saxopa.com via the Services by (or at the direction of) the Customer.
B. “Details of Processing Subject Matter” is defined as the subject matter of the data processing under this Addendum is the Customer Data.
C. “Duration of the Processing” is defined as the duration of the data processing under this Addendum is until the termination of the Agreement plus the period from the expiry of the Agreement until deletion of all Customer Data by Saxopa.com in accordance with the terms of the Addendum.
D. “Nature and Purpose of the Processing” is defined as the purpose of the Processing under this Addendum is the provision of the Service to Customer and the performance of Saxopa.com’s obligations under the Agreement (including this Addendum) or as otherwise agreed by the parties.
E. “Categories of Data” is defined as data relating to individuals provided to Saxopa.com when Customers sign up, login, use the product, interact with the website, and interact with the ads.
F. “Security Measures” are defined as the measures that Saxopa.com agrees to use. They are commercially reasonable technical and organizational measures designed to prevent unauthorized access, use, alteration, or disclosure of the Service or Customer Data.
A. This Addendum forms part of the Agreement and except as expressly set forth in this Addendum, the Agreement remains unchanged and in full force and effect. If there is any conflict between this Addendum and the Agreement, this Addendum shall prevail to the extent of that conflict in connection with the Processing of Customer’s Personal Data.
B. All activities under this Addendum (including without limitation Processing of Customer Data) remain subject to the applicable limitations of liability set forth in the Agreement.
C. This Addendum will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.
D. This Addendum and Model Contracts will automatically terminate upon expiration or termination of the Agreement.
4. Scope and Applicability of this Addendum:
A. This regulation applies to the processing of the personal data in the context of the activities of the establishment of a Controller or a Processor in the EU.
B. This Addendum applies where and to the extent that Saxopa.com processes Customer Data that originates from the EEA or that is otherwise subject to EU Data Protection Law on behalf of Customer in the course of providing the Service pursuant to the Agreement.
C. This Addendum applies where and to the extent that Saxopa.com processes Customer Data that originates from the EEA or that is otherwise subject to EU Data Protection Law on behalf of Customer in the course of providing the Service pursuant to the Agreement.
5. Role and Scope of the Processing:
A. Customer will act as the Data Controller and Saxopa.com will act as the Data Processor under this Addendum. Both Customer and Saxopa.com shall be subject to applicable Data Protection Laws in the carrying out of their responsibilities as set forth in this Addendum.
B. Customer retains all ownership rights in the Customer Data, as set forth in the Agreement. Except as expressly authorized by Customer in writing or as instructed by Customer, Saxopa.com shall have no right directly or indirectly to sell, rent, lease, combine, display, perform, modify, transfer, or disclose the Customer Data or any derivative work thereof. Saxopa.com shall act only in accordance with Customer’s instructions regarding the Processing of the Customer Data except to the extent prohibited by applicable Data Protection Laws.
C. Additional instructions not consistent with the scope of the Agreement require prior written agreement of the parties, including agreement on any additional fees payable by Customer.
D. Notwithstanding the above, Customer acknowledges that Saxopa.com shall have a right to use Aggregated Anonymous Data as detailed in the Agreement Section 4.4.
E. Saxopa.com shall not disclose the Customer Data to any Third Party in any circumstances other than in compliance with Customer’s instructions or in compliance with a legal obligation to disclose. Saxopa.com shall inform Customer in writing prior to making any such legally required disclosure, to the extent permitted by Data Protection Laws.
F. For clarity, nothing in this Addendum limits Saxopa.com from transmitting Customer Data (including without limitation Personal Data) as instructed by Customer through the Service.
A. Saxopa.com’s obligations under this Addendum shall apply to Saxopa.com’s employees, agents and Subprocessors who may have access to the Personal Data.
B. Customer agrees that Saxopa.com is authorized to use Subprocessors (including without limitation cloud infrastructure providers) to Process the Personal Data, provided that Saxopa.com:
• Enters into a written agreement with any Subprocessor, imposing data protection obligations substantially similar to this Addendum; and
• Remains liable for compliance with the obligations of this Addendum and for any acts or omissions of the Subprocessor that cause Saxopa.com to breach any of its obligations under this Addendum.
C. Information about Subprocessors, including their functions and locations, is available on request and may be updated by Saxopa.com from time to time in accordance with this Addendum.
A. Saxopa.com shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data, in accordance with Saxopa.com’s security standards.
B. Customer is responsible for reviewing the information made available by Saxopa.com relating to data security and making an independent determination as to whether the Service meets the Customer’s requirements and legal obligations under Data Protection Laws. Customer acknowledges that the Security Measures are subject to technical progress and that Saxopa.com may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Service purchased by Customer.
C. Saxopa.com shall ensure that any person who is authorized by Customer to process Personal Data (including its staff, agents and Subprocessors) shall be under an appropriate contractual or statutory obligation of confidentiality.
8. Onward Transfer:
A. Saxopa.com may, subject to complying with this Section 8, store and process Customer Data anywhere in the world where Saxopa.com, its affiliates or Subprocessors maintain data processing operations.
B. To the extent that Saxopa.com processes any Personal Data protected by GDPR and/or originating from the EEA in the United States or another country outside the EEA that is not designated as an Adequate Country, then the parties shall sign the Model Contracts.
C. The parties agree that Saxopa.com is the “data importer” and Customer is the “data exporter” under the Model Contracts (notwithstanding that Customer may be an entity located outside of the EEA).
D. The parties agree that the data export solution identified in Section 8.B shall not apply if and to the extent that Saxopa.com adopts an Alternative Transfer Mechanism. In which event, the Alternative Transfer Mechanism shall apply instead (but only to the extent such Alternative Transfer Mechanism extends to the territories to which Personal Data is transferred).
9. Regulatory Compliance:
A. At Customer’s request and expense, Saxopa.com shall reasonably assist Customer as necessary to meet its obligations to regulatory authorities, including Data Protection Authorities.
B. Saxopa.com shall (at Customer’s expense) reasonably assist Customer to respond to requests from individuals in relation to their rights of data access, rectification, erasure, restriction, portability and objection. In the event that any such request is made directly to Saxopa.com, Saxopa.com shall not respond to such communication directly without Customer’s prior authorization unless required by Data Protection Laws.
10. Reviews of Data Processing:
A. At Customer’s request, Saxopa.com shall provide Customer with written responses to all reasonable requests for information made by Customer relevant to the Processing of Personal Data under this Addendum, including responses to security and audit questionnaires, in each case solely to the extent necessary to confirm Saxopa.com’s compliance with this Addendum.
B. Saxopa.com will provide such information within thirty (30) days of Customer’s written request, unless shorter notice is required by Customer’s regulatory authorities.
C. Except as expressly required by Data Protection Laws, any review under this Section 10 will:
• Be conducted no more often than once per year during Saxopa.com’s normal business hours, in a manner so as not to interfere with standard business operations;
• Be subject to Saxopa.com’s reasonable confidentiality and security constraints;
• Be conducted at Customer’s expense; and
• Not extend to any information, systems or facilities of Saxopa.com’s other customers or its Third Party infrastructure providers.
D. Any information provided by Saxopa.com under this Section 10 constitutes Saxopa.com’s Confidential Information under the Agreement.
11. Return or deletion of data:
A. Saxopa.com shall, within ninety (90) days after request by Customer at the termination or expiration of the Agreement, delete or return, at Customer’s choice, all of the Personal Data from Saxopa.com’s systems. Within a reasonable period following deletion, at Customer’s request, Saxopa.com will provide written confirmation that Saxopa.com’s obligations of data deletion or destruction have been fulfilled.
B. Notwithstanding the foregoing, the Customer understands that Saxopa.com may retain Customer Data as required by Data Protection Laws, which data will remain subject to the requirements of this Addendum.
12. Additional Security:
A. Upon becoming aware of a confirmed Security Incident, Saxopa.com shall notify the Customer without undue delay, in accordance with the Security Measures. Notwithstanding the foregoing, Saxopa.com is not required to make such notice to the extent prohibited by Data Protection Laws, and Saxopa.com may delay such notice as requested by law enforcement and/or in light of Saxopa.com’s legitimate needs to investigate or remediate the matter before providing notice.
B. Each notice of a Security Incident will include:
• The extent to which Personal Data has been, or is reasonably believed to have been, used, accessed, acquired, or disclosed during the Security Incident;
• A description of what happened, including the date of the Security Incident and the date of discovery of the Security Incident, if known;
• The scope of the Security Incident, to the extent known; and
• A description of Saxopa.com’s response to the Security Incident, including steps Saxopa.com has taken to mitigate the harm caused by the Security Incident.
C. Saxopa.com shall take reasonable measures to mitigate the harmful effects of the Security Incident and prevent further unauthorized access or disclosure.
13. Changes to Subprocessors:
When any new Subprocessor is engaged, Saxopa.com will, at least a week before the new Subprocessor processes any Customer Data, inform Customer of the engagement by sending an email or via the in-app notification.
14. Further cooperation:
A. Where and when required by Data Protection Laws, Saxopa.com will provide the relevant Data Protection Authorities with information related to Saxopa.com’s Processing of Personal Data. Saxopa.com further agrees that it will maintain such required registrations and where necessary renew them during the term of this Addendum. Any changes to Saxopa.com’s status in this respect shall be notified to Customer immediately either via email or in-app notifications.
B. To the extent Saxopa.com is required under Data Protection Laws, Saxopa.com shall (at Customer’s expense) provide reasonably requested information regarding the Service or prior consultations with Data Protection Authorities to enable Customer to carry out data protection impact assessments.