Effective date: 10/01/2020
Table of Contents
- What Information DCOYA Collects about You
- How DCOYA Collects Information
- How DCOYA Uses Personal Data
- How DCOYA Shares Personal Data
- How DCOYA Secures Personal Data
- Accessing and Correcting Your Personal Data
- How Long DCOYA Retains Personal Data
- Your Choices
- Children Under the Age of 18
- Third-Party Websites
- Sensitive Information
- EU-US Privacy Shield Framework
- Questions, Concerns, or Complaints
- Information for European Users Only
Please note that we participate in and comply with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from European Economic Area (“EEA”) member countries. You can find out more about our commitment to the EU-U.S. Privacy Shield Framework in the Section entitled “EU-US Privacy Shield Framework”.
What Information DCOYA Collects about You
We collect the following types of information from and about users of our Sites:
How DCOYA Collects Information
We collect information in a variety of ways, including:
Information you voluntarily provide to us. We may collect Personal Data when you use or interact with us through the Sites, including when you register on one of the Sites, when you subscribe for a print magazine or an email newsletter, when you download content, when you register for one of our conferences or webinars, when you complete a survey, or when you register to use certain services like white papers. In some cases, we may also collect your credit card information, some of which may constitute Personal Data, to secure certain payments.
We may also collect Personal Data from you offline, such as when you attend one of our events, during phone calls with representatives, when you complete paper forms, or when you contact a DCOYA representative.
Information from other sources. We may also collect or receive Personal Data from third-party sources, such as third-party websites or integrations, our service providers, our business partners, and other third parties.
Please not that when you register for the Sites or otherwise submit Personal Data to us, we may associate other Non-Personal Data (including Non-Personal Data we collect from third parties) with your Personal Data. Upon doing so, we will treat any such combined data as your Personal Data until such time as it can no longer be associated with you or used to identify you.
How DCOYA Uses Personal Data
We use Personal Data:
To fulfill your requests, such as to send you requested materials and newsletters, information and materials regarding our products and services, and to allow you to participate in paid services, message boards, and auctions.
To send administrative information to you, for example, information regarding the Sites and changes to our terms, conditions, and policies.
To allow you to participate in sweepstakes, contests and similar promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your Personal Data, so we suggest that you read these rules carefully.
For internal business purposes, including without limitation, to help us improve the content and functionality of the Sites, to better understand our users, to improve the Sites, to protect against, identify, or address wrongdoing, to enforce our Terms and Conditions, to manage your account and provide you with customer service, and to generally manage the Sites and our business.
Where it is in accordance with your marketing preferences, we may use your Personal Data for marketing purposes, including without limitation, to inform you about our own and third-parties’ services or products that may be of interest to you. If you do not want us to use your Personal Data in this way, please adjust your user preferences on your account page or email us at firstname.lastname@example.org. Please see the Section entitled “Your Choices” for more information.
We may use Personal Data as we believe to be necessary or appropriate: (i) under applicable law, including laws outside your country of residence; (ii) to comply with legal processes; (iii) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (iv) to enforce our Terms and Conditions; (iv) to protect our operations; (v) to protect our, your, and/or others’ rights, privacy, safety or property; and (vi) to allow us to pursue available remedies or limit the damages that we may sustain.
How DCOYA Shares Personal Data
Your instructions. DCOYA will share your Personal Data to fulfill the purpose for which you provide it, subject to applicable law.
Agents, consultants, and service providers. We may share your Personal Data with our contractors and service providers who process Personal Data on behalf of DCOYA to perform certain business-related functions. These companies may include our marketing agencies, database service providers, backup and disaster recovery service providers, email service providers, and others. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions.
Legal requirements. We may disclose your Personal Data if required to do so by law in order to, for example, respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements), or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect or defend our rights, interests or property or that of third parties, (iii) prevent or investigate possible wrongdoing in connection with the Sites, (iv) act in urgent circumstances to protect the personal safety of users of the Sites or the public, or (v) protect against legal liability.
Marketing purposes. Where it is in accordance with your marketing preferences, we may share your Personal Data for marketing purposes, including without limitation, to inform you about our own and third-parties’ services or products that may be of interest to you. You may opt out of us using your Personal Data in this way by adjusting your user preferences on your account page or emailing us at email@example.com. Please see the Section entitled “Your Choices” for more information.
With your consent. We may share your Personal Data with third parties when we have obtained your consent to do so.
How DCOYA Secures Personal Data
We have implemented appropriate organizational, technical, and administrative measures to protect Personal Data within our organization, including security controls to prevent unauthorized access to our systems. While we take reasonable steps to secure your Personal Data from loss, misuse, interference and unauthorized access, modification and disclosure, you should be aware no security procedures or protocols are ever guaranteed to be completely secure from intrusion or hacking, and there is therefore always some risk assumed by sharing Personal Data online. If you have reason to believe that your account has been compromised, please immediately notify us at firstname.lastname@example.org.
Accessing and Correcting Your Personal Data
You can review and change your Personal Data by visiting your account page. You may also send us an email at email@example.com to request access to, correct or delete any Personal Data that you have provided to us. We may not be able to delete your Personal Data except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
How Long DCOYA Retains Personal Data
We may retain your Personal Data as long as you are registered to use the Site(s). You may close your account by contacting us at firstname.lastname@example.org. However, we may retain Personal Data for an additional period as is permitted or required under applicable laws. Even if we delete your Personal Data, it may persist on backup or archival media for an additional period of time for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.
You have several choices available when it comes to your Personal Data.
You can browse the Sites without providing any Personal Data (other than data collected automatically to the extent it is considered Personal Data under applicable laws) or you may decide to simply limit the Personal Data you provide. If you choose not to provide any Personal Data or limit the Personal Data you provide, you may not be able to use certain functionality of the Sites.
Where it is in accordance with your marketing preferences, DCOYA may send you electronic communications marketing or advertising the Sites themselves, products or services on the Sites, and/or third-party products or services that may be of interest to you. You can opt out of receiving these electronic communications by clicking on the “unsubscribe” link at the bottom of any such electronic communication. In addition, you may also manage your preferences at any time by visiting your account page or emailing us at email@example.com.
Certain electronic communications from DCOYA are responsive to your requests. Notwithstanding any unsubscribe election that you have made, you may still receive transactional or responsive emails. You can only stop receiving these types of communications by contacting us at firstname.lastname@example.org.
Your California Privacy Rights
California Civil Code Section § 1798.83 permits users of our Sites that are California residents to request certain information regarding our disclosure of Personal Data to third parties for direct marketing purposes. To make such a request, please send an email to email@example.com.
Do Not Track Disclosures
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, DCOYA does not respond to Do Not Track browser settings or signals. In addition, we deploy cookies on our Sites. Cookies may be used by us to collect information about you and your Internet activity, even if you have turned on the Do Not Track signal.
Children Under the Age of 18
Our Sites are not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Sites. We do not knowingly collect Personal Data from children under 18. If you are under 18, do not use or provide any information on the Sites or on or through any of its features, register on the Sites, make any purchases through the Sites, use any of the interactive or public comment features of the Sites, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at firstname.lastname@example.org.
Similarly, please note that we are not responsible for the collection, use, and disclosure policies and practices (including the data security practices) of other organizations, such as other app developers, app providers, social media platform providers, operating system providers, wireless service providers, or device manufacturers.
Please do not send or disclose to us, on or through the Sites or via other means, any sensitive Personal Data, including information related to racial or ethnic origin, political opinions or affiliations, religious or philosophical beliefs or affiliations, trade union membership, genetic data, biometric data, sex life or sexual orientation, social security numbers, or criminal background.
EU-US Privacy Shield Framework
To provide adequate protection for certain EEA Personal Data received in the United States, we have elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce (“Privacy Shield”). DCOYA adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
For purposes of enforcing compliance with the Privacy Shield, DCOYA is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, please see the US Department of Commerce’s Privacy Shield website located at https://www.privacyshield.gov. To review DCOYA’s representation on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.
EEA Personal Data Transfers to Third Parties
Under certain circumstances, we may be required to disclose your EEA Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
We maintain reasonable and appropriate security measures to protect EEA Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
You may have the right to access the EEA Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EEA Personal Data, you can submit a written request to email@example.com. We may request specific information from you to confirm your identity. In some circumstances, we may charge a reasonable fee for access to your information.
Enforcement; Independent Recourse for Complaints
DCOYA has further committed to cooperate with EU data protection authorities (“DPAs”) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you. As a last resort, EU individuals may seek redress through binding arbitration.
Questions, Concerns, or Complaints
Your privacy is important to us. If you have any questions, concerns, or complaints regarding the way we collect and handle your information, please contact us by email at firstname.lastname@example.org.
DCOYA will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.
Information for European Users Only
In May 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) becomes effective. The GDPR requires DCOYA to provide some users with more information about the processing of their Personal Data, including the following:
Lawful Basis for Processing Personal Data
The GDPR requires us to explain the lawful basis we rely on to process Personal Data. The lawful basis we rely on to process Personal Data for the purposes set out in the Section entitled “How DCOYA Uses Personal Data” will typically be the following:
You provided your consent.
It is necessary for our contractual relationship.
The processing is necessary for us to comply with our legal or regulatory obligations.
The processing is necessary for our legitimate interest as a marketing services company (for example, to monitor and improve our Sites and services, to properly administer our Sites, business and communications with users, to properly manage our customer relationships, to protect the security and integrity of our systems, to send you direct marketing communications (subject to your ability to opt out), to provide you with customer service, etc.).
International Data Transfers
You may contact DCOYA’s representative to the European Union, Verasafe EU, at Zahradníčkova 1220/20A, Prague 15000 Czech Republic, or at +1-617-398-7067.
Data Protection Authority
You may have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA, Switzerland, and certain non-European countries (including the United States and Canada) are available here.
Personal Data Retention
We retain your Personal Data for as long as necessary to provide you with the Sites, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.
If you have an account with us, we will typically retain your Personal Data for a period of 30 days after you have requested that we close your account or if it’s been inactive for two years.
Your principal rights under the GDPR are: (i) the right to be informed, (ii) the right of access, (iii) the right to rectification, (iv) the right to erasure, (v) the right to restrict processing, (vi) the right to data portability, (vii) the right to object, and (viii) rights in relation to automated decision-making and profiling.
You have the right to confirmation as to whether or not we process your Personal Data and, where we do, to access such Personal Data, together with certain additional information, such as the purposes of the processing, the categories of Personal Data concerned, and the recipients of the Personal Data. Providing the rights and freedoms of others are not affected, we will supply you with a copy of your Personal Data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
You also have the right to have any inaccurate Personal Data about you rectified and, taking into account the purposes of the processing, to have any incomplete Personal Data about you completed.
You may also have the right to the erasure of your Personal Data, such as when the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, you withdraw consent to consent-based processing, you object to the processing under certain rules of applicable data protection law, or the processing is for direct marketing purposes. However, there are exclusions to this right, including where processing is necessary for compliance with legal obligations or for the establishment, exercise or defense of legal claims.
You also have the right to object to our processing of your Personal Data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your Personal Data for this purpose.
To the extent that the lawful basis for our processing of your Personal Data is consent, that the processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you may have the right to receive your Personal Data from us in a structured, commonly used and machine-readable format.
To the extent that the lawful basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
How to Exercise Your Rights
Please note that requests to exercise data protection rights will be assessed by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.
If you have a complaint about how we handle your Personal Data, please email us at email@example.com. If you are not satisfied with how we attempt to resolve your complaint, you may contact the relevant DPA.