GDC WEBSITE PRIVACY STATEMENT
(Effective September 15, 2021)
Global Data Consortium, Inc., and its subsidiaries Global Data Consortium Singapore Pte. Ltd. and Global Data Consortium Australia Pty Ltd) (collectively “GDC” or “Company” or “we”, “us”, and/or “our”) are committed to protecting the privacy of individuals who visit our website and that use our services.
This Privacy Statement describes GDC’s privacy practices in relation to the GDC website found at www.globaldataconsortium.com (the “Website) and the personal information that may be gathered in connection with this Website. This Privacy Statement is not intended to govern the various identify verification services that GDC provides to its customers, which are subject to the data protection terms that are part of GDC’s customer contracts. Your use of the Website constitutes your acceptance of this Privacy Statement. If there are any inconsistencies between the English language version of this Privacy Statement and any translated version, the English language version shall prevail.
What is personal data or Personal Information?
In this Privacy Statement, “personal data” means information that can directly identify you – such as your name – as well as any information that in combination with other information can be used to identify you. Aggregated data is considered non‑personal data for the purposes of this Privacy Statement.
What personal data do we collect when you use the Website?
- In some areas of the Website (such as, for example, when you provide information for us to contact you, or when you sign up to engage in a Proof of Concept to test the GDC services, or when you sign up to receive additional information about a particular subject or product, or when you sign up to receive our newsletter), GDC may collect your personal data, including your name, address, e-mail address, telephone number.
- If you are a current customer of GDC, you may also use the Website to submit a support ticket. In connection with these support service, GDC may collect personal data such your name, email address, a username and password.
- As is true of most websites, the GDC Website gathers certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the Website.
How We Use Personal Data
We use personal data for certain legitimate business interests, notably in order to:
- Respond to your inquiries and fulfill your requests, such as to send you materials or newsletters that you have requested or information regarding our products and services. Out of respect for your privacy, we present you with the option not to receive these types of communications each time we send you such communications. Please see the “Choice and Opt-out” section in this Privacy Statement. If you are an individual in the European Economic Area (EEA), United Kingdom (UK) or Switzerland, we will only send you this information if you consent to us doing so at the time you provide us with your personal data (in such case, our legal basis for the processing of your personal data will be your consent, but you shall always have the option to unsubscribe).
- Conduct analytics on how the Website and our Services are being used by you, in order to improve our Services (for example, to ensure that our Website is presented in the most effective manner for you and for your computer/device) and inform our marketing strategy (by presenting you with products and sending you offers tailored to you and your interests).
- Send administrative information to you, for example, information regarding the Website and changes to our terms, conditions, and policies.
- Share personal data among our affiliates and subsidiaries for administrative and business operation purposes and in relation to our sales and marketing activities.
- Prevent fraud or criminal activity, misuses of our products or services, and ensure the security of our IT systems, architecture and networks.
- Respond to requests from public and government authorities including public and government authorities outside your country of residence; enforce our terms and conditions; protect our operations; protect our rights, privacy, safety or property, and/or that of you or others; and allow us to pursue available remedies or limit the damages that we may sustain.
- If you ask us to delete your personal data or seek information about the personal data we have collected about you, and we are required to fulfill your request, to keep basic data to identify you, to respond to your request and prevent further unwanted processing if that is requested.
Social Media Widgets
Our Website includes social media features such as the Facebook, Twitter and LinkedIn buttons and widgets, such as share buttons or interactive mini-programs that run on our Website (“Social Media Features”). The Social Media Features may collect your IP address, which page you are visiting on our Website, and may set a cookie to enable the Social Media Feature to function properly. Social Media Features are either hosted by a third party or hosted directly on our Website. Your interactions with these Social Media Features are governed by the Privacy Statement or practices and terms of service of the Social Media.
Our Disclosure of Information
- GDC will not disclose any personal data about any individual except as set forth in this Privacy Statement. We will share your personal data only with those who require it for the purposes set forth in the Privacy Statement.
- GDC will not sell or rent any of your personal data to third parties.
- GDC will not share any of your personal data with third parties except in the limited circumstances described below.
- We may share Personal data with service providers that under contracts with GDC and who help with our business operations, payment and order processing, IT and hosting, fraud investigation, bill collection, information management and analytics, providers of CRM, marketing and sales software solutions. These third parties are contractually obligated to protect your personal data and to use it only as necessary to provide these services to GDC.
- We may disclose personal data that we, in good faith, believe is appropriate to cooperate in investigations of fraud or other illegal activity.
- We may be required to disclose personal data in response to a subpoena, warrant, court order, levy, attachment, order of a court-appointed receiver or other comparable legal process, including subpoenas from private parties in a civil action.
- We may disclose personal data to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you).
- We may disclose your personal data to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Privacy Statement.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, our Website servers are located in the United States and our subsidiaries and third-party service providers and partners operate around the world. This means that when we collect your personal data, we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Statement. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, which require all group companies to protect personal data they process from the EEA in accordance with European Union data protection law.
ADDITIONAL INFORMATION FOR EUROPEAN INDIVIDUALS
- This section applies solely to individuals in the EU and the UK (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland). Our Privacy Statement describes why and how GDC collects, uses and stores your personal data, the lawful basis on which your personal data is processed, and what your rights (please read “Your Rights” below) and our obligations are in relation to such processing under Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”).
- Your Rights. Subject to applicable law, you have the following rights in relation to your personal data that we process as a data controller:
- Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
- Right to erasure: You may ask us to delete or remove your personal data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data with so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
- Right to data portability: You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your personal data, including profiling, unless such profiling is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent.
- Right to object: You may ask us at any time to stop processing your personal data, and we will do so:
- If we are relying on a legitimate interest to process your personal data — unless we demonstrate compelling legitimate grounds for the processing or your data is needed to establish, exercise or defend legal claims; or
- If we are processing your personal data for direct marketing.
- Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the data protection authority that is authorized to hear those concerns.
- How To Exercise Your Rights. You may exercise the above-referenced rights by contacting us as indicated under “Contact Us” section below.
- Legitimate Interest. “Legitimate interests” mean our interests in conducting and managing our organization and delivering the best Services to you. This Privacy State describes when we process your personal data for our legitimate interests, what these interests are and your rights. We will not use your personal data for activities where the impact on you overrides our interests, unless we have your consent, or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” above.
- International Data Transfers. We have implemented safeguards to ensure an adequate level of data protection where your personal data is transferred outside the EEA and the UK to the U.S., including primarily Standard Contractual Clauses for the transfer of personal data as approved by the European Commission.
CALIFORNIA RESIDENTS: PRIVACY RIGHTS UNDER THE CCPA
- Under the California Consumer Privacy Act of 2018 (“CCPA“), California residents have certain rights around GDC’s collection, use, and sharing of their Personal Information.
- If you are a resident of California, you have the right to know what Personal Information has been collected about you, and to access that information. You also have the right to request deletion of your Personal Information, though exceptions under the CCPA may allow GDC to retain and use certain Personal Information notwithstanding your deletion request.
- You also have the right to request that GDC not sell your Personal Information. GDC does not sell your Personal Information and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law. Similarly, we do not offer financial incentives associated with our collection, use, or disclosure of your Personal Information.
HOW TO EXERCISE YOUR RIGHT UNDER THE CCPA
- To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing GDC at email@example.com,
- Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative. We are required to verify your identity in order to process your request.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
- Response Timing and Format. We endeavor to respond to a verifiable consumer request within 45 days of its receipt, unless we need additional time, in which case we will let you know. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
- We value your privacy and will not discriminate in response to your exercise of privacy rights.
GDC is dedicated to protecting all of your data, including your personal data. To secure your data, GDC has implemented a broad range of technical and organizational security measures that are described in the GDC Security Statement.
CHOICE AND OPT-OUT
- We provide you the opportunity to ‘opt-out’ of having your personal data used for certain purposes when we ask for this information.
- If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter or communication or by emailing us at firstname.lastname@example.org.
CHANGES TO OUR PRIVACY STATEMENT
You are responsible for regularly reviewing this Privacy Statement and related documents. We reserve the right to modify this Privacy Statement at any time and will publish such new Privacy Statement in advance of its applicable effective date.
If you have any questions about this Privacy Statement or desire to exercise your legal rights with respect to your data (such as the access, data portability, and deletion rights described above), you can contact GDC at email@example.com or write to:
Global Data Consortium, Inc.
Attention: Chief Privacy Officer
1101 Haynes Street, Suite 109 Raleigh, NC, 27604, USA