Your privacy is important to us.
(Effective date: September 1, 2020)
Scope of this policy
How is your data being processed?
- Who processes personal information? (who is the ‘Data controller’)
Personal information is processed by us, an entity incorporated in accordance with the laws of the United States with the following contact details:
Contact email: firstname.lastname@example.org
- What are we processing your data for and why are we processing it? (‘Purposes of data processing’, ‘legal basis of the data processing’ and ‘storage periods’)
We will process your data when we have to perform a contract, and we will be processing your data as long as the contractual relationship with you is in force and during the five years following the end of said relationship. This results in us having to process your data for purposes of providing you with both the Services, as well as to perform our obligations under the Services Terms and Conditions.
Subject to obtaining your consent, and as long as you do not withdraw any such consent, we may process your data for the following purposes:
- To send you electronic commercial communications (if you subscribe to a newsletter) or to answer the requests you may address us when contacting us;
- If you opt to sign in by means of a third party social media platform, we may obtain ID confirmation from that third party to help us sign you in only.
- For profiling purposes based on your behavior and how you browse the Site and the App, and use the Services, which pages you have visited, and to build audiences. Please note that we may profile users by means of cookies, in which case, your acceptance of the installation and se of cookies results in a data processing for profiling purposes as described in this paragraph.
- We may enrich the data we have about you by obtaining information from a select third party for data enrichment purposes, provided that you have given us prior permission. Enriching data allows us to analyze a deeper subset of data form which we may present personalized content.
When we have to comply with a legal obligation applicable to us from time to time, such as those set forth in tax and anti-money laundering laws and regulations (such as Act no. 58/2003, dated December 17, on Taxes; Act no. 27/2014, dated November 27, on corporate taxes; Act no. 10/2010, dated April 28, for the prevention of money laundering and financing or terrorism; or Organic Act no. 10/1995, dated November 23, on Criminal Code). In any such cases, the data will be processed only during the periods set forth by said laws, being deleted thereafter.
Finally, we may also process your data to protect our legitimate interests, as long as said data is necessary to fulfill the goals set forth below, namely:
- To review, monitor, investigate and analyze how to improve the Services and/or the Site and the App, as well as to keep our Services and the Site and App secure and operational and prevent abusive activity (e.g. fraud, spam, phishing activities, etc.). This may include sending you emails to assess any problems in the service or know how to improve your user-experience. The interests at stake are ensuring a correct and safe environment for both other users and us, taking those interests prevalence over your legitimate interests (we need to create and maintain an environment which is in accordance with the law, the legitimate interests of other parties, what other users may expect from our end, and to protect other users’ security when accessing the Site, the App and using the Services);
- Besides any commercial electronic and non-electronic commercial communication sent when we have obtained your consent as mentioned above, we may also send you these kind of communications when you are our client. In this last case, we will only send you information belonging to us and concerning services and/or products identical or similar to the ones you have contracted with us. In these cases, we have a legitimate interest in processing your contact information to keep you informed about any of our products and services, prevailing this interest over your right to personal data given the non-sensitive nature of the data in question and the fact that the contractual relationship built with our clients results in those clients expecting these kinds of communications; and
- Upon dissociating the data we have so as to be impossible to be associated to you or any other person, to perform statistical and other analysis on information we collect (technical and meta data) to analyze and measure user behavior and trends, to understand how people use our services, in order to improve and optimize our performance of such services.
- To which extent do we require to have access to your personal data?
We need to process your personal data to perform the legal and contractual obligations mentioned in section 3.2 above. Otherwise, we are not able to provide you with the Services and/or access to the Site and App. On the other hand, for data processing which depends on your consent or on our legitimate interests, the data processing is not legally required.
- Which companies will have access to your personal information?
Finally, we may also share your information with competent courts and authorities, when we are legally required to do so (for instance, to allow such bodies to investigate, prevent or take action against illegal activities), or we have to take action to protect our rights or any third party rights.
Finally, please note that you may opt for creating a Visible.me video and share publicly the responses provided by third parties, said results will be shared with those third parties you opt to share them with. Please, bear in mind that, depending on what you intend to do with your data, you may be required to inform or comply with further legal requirements vis-à-vis respondents.
- In which territories may your personal information be processed?
- Your rights
You have the right to withdraw your consent at any time. You also have the right to request access to and rectification or erasure of your personal data, or restriction of processing, or to object to processing, as well as the right to data portability. Please note that if you choose to cancel your data, your account will be deleted and all data in your account will be permanently deleted from our systems.
- Updating your information. Emails and commercial communications.
You can update any information we may have from you by means of the account settings area or by sending us a written communication as described in section 3.6 above. Please, remember that it is your duty to keep information updated so as we can correctly provide you with the Services, and you undertake to verify the information you have handed us from time to time to make sure that it is accurate.
As explained in section 3.6 above, you are entitled to ask us, now or at any moment, not to send you any kind of emails or commercial communications. To that extent, you can either change the communication preferences in your account settings page or contact us as described in section 3.6 above. Note that this will not prevent to send you emails or other communications related to the Services, as those communications are necessary to perform the relationship we have with you.
How is the data we collect on your behalf being processed?
- In order to provide you with the Services, we may need to process on your behalf third parties’ personal data. This is the case, for instance, when a person files out a Visible.me, in which case the data is collected, stored and processed on your behalf.
- We will only process any personal data we may have access to as a result of the provision of the Services in accordance with the instructions included in the Service Terms and conditions and any other that you may provide us from time to time in writing. Should we have reasonable grounds to believe that any of your documented instructions infringes European data protection laws, we will inform you punctually, so that you can confirm in writing that instruction. Please, note that in case of any such reconfirmation, you shall bear any consequences arising out of that instruction being contrary to law, and you shall defend, indemnify and hold us harmless of any and all costs (including attorney’s fines), fines or sanctions, or any damages deriving from our performance of the challenged instruction.
- We will ensure that all employees authorized to process personal data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality.
- To provide you with the Services, we may need to use some service providers we already rely on, as well as to hire new ones in the future. Those companies will only process the data to the extent necessary to render the Services, and we will enter into written agreements with them to make sure that said companies comply with the obligations included in this section 4 and implement all necessary security measures to ensure adequate protection of the data.
With respect to data breaches, we will notify you without undue delay upon we confirm that a data breach affecting personal data has taken place. We will provide you with sufficient information to allow you to meet any obligations to report or inform competent authorities or data subjects. We will reasonably cooperate with you and take such reasonable commercial steps as are directed by you to assist in the investigation, mitigation and remediation of each such data breach. For avoidance of doubt, you shall be responsible for both filing any reports required under applicable law and notifying data subjects, and you shall defend, indemnify and hold us harmless of any and all costs (including attorney’s fines), fines or sanctions, or any damages that lack of action on your side may cause.
- Upon termination of the Service Terms and Conditions, we shall delete personal data, unless otherwise required by law.
- We will make available to you all information necessary to demonstrate compliance with the obligations laid down in this Section 4 and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you who is not any of our competitors. You accept that you may only conduct up to one (1) audit per year, except that there are reasonable grounds to believe that we are not performing the obligations included in this section 4. Audits shall only be carried out during normal business hours, and you shall bear all costs except that we are found to be in a material breach of this section 4.
- For the provision of the Services or because you want to process data from a given location or hand it to another company, data may be transferred outside the European Economic Area to an entity not part of the Privacy Shield scheme or to a country which has not been declared to offer a level of protection equal to the one provided by European data protection regulations.
In those cases, you shall ensure that said transfer is possible in accordance with European data protection regulations or any other requirements set forth by law without having to sign Standard Contractual Clauses. Should this not be possible —and only to this extent— and with respect to any subprocessors hired by us, you (as ‘data exporter’) and we (as ‘data importer’) hereby agree to enter into the Standard Contractual Clauses in respect of any such transfers of data. You fully agree with the contents of the Standard Contractual Clauses (available here: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087) and —given that the contractual relationship set forth in the Service Terms and Conditions cannot exist without international transfers of data— you further warrant and represent that you will not question the execution of Standard Contractual Clauses in the future, being their signature a mere act evidencing their agreement to the same as set forth herein.
How to contact us
- Send a request via https://visible.me/contact-us.