Clean.io Website Privacy Policy – GDPR Addendum

Last updated March 8th, 2020

The EU’s General Data Protection Regulation (GDPR) provides individuals that are residents of the European Union (EU), European Economic Area (EEA)) and Switzerland with specific rights regarding their Personal Data.  This GDPR Addendum to the Clean.io Website Privacy Policy (the “Privacy Policy”) addresses those rights.   Additionally, as of the effective date of this GDPR Addendum, the UK is covered by the GDPR but has taken steps to adopt laws that mirror the GDPR that are intended to go into effect following the UK’s departure from the EU. References to the GDPR in this Privacy Policy are intended to cover the UK’s replacement laws.  The UK, Switzerland and the countries of the EU and EEA are collectively referred to herein as the “Designated Countries”.

This GDPR Addendum should be read in conjunction with the Clean.io Website Privacy Policy, which provides a description of all of our data collection, use and disclosure practices with respect to our Clean.io website and marketing activities.  Capitalized terms used herein and not otherwise defined shall have the respective meanings provided in the Clean.io Website Privacy Policy.

1. General.  We may ask you to identify which country you are in when you Interact with us, or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in a Designated Country. If any terms in this Addendum conflict with other terms contained in the Privacy Policy, the terms in this Addendum shall apply to users from Designated Countries.

Clean.io is a data controller with regard to any Personal Data collected from Visitors pursuant to an Interaction. A “data controller” is an entity that determines the purposes and the manner in which the Personal Data is processed. Any third parties that handle your Personal Data in accordance with our instructions are our service providers and are “data processors.” You are a “user.” Users are individuals providing Personal Data to us via an Interaction, such as requesting to receive information regarding our Services or otherwise accessing or using our resources that we provide.

2. Legal Basis.  Our legal basis for collecting and using the Personal Data as described in our Privacy Policy will depend on the Personal Data concerned and the specific context in which we collect it. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.  Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data. Please contact us at [email protected] if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

 

Purpose for Processing

 

Legal Basis for Processing

 

We may Process your Personal Data to provide the Site and facilitate the Interactions.  Specifically, we may Process your Personal Data to:

●      deliver information to you and contact you regarding administrative notices;

●      respond to your requests, inquiries, comments and concerns);

●      personalize your Interactions with us;

●      provide technical, product and other support for the Site and our Services;

●      better understand you and/or maintain and improve the accuracy of the records we hold about you.

 

 

 

This use of your Personal is necessary for our legitimate interests (managing our business, providing the Site and Services), provided our interests are not overridden by your rights and interests.  Please note that you have a right to object to processing of your Personal Data where that processing is carried on for our legitimate interest.

 

This use of your Personal Data is sometimes also necessary in order for us to comply with legal obligations.

 

In certain cases, Users also provide their express consent to these data uses.

We may provide Personal Data to our suppliers and third-party service providers that help us provide, operate, analyze and improve the Site and Interactions.

This use of your data is necessary for our legitimate interests (managing our business, providing our Site and Services, improving our Site and Services and studying how users use our Site and Services), provided our interests are not overridden by your rights and interests.

 

This use of your Personal Data is sometimes also necessary in order for us to comply with legal obligations.

 

In certain cases, Users also provide their express consent to these data uses.

 

We may use Personal Data to evaluate and improve the Site, our Services, and our other products and services (i.e., identify usage trends and for data analysis, including for purposes of research, audit and reporting)  and to develop new products, services, features and benefits.

 

 

This use of Personal Data is necessary for our legitimate interests (managing our business, providing our services, keeping our records updated, studying how users use our  Site and Services, developing our Site and Services, defining types of clients for our Services, and informing our marketing strategy), provided our   interests are not overridden by your rights and interests.

 

 

 

We may use Personal Data to engage in advertising and marketing efforts and provide you with special offers and other information about the Services as well as other products, events and services of ours, our affiliates, and non-affiliated third parties

 

This use of Personal Data is necessary for our legitimate interests (studying how users use our Site and Services, to develop our Site and Services, to grow our business and to inform our marketing strategy), provided our   interests are not overridden by your rights and interests.

 

 

We may share and transfer Personal Data if we are involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.

 

This use of Personal Data is necessary for our legitimate interests (managing our business and providing our Site and Services), provided our interests are not overridden by your rights and interests.

 

This use of your data is sometimes also necessary in order for us to comply with legal obligations.

 

We may also share Personal Data:

 

(i) as required or permitted by law, including any requirements from government agencies and taxing authorities; (ii) if we determine that disclosure of specific information is necessary to comply with the request of a law enforcement or regulatory agency or other legal process; (iii) to protect the rights, privacy, property, interests or safety of Clean.io or our affiliated companies, customers, employees or the general public; (iv) to pursue available remedies or limit damages; (v) to enforce Clean.io’s agreements; and (vi) to respond to an emergency.

This use of your data is necessary in order for us to comply with legal obligations,.

 

This use may also be necessary to protect vital interests.

 

3. Transfer of Personal Data Outside of the Designated Countries. To the limited extent that it is necessary to transfer Personal Data outside of the Designated Countries, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such Personal Data, including standard contractual clauses under Article 46.2 of the GDPR. Please contact us if you wish to obtain information concerning such safeguards.

4. International Transfers.  Clean.io is located in the USA.  Therefore, any Personal Data we collect will be collected and stored in the USA.  For Users that are in the Designated Countries, this means that their Personal Data will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of their Personal Data than the jurisdiction the User is typically resident in.  Please note that Clean.io uses safeguards designed to protect the privacy and integrity of such Personal Data, including adhering to the Standard Contractual Clauses under Article 46.2 of the GDPR.  We may also sometimes transfer your Personal Data to service providers based in the US that are certified to the EU- US Privacy Shield Framework.   Please contact us at [email protected] if you wish to obtain information concerning safeguards we employ when transferring Personal Data outside of the Designated Countries.

5. Additional Privacy Rights. We provide you with the rights described below when you Interact with us. We may limit these privacy rights (a) where denial of access is required or authorized by law, (b) when granting access would have a negative impact on others’ privacy, (c) to protect our rights and properties, or (d) where the request is frivolous or burdensome. If you would like to exercise your rights under applicable law, please contact us at [email protected]. We may seek to verify your identity when we receive your privacy rights request to ensure the security of your Personal Data.

      a. Right to withdraw consent.  For any consent-based processing of your Personal Data, you have the right to withdraw your consent. A withdrawal of consent will not affect the lawfulness of our processing or the processing of any third parties based on consent before your withdrawal.

      b. Right of access/right of portability.  You may have the right to obtain information about the categories of your Personal Data that we are processing, the purposes for which we process that Personal Data, and how we share that Personal Data, among other things.  You also have the right to access the Personal Data that we hold about you, and in some circumstances, have the Personal Data provided to you so that you can provide that Personal Data to another controller.

      c. Right to rectification. You may request for us to correct or rectify any inaccurate or incomplete Personal Data we hold about you in our files.

      d. Right to erasure. In certain circumstances, you may have a right to the erasure of your Personal Data that we hold on you.

      e. Right to restriction. You have the right in some circumstances to request that we restrict our processing of your Personal Data, such as where the accuracy of the Personal Data is contested by you.

      f. Right to object to processing. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

      g. Rights to file a complaint.  If you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

      h. Notification to third parties. When we fulfill your individual rights requests for correction (or rectification), erasure or restriction of processing, we will notify third parties also handling the relevant Personal Data unless this proves impossible or involves disproportionate effort. Upon your request, we will identify such third parties.

6. Exercising Your Rights. If you wish to exercise one of these rights, please contact us at [email protected]. Please include your name and email address with your request. Before we can process any such request, we will need to verify your identity through the email address or telephone number associated with your Interactions, and confirm your request prior to fulfilling any such request and reserve the right to deny a request where we are unable to satisfactorily complete this process.  If you authorize someone to make a request on your behalf, we may also deny your request if we are unable to verify that the individual making the request is authorized to act on your behalf.  We will respond to all such requests as soon as reasonably possible and, in any event, within timelines required by GDPR. Clean.io does not and will not discriminate against you for exercising your rights under GDPR.

7. Third Party Providers/Sub-Processors.  We may use third party service providers (known as sub-processors) to facilitate use and operation of the Site and/or for other activities related to the Interactions and our other business activities.  We share some personal data with these sub-processors to help us provide, manage, secure and improve the Site and related to our Interactions. Your Personal Data may be provided to and used by such sub-processors in furtherance thereof.  A current list of our third party sub-processors is available here.  Our subprocessors have privacy and security practices in place to ensure compliance with the GDPR and have contractual requirements to protect the privacy and security of the personal data that they sub-process.

8. Changes To This Addendum.  We reserve the right to change this GDPR Addendum from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the top of this Addendum. Your continued use of the Site or our Services or other Interactions with us after we make changes is deemed to be an acknowledgment of those changes, so please check this GDPR Addendum periodically for updates.