Last Updated: April 16, 2019
By using the Services, you agree to this GDPR Policy. IF YOU DO NOT AGREE TO THIS GDPR POLICY, YOU MAY NOT USE THE SERVICES.
This GDPR Policy protects the Personally Identifiable Information of residents of countries that have adopted the GDPR (“Data Subjects”).
When Processing the Personally Identifiable Information of such persons, CERTIFY will abide by the requirements of the GDPR, whether we are considered an entity that determines the purposes and means of the Processing of Data Subjects’ Personally Identifiable Information (“Data Controller”) and/or an entity that process the information (“Data Processor”).
When Processing the Personally Identifiable Information of the customers of an entity, the entity agrees that it will have the responsibilities of the Data Controller and that CERTIFY will have the responsibilities of the Data Processor under the GDPR. Thus, the entity agrees that it will be responsible for its customers’ information, and that CERTIFY will not have any responsibilities for the information, except in connection with the processing of the information.
When processing the Personally Identifiable Information of the customers of an entity, the entity may require that CERTIFY use certain third-party Data Processors to provide the Services. In such situations, the entity agrees that it authorizes CERTIFY to share its customers’ data with such third-Party Data Processors. The entity also agrees that it will be responsible for providing any and all instructions to such third-party Data Processors regarding its customers’ information. The entity agrees that the third-party Data Processors will not be considered subcontractors of CERTIFY.
The purpose of Processing Data Subjects’ Personally Identifiable Information is to provide the Services set forth on our Website.
The legal bases for the Processing of Data Subjects’ Personally Identifiable Information may include one or more of the following:
Data Subjects have the following rights under the GDPR.
To exercise any of these rights, Data Subjects may contact CERTIFY as provided below.
CERTIFY may process Data Subjects’ Personally Identifiable Information or use third-party Data Processors to process such information. CERTIFY operates internationally, and such information may be processed in the United Sates or the European Union. CERTIFY’s servers are located in the United Sates, and the servers of third-party Data Processors may be located in the United States or the European Union.
When we process the Personally Identifiable Information of the customers of an entity, we will provide such entities with copies of our security policies regarding the processing of such information upon request.
When Data Subjects’ Personally Identifiable Information is transferred outside of the European Union, we will use standard contractual clauses approved by the European Union, adopt other means under European Union law for ensuring adequate safeguards regarding the disclosure of such information, or obtain your consent to the use or disclosure of such information. If Data Subjects would like a copy of our standard contractual clauses or more information on the appropriate safeguards we have implemented with third Data Processors to protect their information, please contact CERTIFY as provided below.
Questions, complaints, and other communications regarding any aspect of this GDPR Policy should be addressed to CERTIFY at firstname.lastname@example.org.
Data Subjects who wish to direct their questions, complaints, or other communications to the person at CERTIFY who monitors compliance with the GDPR (“Data Protection Officer”), including with regard to all issues related to the Processing of their Personally Identifiable Information and the exercise of their rights under the GDPR, should contact CERTIFY as follows. Data Subjects who are not satisfied with the Data Protection Officer’s responses and who wish to obtain the contact information of the entity authorized to act on CERTIFY’s behalf in the European Union (“Representative”), or the entities responsible for overseeing compliance with the GDPR in the countries where CERTIFY provides the Services (“Supervisory Authority”), should also contact CERTIFY as email@example.com.