Privacy Notice for European Clients (effective February 1, 2022)
Identity of the Data Controller
“Data controllers” are the people or organizations that determine the purposes for which, and the manner in which, any Personal Data is processed, and make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.
Datotel LLC take the protection and privacy of our users’ personal data seriously. To that end, we have appointed a Data Protection Officer.
Our Data Protection Officer can be contacted as follows:
710 North Tucker, Suite 400, St. Louis, MO 63101
Purpose and Scope of this Policy
Why and how do we ensure compliance?
Data protection and privacy laws provide rights to individuals with regard to the use of their Personal Data by organizations, including our organization. EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, and disclosure of your Personal Data within the EU.
We must comply with data protection and privacy laws because the law requires us to but we also would like you to have confidence in dealing with us, and our compliance with data protection law helps us to maintain a positive reputation in relation to how we handle Personal Data.
We are required to demonstrate accountability for our data protection obligations. We must be able to show how we comply with the applicable data protection and privacy laws, and that we have in fact complied with the laws.
We do this, in conjunction with our written policies and procedures, by building data protection and privacy compliance into our systems and business practices, by internally monitoring our data protection and privacy compliance and keeping it under review, and by acting if our representatives, including employees or contractors, fail to follow the rules.
We also have certain obligations in relation to keeping records about our data processing.
Who must comply?
What are the data protection principles and rules?
We aim to comply with the following principles found in Data Protection Law:
- Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly and in a transparent manner.
- Purpose Limitation – Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimization – Personal Data must be adequate, relevant and limited to what is necessary in relation to purposes for which they are processed.
- Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate Personal Data should be corrected or deleted.
- Retention – Personal data should be kept in an identifiable format for no longer than is necessary.
- Integrity and confidentiality – Personal data should be kept secure.
- Accountability – Under the GDPR, we must not only comply with the above six general principles but we must be able to demonstrate that we comply by documenting and keeping records of all decisions.
What types of personal data will we process?
We will collect personal data with you in accordance with the purposes outlined in this document. This will be data used to facilitate a consultant/client type relationship usually your name and email address and from time to time, billing information. If you are a sole trader or partnership, we will consider your address to be personal data.
Ways in which Datotel LLC may process your Personal Data:
Information you provide us
- Account Information
- You provide us with information when you create an account such as your name, email, username, and password. This information is required for account creation. You may also choose to share a profile photo and your activity preferences.
- Additional Information
- When you use our Service and interact with certain features, you may choose to provide us with additional information such as chats, messages on group threads or discussion boards, comments, likes, and logs for things like your mood, food, or other specified habits.
- If you contact us or participate in a survey, contest or promotion, we gather the information you provide such as name, contact info, organization or company name, and message.
- Payment and card information
- If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.
Special Category Personal Data
We will not collect special category data from you in relation to your use of this website.
Children’s Personal Data
We do not offer our products or services for use by children and, therefore, we do not knowingly collect personal data from, and/or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not provide any personal data to us without involvement of a parent or a guardian. For the purposes of the GDPR, we do not intend to offer information society services directly to children. In the event that we become aware that you provide personal data in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at firstname.lastname@example.org.
Who has access to or processes personal data?
We may use trusted service providers who could be considered data processors, sub-processors or third parties. We have written agreements in place with all of our service providers and, before we sign each agreement, we need to have vetted and be satisfied with the service provider’s data security. The agreements also need to contain specific clauses that deal with data protection. We require all third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with EU laws on data protection. Any such organization or individual will have access to Personal Data needed to perform these functions but may not use it for any other purpose.
We may pass on your details if we are:
- Under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or
- in order to enforce or apply any contract or other agreements with you, or
- to protect our rights, property, or safety of our employees, customers, or others.
This includes reporting information about incidents (as appropriate) to the law enforcement authorities and responding to any requirements from law enforcement authorities to provide information and/or Personal Data to them for the purposes of them detecting, investigating and/or prosecuting offences or in connection with crime sentencing.
Other than the above, or captured herein or in another agreement with you, we will not disclose personal information to any third party without your consent or prior knowledge except in incidences where an individual is potentially at risk or where the law requires it.
Information on Consent
You may withdraw consent at any time. If you have any queries relating to withdrawing your consent, please contact our Data Protection Officer using the contact details set out below.
Data Transfers Outside the EEA
We transmit personal data outside the EEA to our data centers in the United States of America
In particular when transferring your personal data outside the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented: (1) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; (2) where we use certain service providers, we may use specific contracts approved by the European Commission referred to as the “model clauses” which give personal data the same protection it has in Europe.
Under certain circumstances, and dependent on the legal basis under which your personal data is processed, by law you have the right to:
- Request information about whether we hold Personal Data about you, and, if so, what that Personal Data is and why we are holding/using it.
- Request access to your Personal Data (commonly known as a “Data Subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your Personal Data or profiling of you.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your Personal Data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
How do you exercise your rights?
We have appointed a Security Officer to monitor compliance with our data protection obligations and with this policy and our related policies. If you have any questions about this policy or about our data protection compliance, please contact the Data Protection Coordinator.
If you wish to exercise your rights please contact our Data Protection Coordinator and they will respond to the request within 30 days.
We are obliged to comply with exceptions to your requests where laid out in law. Such exceptions may relate to health data, disclosures that would be likely to cause serious harm to your physical or mental health or emotional condition and opinions given in confidence.
Our Data Protection Officer can be contacted as follows:
710 North Tucker, Suite 400, St. Louis, MO 63101
Your Right to Lodge a Complaint
You as the Data Subject have the right to complain at any time to a supervisory authority in relation to any issues related to our processing of your Personal Data. We would like to hear from you first if you have a complaint about how we use your data so that we may rectify the issue. For Irish clients, you can contact the Irish Data Protection Commissioner as follows:
Phone: +353 57 8684800 or +353 (0)761 104 800
Address: Data Protection Office – Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square Dublin 2. D02 RD28 Ireland