DATA GDPR Privacy Addendum
Last modified: 15 October 2022
This GDPR Privacy Addendum supplements the information in our Privacy Notice if you are located in the European Economic Area, the United Kingdom, or Switzerland.
This GDPR Privacy Addendum (the “GDPR Privacy Addendum”) supplements the information contained in our Privacy Notice (our “Privacy Notice”) and applies solely to the users of our Services who are located in the European Economic Area, the United Kingdom, or Switzerland. We adopt this GDPR Privacy Addendum to comply with the European Union’s General Data Protection Regulation, and any laws implementing the foregoing by any member states of the European Economic Area, the United Kingdom (including the UK Data Protection Act and the UK-GDPR), and Switzerland (collectively, the “GDPR”). Unless otherwise defined in this GDPR Privacy Addendum, any terms defined in the GDPR or our Privacy Notice have the same meaning when used in this GDPR Privacy Addendum. When this GDPR Privacy Addendum is applicable to you, it takes precedence over anything contradictory in our Privacy Notice.
DATA and your employer are both independent data controllers of your Personal Data we process on or through the Services. DATA has appointed a Data Protection Officer, a representative in the European Union, and a representative in the United Kingdom.
DATA and your employer are the data controllers of your Personal Data. DATA has appointed representatives in both the European Union and the United Kingdom in compliance with the General Data Protection Regulation and the UK Data Protection Act and UK-GDPR. DATA, its Data Protection Officer, or its representative may be contacted in any manner set forth below in the “Contact Information” Section of this GDPR Privacy Addendum.
The Personal Data we collect about you and how we collect it is described in our Privacy Notice.
The Personal Data we collect and the ways in which we collect it is described in our Privacy Notice.
The Personal Data we collect from you is required for your employer to enter into a contract with DATA, for DATA to perform under the contract, and to provide you and your employer with our products and services. If you refuse to provide such Personal Data or withdraw your consent to our processing of Personal Data (when appropriate), then in some cases we may not be able to enter into the contract or fulfill our obligations to you under it.
We have a lawful basis for our processing of your Personal Data, including processing for our legitimate interests (when balanced against your rights and freedoms), to fulfill our obligations to you under a contract with you, and required by law, and with your consent.
The processing of your Personal Data is lawful only if it is permitted under the GDPR. We have a lawful basis for each of our processing activities (except when an exception applies as described below):
We generally do not request you provide and do not process any special categories of Personal Data.
DATA does not ask you to provide, and we do not knowingly collect, any special categories of Personal Data from you that may be considered sensitive, such as Personal Data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade unions membership, or personal data concerning your health or data concerning your sex life or sexual orientation or history of criminal convictions. Please do not provide any such Personal Data to DATA. If we find out that you have provided such Personal Data, we will delete it.
We generally do not use your Personal Data with any automated decision making processes.
We only use your Personal Data as described in our Privacy Notice.
We use your Personal Data as described in our Privacy Notice.
We will only use your Personal Data to contact you about our own goods and services that may be of interest to you with your consent. If you wish to consent to this use, please check the relevant box located on the form on which we collect your data. If you wish to change your choice, you may do so at any time by logging into the Services and adjusting our user preferences in your account profile by checking or unchecking the relevant boxes or by sending us an email stating your request at firstname.lastname@example.org. For more information, see Choices About How We Use and Disclose Your Information.
We only share or disclose your Personal Data to the entities and for the purposes described in our Privacy Notice.
We do not share or otherwise disclose your Personal Data for purposes other than to the entities and for the purposes described in our Privacy Notice.
You have certain rights with respect to your Personal Data under the GDPR, including the right to access and update your Personal Data, restrict how it is used, transfer certain Personal Data to another controller, withdraw your consent at any time, and the right to have us erase certain Personal Data about you. You also have the right to complain to a supervisory authority about our processing of your Personal Data. However, your employer may be required to send certain requests on your behalf.
The GDPR provides you with certain rights with regards to our processing of your Personal Data. These rights replace the similar rights provided in our Privacy Notice or are supplemental to such rights.
We may process your Personal Data outside of your home country, including to the United States. We only do this when we are legally permitted to do so and when we have appropriate safeguards in place to protect your Personal Data.
In order to provide our Services to you, we may send and store your Personal Data outside of the EEA or the United Kingdom, including to the United States. Accordingly, your Personal Data may be transferred outside the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data. Your information may be processed and stored in the United States and United States federal, state, and local governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your information through the laws of the United States. By using our Services, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where you reside or are located, including in the United States.
Your Personal Data is transferred by DATA to another country only if it is required or permitted under the GDPR and provided that there are appropriate safeguards in place to protect your Personal Data. To ensure your Personal Data is treated in accordance with our Privacy Notice and this GDPR Privacy Addendum when we transfer it to a third party, DATA uses Data Protection Agreements between DATA and all other recipients of your data that include, where applicable, the standard contractual clauses adopted by the European Commission and/or the Information Commissioner’s Office in the United Kingdom (collectively, the “Standard Contractual Clauses”). The European Commission and the Information Commissioner’s Office in the United Kingdom have determined that the transfer of Personal Data pursuant to the Standard Contractual Clauses provides for an adequate level of protection of your Personal Data, however, the Standard Contractual Clauses may need to be supplemented in some cases with additional measures on a case-by-case basis after an analysis that such supplemental measures can provide you with an essentially equivalent level of protection as afforded in the EEA and/or the UK. When, as a result of this analysis, we believe this to be appropriate and necessary, the Standard Contractual Clauses have been supplemented in this way. Under these Standard Contractual Clauses, you have the same rights as if your Personal Data was not transferred to such third country. You may request a copy of the Data Protection Agreement by contacting us through the Contact Information below.
We retain your Personal Data for as long as you keep your account open. In some instances, we may keep it after you close your account, for example we may keep it:
DATA will retain your Personal Data for the entire time that your account remains open. After this period, we may retain your Personal Data for four (4) years, or for any of the reasons listed below, whichever is longer:
We will post any changes to our GDPR Privacy Addendum on our Services. If we make material changes to this GDPR Privacy Addendum, we may notify you of such changes through your contact information and invite you to review (and accept, if necessary) the changes.
We may change this GDPR Privacy Addendum at any time. It is our policy to post any changes we make to our GDPR Privacy Addendum on this page with a notice that the GDPR Privacy Addendum has been updated on the Services’ home page. If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Services’ home page. The date this GDPR Privacy Addendum was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Services and this GDPR Privacy Addendum to check for any changes.
If you wish to contact us, you must contact both us and our representative through the contact information below or through the “Contact Us” page on our Services.
If you have any questions, concerns, complaints, or suggestions regarding our Privacy Notice or this GDPR Privacy Addendum, have any requests related to your Personal Data described in the Privacy Notice or this GDPR Privacy Addendum, or otherwise need to contact us, you must contact both us and our representative in the European Union or the United Kingdom (if you are a resident of the United Kingdom) at the contact information below.
To Contact DATA (Controller)
Deception and Truth Analysis, Inc.
600 N. Broad St.
Suite 5 #273
Middleton, DE 19709-1032
Phone: (302) 314-1429