Effective Date: May 28, 2018
Information Collection and Use; Personal Information
We may ask you to provide us, or third parties may provide us, with specific Personal Information that can be used to contact or identify you. Personal Information may include, but is not limited to, your name, postal address, email address, and employer. We collect Personal Information to provide the Services, identifying and communicating with you about the Services, responding to your requests/inquiries, servicing your purchase orders, improving our Services, and interacting with you about our Services, discounts, and promotions.
How Long We Keep Your Personal Information
How long we keep the information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymise your information or, if this is not possible (for example, because the data has been stored in backup archives), then we will securely store your data and isolate it from any further use until deletion is possible.
If you subscribe to an individual account, we retain your account information for as long as your account is active and a reasonable period after that in case you decide to re-activate the Services. We also keep your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, it will be anonymised and used to uncover collective insights about the use of our Services, not to individually analyse personal characteristics about you.
If the Services are made available to you through an organisation (e.g., your employer), we retain your information as long as required by your employer under our agreement with your employer as required by the administrator of your account. If your account is deactivated, your information and conversations you may have had and actions you may have taken on the Services will remain to allow your team members to make full use of the Services.
If you have elected to receive marketing emails like e-mail campaigns or newsletters from us, we retain information about your marketing preferences for a reasonable period from the date you last expressed interest in our Services. Every marketing email we send will provide you with the option to opt out of receiving future emails.
Accessing and Correcting Your Personal Information
Information Collected Directly from You
We collect information about you when you provide it to us and automatically when you use the Services.
We collect information that your browser sends whenever you visit our website or use our Services (“Analytic Data”). This Analytic Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages and other statistics. Besides, we use third-party services such as Google Analytics or Squarespace Inc that collect, monitor and analyse this type of information to increase our Services’ functionality. These third-party service providers have their privacy policies addressing how they use such information. When you access the Services by or through a mobile device, we collect certain information automatically. Including the type of mobile device you use, your mobile device’s unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, and your general location information as described further below.
We use and store information about your general location. We use this information to provide features of our Services and to improve and customise our Services.
Do Not Track Disclosure
We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the “Preferences” or “Settings” page of your web browser.
Information Collected from Other Sources
We will enrich your Personal Information with additional Personal Information received from publicly accessible sources. Or from our partners.
We work with partners who may market, sell, or support our Services. These partners may provide us with your Personal Information so that we can contact you. We also may receive your Personal Information from advertising, market research, or data enrichment partners with whom we engage in identifying prospective customers.
Service Providers who may Receive Your Personal Information
Notwithstanding such legal and contractual obligations between such service providers and us, we remain potentially liable for any misuse of your Personal Information. We will only disclose Personal Information when we are required to do so in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Communications; Your Options
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send, or by emailing email@example.com.
Security of Personal Information
The security of your Personal Information is critical to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, to protect it from unauthorised access, destruction, use, modification, or disclosure. However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Information we have collected from you.
International Transfer of Personal Information
Your Personal Information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide Personal Information to us, please note that we transfer Personal Information to the United States and process it there according to our Privacy Shield Certification. This process is since our providers of technology solutions may be a United States company or may have their service delivered from the United States.
Links To Other Sites
Only persons who are age 18 or older have permission to access our Services. Our Services are not intended to be used by anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under age 13 without verification of parental consent, we take steps to remove that information from our servers.
Accountability for Onward Transfer
If we transfer your Personal Information to another country, we may remain liable and will take appropriate measures to protect your privacy and the Personal Information we transfer.
We’ll take appropriate physical, technical, and organisational measures to protect your Personal Information from loss, misuse, unauthorised access or disclosure, alteration, and destruction.
Data Integrity and Purpose Limitation
We’ll collect only as much Personal Information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent. We’ll take appropriate steps to make sure the Personal Information in our records is accurate.
Recourse, Enforcement and Liability
For EU Users
This section applies only to Users located in the European Union.
Contact Information for the Data Controller
This paragraph pertains only to individuals for whom Nabling is a “controller” within the meaning of Regulation (EU) 2016/679 of the German Parliament and of the Council of 27 April 2016 (“GDPR”):
The controller of your Personal Information:
Legal Bases for Processing EU Users’ Personal Information
We only process your information when we have the legal basis to do so. That is, why we will just handle your Personal Information when:
We need it to provide you with the Services;
You give us consent for a specific purpose; or
It satisfies Nabling’s legitimate interests (which are not overridden by your data protection interests), such as for improving, marketing, and promoting the Services and protecting our legal rights;
We need to process your data to comply with our legal obligations.
Transfer of EU Users’ Personal Information Outside the EU
We may transfer your Personal Information to Nabling-affiliated entities in third parties in the United States or other countries that may not have equivalent privacy and data protection laws to the state in which you reside. When we transfer Personal Information of customers in the European Economic Area or Switzerland to any such country, we make use of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, European Commission-approved standard contractual data protection clauses, binding corporate rules, or other appropriate legal mechanisms to safeguard the transfer. Please refer to the Section “EU-US and Swiss-US Privacy Shield” below.
EU Users’ Rights to Control Personal Information
You have control over your Personal Information. Below are the rights you have and the steps you can take to exercise them. Please note that your rights may be limited in some instances. For example, if fulfilling your request may reveal information about another person. Or if you ask to delete data which law permits your employer or we or have compelling legitimate interests to keep, and it may take time for us to investigate your request. If you believe that we are not respecting your rights concerning your Personal Information, you may complain about to your local supervisory authority.
Right to Access
You have a right to request a copy of the Personal Information that Nabling holds. To request this information, please email us at firstname.lastname@example.org.
Right to Rectification
If you believe that any Personal Information that Nabling holds is incorrect, you have the right to correct that information. You can change your Nabling account information on the “Settings” page, and if you have any further concerns regarding the accuracy of your information, please email us at email@example.com.
Right to Erasure, Restriction, or Objection to Processing
If you believe we do not have the right to process your information or you object to our processing for a particular purpose, or if you want us to erase your Personal Information altogether, please email us at firstname.lastname@example.org.
Right to Withdraw Consent
If you gave us consent to process your Personal Information for a particular purpose, you have the right to withdraw that consent by emailing us at email@example.com. Your withdrawal of consent does not affect the lawfulness of our processing of your Personal Information before the removal.
You have the right to obtain the Personal Information that you have directly submitted to Nabling in a format you can transfer to another service provider. If you want to exercise this right, please email us at firstname.lastname@example.org.