Data Privacy
You have got questions. We have answers.
Introduction
This privacy policy (“Policy”) describes how Partium (“Company,” “we,” and “our”) collects, uses and shares personal data when using this website (the “Site”) and/or the applications(s), (the “Applications”), together (the “Services”). Please read the following information carefully to understand our views and practices regarding your personal data and how we will treat it.
Particularly important Information
Who we are: For the purpose of applicable data protection legislation, Partium is the data processor. The data in question are the images submitted to the Partium service, which are processed for the purpose of identifying products or other features within those images.
Must Read Sections: We draw your attention in particular to the sections entitled “International Data Transfer” and “Your Rights.”
Changes to this Policy: We will post any modifications or changes to the Policy in app. We reserve the right to modify the Policy at any time, so we encourage you to review it frequently. The “Last Updated” legend above indicates when this Policy was last changed. If we make any material change(s) to the Policy, we will notify you via an updated policy notice on our application prior to such change(s) taking effect.
1. Purpose of Processing
What is personal data?
We collect information about you in a range of forms, including personal data. As used in this Policy, “personal data” is as defined in the European Data Protection Directive 95/46/EC/General Data Protection Regulation 2018 and any successor legislation, this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address and telephone number.
Why do we need your personal data?
We will only process your personal data in accordance with applicable data protection and privacy laws. We need certain personal data in order to provide you with access to the Application(s)/Services. If you used our service, you will have been asked to check to agree to provide this information in order to access our services. This consent provides us with the legal basis we require under applicable law to process your data. You maintain the right to withdraw such consent at any time. If you do not agree to our use of your personal data in line with this Policy, please do not use our service.
2. Collecting your Personal Data
We collect information about you in the following ways:
Information you give us. This includes:
- the personal data you provide when you opt to use our service, namely the images you submit
- the personal data that may be contained in any photo submission you upload or post to the service
Information Automatically Collected. We automatically log each session when you utilize our service. For example, if you submit multiple photographs from the same service, you are able to view your visual search history.
Log Files. Whenever you use the Internet, specific information will be automatically transmitted from your Internet browser and stored by us in so-called log files.
- IP address (Internet protocol address) of the end device from which the online offer is accessed;
- Internet address of the website from where the online offer has been accessed (so-called origin or referrer URL);
- Name of the service provider through which access to the online offer is achieved;
- Name of the retrieved files or information;
- Date and time as well as duration of the access;
- Transferred data volume;
- Operating system and information on the Internet browser used, including add-ons (e. B. for the flash player);
- http status code (e.g. “Inquiry successful” or “Requested file not found”).
Processing of personal data and purpose. Partium follows a standard procedure of using log files. These files log visitors when they visit websites. Tracked data is not linked to any information that is personally identifiable. The purpose of the information is for the provision of this online offer, administering the site, tracking users’ movement on the website, and gathering demographic information.
The information collected by log files include:
- browser type and version
- Operating system
- referring/exit pages,
- Name of the retrieved files, information or webpages
- date and time stamp
- IP address (Internet protocol address) of the end device from which the online offer is accessed;
- Other information that is relevant to protect our services in case of attacks
Usage of Cookies. In the context of our online service, cookies and tracking mechanisms may be used. Cookies are small text files that may be stored on your device when visiting our online service. Tracking is possible using different technologies. In particular, we process information using pixel technology and/or during log file analysis.
When visiting our websites, you will be asked in a cookie layer whether you consent to our using of any marketing cookies or tracking mechanisms, respectively.
In our privacy settings, you may withdraw the consent with effect for the future or grant your consent at a later point in time.
Third-party Providers. Some Partium websites incorporate content and services from other providers (e.g. YouTube, Facebook, Google, Twitter) who, in turn, may use cookies and active components. Partium has no influence on the processing of personal data by these providers.
Please note that the option provided by Partium to configure settings for cookies used has no effect on cookies and active components from other providers (e.g. YouTube, Facebook, Google, Twitter).
Please refer to the respective provider‘s websites for information about how your data is handled.
Google. The provider of all mentioned Google services is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Please see the privacy policy of Google for more information on the handling of user data: https://www.google.de/intl/de/policies/privacy/.
Google Analytics. This website uses Google Analytics. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. In order to disable the usage of google analytics please use the following link: click here to opt out.
YouTube. This online offer uses the video platform YouTube, which is provided by YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA (“YouTube”). YouTube is a platform which allows the playback of audio and video files.
If you access a corresponding page of our offer, the embedded YouTube player will establish a connection to YouTube so that the video or audio file can be transmitted and played. In the process, data are also transmitted to YouTube as the responsible authority. We are not responsible for the processing of this data by YouTube.
Further information concerning the extent and purpose of the collected data, on the further processing and utilization of your data by YouTube, on your rights, and on your selectable data protection options can be found in the privacy policy of YouTube.
Facebook. Facebook is provided under www.facebook.com by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and under www.facebook.de by Facebook Ireland Limited, Hanover Reach, 5–7 Hanover Quay, Dublin 2, Ireland (“Facebook”). You will find an overview of the plugins from Facebook and their appearance here: https://developers.facebook.com/docs/plugins/?locale=en_EN; you will find information on data protection at Facebook here: http://www.facebook.com/policy.php.
Automated Decision Making and Profiling. We may use your personal image data for the purposes of automated decision-making, profiling, and visual search results. We may also use this data to fulfill obligations imposed by law, in which case we will inform you of any such processing and provide you with an opportunity to object.
HubSpot. We are using Hubspot as customer relationship management tool which provides cookies. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telefon: +353 1 5187500.
Our EMS (email marketing service) provider is; HubSpot and you can read their privacy policy here
LinkedIn. LinkedIn is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). You will find an overview of the plugins from LinkedIn and their appearance here: https://developer.linkedin.com/plugins; you will find information on data protection at LinkedIn here: https://www.linkedin.com/legal/privacy-policy
Website Forms. We use the HubSpot service to provide the following online forms. For this we forward your data to HubSpot, which process the data exclusively on our behalf. See privacy policy for “HubSpot”.
Content Download. In order to make our downloadable content available to you, we collect personal data from you. In the following we clarify about this data.
Data collected: E-mail address, last name, first name, salutation, job title, telephone number ‘
Purpose: Personalized delivery of the requested content.
Legal basis: Art. 6 I b DS-GVO
Optional 1: See the following privacy policy for “Newsletter”.
Newsletter. If you subscribe to our newsletter, we will save your e-mail address and use it to send you the newsletter. Your e-mail address will not be published or disclosed to third parties. Data collected: E-mail address, first name, name, salutation, job title, telephone number Purpose: To send the requested newsletter. Legal basis: Art. 6 I a DSGVO – Consent Cancellation: You can unsubscribe from our newsletter at any time via a link included in each issue. We will delete your e-mail address from our distributor. Alternatively, you can unsubscribe from the newsletter at any time by e-mail to UnSubscribe.
Contact Form. In order to provide you with our contact form, we collect personal data from you. In the following we clarify about this data. Data collected: E-mail address, last name, first name, salutation, job title, telephone number Purpose: to contact interested parties. Legal basis: Art. 6 I b DS-GVO
3. Using your Personal Data
We may use your personal data as follows:
- to operate, maintain, and improve our services;
- for marketing and sales activities as described in detail above;
- to deliver visual search results and identify products within the photos you submit;
- as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce our Policy; (d) to protect our rights, privacy, safety or property, and/or that of you or others; and (e) as described in the “Sharing of your Personal Data” section below.
4. Sharing your Personal Data
We may share your personal data as follows:
- Our Third Party Service Providers and Affiliates. We may share your personal data with our affiliates and third party service providers who provide services such as image and data analysis. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data.
- Data Controller. We may share your personal data with the data controller of the application or website where you utilized our service.
- Corporate Restructuring. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
- Other Disclosures. We may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.
5. Anonymous Data
When we use the term “anonymous data,” we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party.
We may create anonymous data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous data we collect are the session identifiers, which enable us to know when you have submitted multiple images through the same application or website.
6. User Generated Content
You may share personal data with us when you submit user generated content to service, including photographs. We urge you to be very careful when deciding to post sensitive photographs to our service.
7. International Data Transfer
Your information, including personal data that we collect from you, may be transferred to, stored at and processed by us and our affiliates outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our services, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.
8. Security
We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us using the details in Section 14 below.
9. Retention
We will retain your personal data indefinitely unless you choose to revoke access.
10. Our Policy on Children
Our service is not directed to children under 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us using the details in Section 14 below. We will delete such information from our files as soon as reasonably practicable.
11. Sensitive Personal Data
Subject to the following paragraph, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., photographs of social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the service or otherwise to us.
If you send or disclose any sensitive personal data to us when you submit user generated content to our service, you consent to our processing and use of such sensitive personal data in accordance with this Policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such user generated content to service.
12. Your Rights
- Opt-out. You may contact us anytime to opt-out of: (i) our collection of personal data; (iI) any new processing of your personal data that we may carry out beyond the original purpose; or (iii) the transfer of your personal data outside the EEA. Please note that your use of some of the service may be ineffective upon opt-out.
- Erase and forget. In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.
If you wish to exercise any of these rights, please utilize the Settings screen of the service.
13. Complaints
We are committed to resolving any complaints about our collection or use of your personal data. If you would like to make a complaint regarding this Policy or our practices in relation to your personal data, please contact us at: legal@partium.io. We will reply to your complaint as soon as we can and in any event, within 45 days. We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority.
14. Contact Information
We welcome your comments or questions about this Policy. You may contact us in writing at legal@partium.io.
15. EU Privacy Policy
Privacy laws in the European Union (“EU”) give individuals certain rights in respect of their personal information. This policy provides a framework for responding to requests to exercise those rights. It is the company’s policy to ensure that requests by individuals covered by this policy to exercise their rights in respect of their personal information are handled in accordance with applicable law.
15a. This policy applies to all individuals based in the EU (“EU Individuals”). EU Individuals may be employees or former employees, contractors, consumers, end-users, employees of customers, service providers, employees of service providers and any other person based in the EU whose personal information the company processes.
15b. For the purposes of this policy, “EU Personal Data” means any information relating to an identified or identifiable EU Individual. An identifiable EU Individual is one who can be identified, directly or indirectly, by reference to an identifier, such as a name, identification number or online identifier. “Processing” means any operation or set of operations which is performed on EU Personal Data or sets of EU Personal Data, such as collection, use, storage, dissemination and destruction.
15c. This policy only applies to the EU Personal Data Processed by the company. Other individuals may also have rights regarding their personal information but they are not covered by this policy.
Right to Access EU Personal Data
15d. EU Individuals have the right to request access to their EU Personal Data Processed by the company. Such requests are called subject access requests (“SARs”). EU Individuals can make SARs to find out what EU Personal Data the company has about them.
15e. When an EU Individual makes a SAR the company must, unless there is an exemption under applicable law (see Exemptions below), take the following steps:
- log the date on which the request was received by the company (to ensure that the relevant timeframe of one month for responding to the request is met);
- confirm the identity of the EU Individual who is the subject of the EU Personal Data (this may be very straightforward in the case of a current employee but more difficult in the case of, e.g., a historic prospective customer or former end-user). The company may request additional information from the EU Individual to confirm his/her identity;
- search databases, systems, applications and other places where the EU Personal Data which are the subject of the request may be held;
- confirm to the EU Individual whether or not EU Personal Data of the EU Individual making the SAR are being Processed;
- if EU Personal Data of the EU Individual are being Processed, provide the EU Individual with the following information in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in writing or by other (including electronic) means:
- the purposes of the Processing;
- the categories of EU Personal Data concerned (e.g., contact details, bank account information and details of sales activity);
- the recipients or categories of recipient to whom the EU Personal Data have been or will be disclosed, in particular recipients overseas (e.g. US-based service providers);
- where possible, the envisaged period for which the EU Personal Data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the company rectification or erasure of EU Personal Data or restriction of Processing of EU Personal Data or to object to such Processing;
- the right to lodge a complaint with the data protection authority in their country;
- where the EU Personal Data are not collected from the EU Individual, any available information as to their source;
- the existence of automated decision-making and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the EU Individual; and
- where EU Personal Data are transferred outside the EU, details of the appropriate safeguards to protect the EU Personal Data;
- review the EU Personal Data requested to see if they contain the personal data of other individuals. If they do, the company should consider redacting the personal data of those other individuals prior to providing the EU Individual with his/her EU Personal Data.
- provide the EU Individual with a copy of the EU Personal Data Processed by the company in a commonly used electronic form (unless the EU Individual either did not make the request by electronic means or has specifically requested not to be provided with the copy on electronic form) within one month of receipt of the request. If the request is complex, or there are a number of requests, the company may extend the period for responding by a further two months. If the company extends the period for responding it shall inform the EU Individual within one month of receipt of the request and explain the reason(s) for the delay; and
- if the request is manifestly unfounded or excessive, e.g. because of its repetitive character, the company may charge a reasonable fee, taking into account the administrative costs of providing the EU Personal Data or refuse to act on the request.
15f. If the company is not going to respond to the request it shall inform the EU Individual of the reasons for not taking action and of the possibility of lodging a complaint with the data protection authority in their country.
Right to Erasure
15g. EU Individuals have the right, in certain circumstances, to request that the company erases their EU Personal Data. Where such a request is made, the company must, unless there is an exemption under applicable law (see Exemptions below), erase the EU Personal Data without undue delay if:
- the EU Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the EU Individual withdraws their consent to the Processing and consent was the basis on which the EU Personal Data were Processed and there is no other basis for the Processing;
- the EU Individual objects to the Processing of his or her EU Personal Data on the basis of the company’s performance of a task carried out in the public interest or in the exercise of official authority vested in the company, or on the basis of the company’s legitimate interests which override the EU Individual’s interests or fundamental rights and freedoms;
- the EU Personal Data have been unlawfully Processed;
- the EU Personal Data have to be erased for compliance with a legal obligation to which the company is subject; or
- the EU Personal Data have been collected in relation to the offer of e-commerce or other online services.
15h. When an EU Individual makes a request for erasure in the circumstances set out above, the company must, unless there is an exemption under applicable law (see paragraphs 11 and Exemptions below), take the following steps:
- log the date on which the request was received by the company (to ensure that the relevant timeframe of one month for responding to the request is met);
- confirm the identity of the EU Individual who is the subject of the EU Personal Data (this may be very straightforward in the case of a current employee but more difficult in the case of, e.g., a historic prospective customer or former end-user). The company many request additional information from the EU Individual to confirm his/her identity;
- search databases, systems, applications and other places where the EU Personal Data which are the subject of the request may be held and erase such data within one month of receipt of the request. If the request is complex, or there are a number of requests, the company may extend the period for responding by a further two months. If the company extends the period for responding it shall inform the EU Individual within one month of receipt of the request and explain the reason(s) for the delay;
- where the company has made the EU Personal Data public, the company must, taking reasonable steps, including technical measures, inform those who are Processing the EU Personal Data that the EU Individual has requested the erasure by them or any links to, or copies or replications of, those EU Personal Data;
- communicate the erasure of the EU Personal Data to each recipient to whom the EU Personal Data have been disclosed, unless this is impossible or involves disproportionate effort. The company shall also inform the EU Individual about those recipients if the EU Individual requests it; and
- if the request is manifestly unfounded or excessive, e.g. because of its repetitive character, the company may charge a reasonable fee, taking into account the administrative costs of erasure or refuse to act on the request.
15i. If the company is not going to respond to the request it shall inform the EU Individual of the reasons for not taking action and of the possibility of lodging a complaint with the data protection authority in their country.
15j. In addition to the exemptions in Paragraph 26 below, the company can also refuse to erase the EU Personal Data to the extent Processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires Processing by law and to which the company is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the company;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
Right to Portability
15k. EU Individuals have the right, in certain circumstances, to receive their EU Personal Data which they have provided to the company in a structured, commonly used and machine-readable format which they can then transmit to another company. Where such a request is made, the company must, unless there is an exemption under applicable law (see Exemptions below), provide the EU Personal Data without undue delay if:
- if the basis for the Processing of the EU Personal Data is consent or pursuant to a contract; and
- the company’s Processing of those data is automated.
15l. When an EU Individual makes a request for portability in the circumstances set out above, the company must take the following steps:
- log the date on which the request was received by the company (to ensure that the relevant timeframe of one month for responding to the request are met);
- confirm the identity of the EU Individual who is the subject of the EU Personal Data (this may be very straightforward in the case of a current employee but more difficult in the case of, e.g., a historic prospective customer or former end-user). The company many request additional information from the EU Individual to confirm his/her identity;
- search databases, systems, applications and other places where the EU Personal Data which are the subject of the request may be held and provide the EU Individual with such data (or, at the EU Individual’s request, transmit the EU Personal Data directly to another company, where technically feasible) within one month of receipt of the request. If the request is complex, or there are a number of requests, the company may extend the period for responding by a further two months. If the company extends the period for responding it shall inform the EU Individual within one month of receipt of the request and explain the reason(s) for the delay; and
- if the request is manifestly unfounded or excessive, e.g. because of its repetitive character, the company may charge a reasonable fee, taking into account the administrative costs of erasure or refuse to act on the request.
15m. If the company is not going to respond to the request it shall inform the EU Individual of the reasons for not taking action and of the possibility of lodging a complaint with the data protection authority in their country.
Right to Rectification
15n. EU Individuals have the right to have their inaccurate EU Personal Data rectified. Rectification can include having incomplete EU Personal Data completed, e.g. by the EU Individual providing a supplementary statement regarding the data. Where such a request is made, the company must, unless there is an exemption under applicable law (see Exemptions below), rectify the EU Personal Data without undue delay.
15o. The company must communicate the rectification of the EU Personal Data to each recipient to whom the EU Personal Data have been disclosed, unless this is impossible or involves disproportionate effort. The company shall also inform the EU Individual about those recipients if the EU Individual requests it.
Right to Restriction of Processing
15p. EU Individuals have the right, unless there is an exemption under applicable law (see Exemptions below), to restrict the Processing of their EU Personal Data if:
- the EU Individual contests the accuracy of the EU Personal Data, for a period to allow the company to verify the accuracy of the EU Personal Data;
- the Processing is unlawful and the EU Individual opposes the erasure of the EU Personal Data and requests the restriction of their use instead;
- the company no longer needs the EU Personal Data for the purposes of the Processing, but they are required by the EU Individual for the establishment, exercise or defence of legal claims; and
- the EU Individual has objected to the Processing (see Right to object to Processing below), pending verification of whether the company has legitimate grounds to override the EU Individual’s objection.
15q. Where Processing has been restricted, the company must only Process the EU Personal Data (excluding storing them) with the EU Individual’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another person or for reasons of important public interest.
15r. Prior to lifting the restriction, the company must inform the EU Individual of the lifting of the restriction.
15s. The company must communicate the restriction of Processing of the EU Personal Data to each recipient to whom the EU Personal Data have been disclosed, unless this is impossible or involves disproportionate effort. The company shall also inform the EU Individual about those recipients if the EU Individual requests it.
Right to Object to Processing
15t. EU Individuals have the right, in certain circumstances, to object to the Processing of their EU Personal Data. Where such an objection is made, the company must, unless there is an exemption under applicable law (see Exemptions below), no longer Process the EU Personal Data:
- if the basis for the Processing of the EU Personal Data is consent or pursuant to a contract; and
- the company cannot demonstrate compelling legitimate grounds for the Processing which override the interests, rights and freedoms of the EU Individual, or the Processing is for the establishment, exercise or defence of legal claims.
15u. Where EU Personal Data are processed for direct marketing purposes, EU Individuals have the right to object at any time to the Processing of their EU Personal Data for such marketing. If an EU Individual makes such a request, the company must stop Processing the EU Personal Data for such purposes.
15v. Where EU Personal Data are Processed for scientific or historical research purposes, EU Individuals have the right to object to such Processing, unless the Processing is necessary for the performance of a task carried out for reasons of public interest.
Right not to be subjected to automated Decision Making
15w. EU Individuals have the right, in certain circumstances, not to be subject to a decision based solely on the automated Processing of their EU Personal Data, if such decision produces legal effects concerning them or similarly significantly affects them. Where such a request is made, the company must, unless there is an exemption under applicable law (see Exemptions below), no longer make such a decision unless it:
- is necessary for entering into, or performance of, a contract between the EU Individual and the company (in which case the company must implement suitable measures to safeguard the EU Individual’s rights, freedoms and legitimate interests, including the right to obtain human intervention, to express his/her point of view and to contest the decision);
- is authorised by applicable law which lays down suitable measures to safeguard the EU Individual’s rights, freedoms and legitimate interests (in which case the company must implement suitable measures to safeguard the EU Individual’s rights, freedoms and legitimate interests, including the right to obtain human intervention, to express his/her point of view and to contest the decision); or
- is based on the EU Individual’s explicit consent.
15x. EU Individuals who are subject to automated decision-making must be notified at the time their EU Personal Data of the fact that they will be subject to automated decision-making and informed of the logic involved and the envisaged consequences of such Processing.
Exemptions
15y. Before responding to any request the company should check whether there are any exemptions under applicable law which apply to the EU Personal Data which are the subject of the request. Exemptions may apply under applicable law where it is necessary and proportionate not to comply with the requests described above to safeguard:
- national security;
- defence;
- public security;
- the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
- the protection of judicial independence and judicial proceedings;
- the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
- a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in a. to e. and g. above;
- the protection of the data subject or the rights and freedoms of others; or
- the enforcement of civil law claims.
For EU Individuals: Privacy Shield Notice for Personal Data transfers to the United States
Partium complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries transferred to the United States pursuant to Privacy Shield. Partium has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Partium is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to legal@partium.io. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to legal@partium.io.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Partium’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Partium remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Partium proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Partium.io commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact Partium.io by email at legal@partium.io.
Partium has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction