BUILDWITHIN, INC.GLOBAL PRIVACY NOTICE
BUILDWITHIN, INC. (the “Company”, “we”, “us”, “ours”) is committed to protecting your privacy. We have prepared this Privacy Notice (or “Notice”) to describe to you our practices regarding our collection and use of your Personal Data and Personal Information (as defined herein). This Privacy Notice provides information about the types of information we collect from our Services and website and what we may do with that information.
In this Notice, we will outline and describe the following with respect to the Personal Data or Personal Information that we collect:
- What information we collect
- How we collect it
- How we use it
- With whom we share your information
- What we disclose internationally
- How long we keep your information
- Your rights under the law
- The security of your information
- Our Data Privacy Officer
- Our policy regarding children
- California special rights
You will note that throughout this Notice we use words that are capitalized. These are special terms that are defined within the applicable paragraph or under the Definitions Section in Section X.
I. WHAT INFORMATION WE COLLECT
A. Information you provide:
If you are just browsing the BuildWithin website, we do not ask you to enter any personal information about yourself unless you complete a form to request a demo, download content, or interact in any way you choose on your own and is available on the webpage. We may also collect your user name, or handle, from Facebook or Twitter when you connect to us from them or wish to connect to them from us. We may also combine information you provide with Personal Data we collect automatically (as further described in Part I, Section B below) and with Data we receive from third-parties. We may also associate information you provide with information we collect about you from different devices, browsers and platforms.
B. Information collected automatically:
“Cookies” are small pieces of information that a website sends to your devices while you are viewing a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a better experience with our Platform. Persistent Cookies can be removed by following your Internet browser directions. If you choose to disable Cookies, some aspects of our Services may perform differently, for instance, you will need to re-enter your information each time you return to use the Services.
We do not offer third-party advertising on our website, therefore we do not respond to “do not track signals” or other mechanisms that might enable website visitors to opt out of tracking on the BuildWithin site.
C. Information collected from third-parties:
In addition to the information that we collect as described above, we also collect information about you from our third-party integrators and vendors. These parties are used by us to run our Platform and integrate our Services with our Clients. The information that we collect through these channels includes your geo location data, derived from the address that you may submit when completing a website survey or form.
II. HOW WE COLLECT YOUR INFORMATION
We collect your Personal Data in a number of ways, and this section will describe those methods.
A. Your direct interaction with us: We collect your Personal Data when you interact directly with us by coming to our website to browse, to request information, to download or view content and to interact with our site bot.
B. From our Clients: Another way we collect your Personal Data is from our Clients who contract with us to use BuildWithin services. If you provide your information via a form that that uses our Platform, we will collect the information you provide on the form such as name,
e-mail address and the full content of your message, including attached files, and other information you provide. This method of Personal Data submission to us could occur (i), for instance if the Data Subject completes a form created by a client but powered by BuildWithin. Platform, or (ii) where the Client captures the Data you enter and then transmits that Data to us.
C. From Third-Party Technologies and Social Network Sites:
We may receive Personal Data about you from other sources with which you have interacted, such as through third-party technologies that are integrated into the Services like Alexa, which is owned by Amazon, or through social networks like Facebook or Twitter when you grant us permission to access these technologies to further use BuildWithin Services. Further, we may associate this Personal Data obtained from these sources with the other Personal Data we have collected about you from other sources as described in this Notice. We do not control or supervise how these third-parties process your Personal Data, and any information request that you have regarding the disclosure of your Personal Data from them to us should be made directly to those third-parties.
D. Third-party analytics:
Third-parties who provide us with analytics services for our Platform and Services may collect some of the information described in Section I, including, for example, IP address, access times, browser type and language, device type, device identifiers and Wi-Fi information. For instance, we use Google Analytics and similar services to perform certain analytical tasks about our web user’s activities. We use the User-ID feature of Google Analytics to combine behavioral information across devices and sessions (including authenticated and unauthenticated sessions).
III. HOW WE USE YOUR INFORMATION AND THE LEGAL BASIS FOR SHARING IT
We may use your information to:
process information you have submitted on a form either through one of our Client’s forms on a BuildWithin website form; via text message, voice recognition, conversational messaging system, or via phone call.
seek your views or comments on the Services we provide;
send you marketing materials and information about other BuildWithin products with your consent;
provide, create and maintain a trusted and safer environment and comply with our legal obligations.
Applicable laws require us to have a “legal basis” for using and sharing your information. These legal bases include the following:
Your consent - to fulfill your express requests.
To carry out our legitimate interests in our Platform. “Legitimate interests” is a technical term in data protection law which essentially means we have a good and fair reason to use your Personal Data and we do so in ways which do not hurt your interests and rights. We sometimes require your Data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom or interests.
To fulfill our obligations with you when the processing is necessary to perform a contract with you, like the Terms of Service.
To measure the adequate performance of our interactions with you, and to comply with applicable laws.
To promote the safety and security of the Services, our users, and other parties. For example, we may use the information to protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
IV. HOW WE SHARE YOUR INFORMATION
A. With your consent:
Where you have provided express and unambiguous consent, we share your Personal Data as described at the time of consent. We do not otherwise share any of your Personal Data that identifies you, except as instructed by you.
The specific ways in which you consent to share Personal Data that you provide to us is when we enable you to complete skills assessments, questionnaires, forms, send other users messages or assign tasks that are part of the work you do through our Platform. These messages may include your full name, e-mail address, mailing address and other contact information you may have provided as part of the submission. You are solely responsible for the specific message(s) you send using our Services.
Information you share publicly through our Platform may be indexed through third party search engines, such as Google or Bing. We do not control the practices of third party search engines, and they may use caches containing your outdated information. You acknowledge that Personal Data that you submit when you interact with our Platform through our website or Services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such Personal Data by others.
B. Third-Party Sub-Processors:
We use third-party Sub-Processors (including contractors and service providers) to provide the Services and to help with our operations, which may require that these Sub-Processors have access to and use your Personal Data. For example, we may use a third-party to communicate with you (via telephone, email, or SMS) to provide customer support, to receive additional Data about you, and to perform analytics and other work that we may need to outsource. The Sub-Processors are bound by law and/or contract to protect the confidentiality and security of Personal Data, and to only process your Personal Data to provide requested services and only act on our documented instructions.
C. Third-Party websites:
D. De-identified information about you:
We may also share aggregated or de-identified information (i.e., information that does not personally identify you directly), or statistical information about you, including statistical data and historical use data, with others for a variety of purposes, including for their own uses, for example, for improving their services for you and others, or for educational purposes. Your Personal Data will not be shared on an individual, identifiable basis under these circumstances, nor can you ask us to restrict this type of sharing, since it does not identify you.
E. As required by law or legitimate business interest:
In addition, we may disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. Likewise, we may disclose your Personal Data to our professional advisers as reasonably necessary for the purposes of managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. Also, we may share some or all of your Personal Data in connection with or during negotiation of any merger or similar transaction involving sale or transfer of some or all of our business or assets. If another company acquires our company or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Notice.
V. WE DISCLOSE YOUR PERSONAL DATA INTERNATIONALLY
A. Our Headquarters:
Our headquarters is in the United States. Whether or not you live in the United States, information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from foreign officials, including the European Union under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, for EEA residents, we collect and transfer to the U.S. Personal Data only: (i) with your consent; (ii) to perform a contract with you; (iii) to conclude or perform a contract with another person in the furtherance of your or our legal interests (such as with a Client); (iv) or to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms. We strive to apply suitable safeguards to protect the privacy and security of your Personal Data and to use it only consistent with your relationship with BuildWithin and the practices described in this Privacy Notice.
While many of our third-party Sub-Processors are global companies with operations in the EEA, Some of the third-party Sub-Processors with whom we share Personal Data are located outside of the EEA. Certain third countries have been officially recognized by the European Commission as providing an adequate level of protection. You can find the list of these countries at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. Transfers to third-parties located in other third countries outside the EEA take place using an acceptable data transfer mechanism, such as the EU Standard Contractual Clauses, Binding Corporate Rules, or approved Codes of Conduct and Certifications.
Please contact our Data Privacy Officer at the address or phone number listed below, in Section IX, if you want to receive further information about these Sub-Processors.
VI. HOW LONG WE KEEP YOUR DATA
Your Personal Data is stored by us on the servers of the cloud-based database management services that we engage, located in the United States. We retain your Personal Data collected as reasonably necessary to fulfill the purposes for which we collected it, and to comply with our legal obligations. Personal Data of EEA residents that remains inactive (you do not take any action or are contacted within 1 full year) will be deleted.
In no event will we keep your Personal Data for longer than is strictly necessary for the purposes defined in this Notice. For more information on where and how long your Personal Data is stored, please contact our Data Privacy Officer at the address or phone number listed below, in Section IX.
VII. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
A. For United States Residents and others not living in the EEA:
You have the rights provided under the laws applicable to where you live. Additionally, you can ask us questions about the Personal Data that we have relating to you, ask us to correct any of that Personal Data if it is wrong and you can verify that with us.
B. For Residents of the EEA:
If you reside within the EEA, the GDPR applies. This law provides certain rights for Data Subjects. Under the conditions set by this law, you may be able to exercise the following rights regarding your Personal Data, subject to the exceptions provided by the GDPR (see also Section IX on who to contact to exercise those rights):
You have the right to access your Personal Data. You can obtain from us confirmation if Personal Data is being Processed, the purpose of Processing, the categories of Data, the legal basis of the Processing, information on recipients of the Data and the non-EU countries in which they are located, and the safeguards put in place for the transfer of Data to non-EU countries. If you have chosen to connect to a social network like Facebook or Twitter, you can remove permission for the app by changing your account settings with them. You are responsible for keeping your personal information up-to-date.
You have the right to request us to correct inaccurate Personal Data and to have incomplete Data completed, but only to the extent that the Data is still under our control.
You have the right to object to the Processing of your Personal Data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that Processing, or when upon your initial request, the Personal Data has already been transmitted by us as intended.
You may request your Personal Data that you have provided to us and which is still retained by us, in a structured, commonly used and machine-readable format, and you have the right to request that we transmit it to other data controllers or processors without hindrance. This right only exists if the Processing is based on your consent or on a contract between us, and the Processing is carried out by automated means.
You may request to restrict Processing of your Personal Data if: (i) you contest the accuracy of it – for a period we need to verify your request; (ii) the processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or (iv) you object to Processing based on public or legitimate interest – for a period we need to verify your request. Please note that this right is limited to the extent that the Data is still under our control and does not apply to any Data that has already been transmitted already at the time of your request.
You may request to have your Personal Data erased if: (i) it is no longer necessary for the purposes for which we have collected it, (ii) you have withdrawn your consent and no other legal ground for the Processing exists, (iii) you objected and no overriding legitimate grounds for the Processing exist, (iv) the Processing is unlawful, or (v) erasure is required to comply with a legal obligation. Please note that this right is limited to the extent that the Data is still under our control and does not apply to any Data that has already been transmitted at the time of your request.
7. Right to lodge a complaint:
You also have the right to lodge a complaint with a supervisory authority, in particular in the EEA member state of your residence, place of employment, or the location where the issue that is the subject of the complaint occurred.
8. Right to refuse or withdraw consent:
VIII. SECURITY OF YOUR INFORMATION
To help protect the privacy of your Personal Data collected by us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your Personal Data to those employees who need to know that information to provide the Services. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of personal data processed by the services. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
IX. QUESTIONS, CONCERNS, OR COMPLAINTS – CONTACT DETAILS
To contact our Privacy Officer:
By Web Form:
X. A NOTE ABOUT CHILDREN
We do not intentionally gather Personal Data from visitors who are under the age of 13 through our Platform. If a child under 13 submits Personal Data to Company and we learn that the Personal Data is the information of a child under 13, we will attempt to delete the information as soon as possible. If you believe that we might have any Personal Data from a child under 13, please contact us at Dataprivacy@BuildWithin.com.
XI. CALIFORNIA RESIDENTS
If you are a Client located in California, we process your personal information in accordance with the California Consumer Privacy Act (“CCPA”) and California’s Shine the Light Law (“STL”) to the extent applicable. This section provides additional details about the personal information we collect and use for purposes of the CCPA. Where noted in this section, the CCPA temporarily exempts Personal Information reflecting a written or verbal business-to-business (“B2B”) communication from some its requirements.
- Categories of Information We Collect About You
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("Personal Information"). Personal information does not include: publicly available information from government records, or deidentified or aggregated consumer information.
In particular, we have collected the following categories of Personal Information from Clients within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||YES|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||YES|
|K. Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
See How we collect your information for the categories of sources from which we collect the above categories of Personal Information.
- Use of Personal Information
See How we use your information and the Legal Basis for sharing it
- Sharing Personal Information
We may share your Personal Information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the Personal Information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Company has disclosed Personal Information for a business purpose to the categories of third parties indicated in the chart below.
We do not and in the preceding twelve (12) months, Company has not sold Personal Information.
|Personal Information Category||Category of Third-Party Recipients|
|Business Purpose Disclosures|
|A: Identifiers.||- Internet service providers. - Data analytic providers.• Government entities.• Operating systems and platforms.• Social networks.• Data brokers or aggregators.• Service providers.• Affiliates.• Partners.• Parent or subsidiary organizations.• Internet cookie data recipients, like Google Analytics.|
|B: California Customer Records personal information categories.||• Internet service providers.• Data analytic providers.• Government entities.• Operating systems and platforms.• Social networks.• Data brokers or aggregators.• Service providers.• Affiliates.• Partners.• Parent or subsidiary organizations.• Internet cookie data recipients, like Google Analytics.|
|C: Protected classification characteristics under California or federal law.||• Internet service providers.• Data analytic providers.• Government entities.• Operating systems and platforms.• Social networks.• Data brokers or aggregators.• Service providers.• Affiliates.• Partners.• Parent or subsidiary organizations.• Internet cookie data recipients, like Google Analytics.|
|D: Commercial information.||• Internet service providers.• Data analytic providers.• Government entities.• Operating systems and platforms.• Social networks.• Data brokers or aggregators.• Service providers.• Affiliates.• Partners.• Parent or subsidiary organizations.• Internet cookie data recipients, like Google Analytics.|
|E: Biometric information.||None|
|F: Internet or other similar network activity.||• Internet service providers.• Data analytic providers.• Government entities.• Operating systems and platforms.• Social networks.• Data brokers or aggregators.• Service providers.• Affiliates.• Partners.• Parent or subsidiary organizations.• Internet cookie data recipients, like Google Analytics.|
|G: Geolocation data.||• Internet service providers.• Data analytic providers.• Government entities.• Operating systems and platforms.• Social networks.• Data brokers or aggregators.• Service providers.• Affiliates.• Partners.• Parent or subsidiary organizations.• Internet cookie data recipients, like Google Analytics.|
|H: Sensory data.||None|
|I: Professional or employment-related information.||• Internet service providers.• Data analytic providers.• Government entities.• Operating systems and platforms.• Social networks.• Data brokers or aggregators.• Service providers.• Affiliates.• Partners.• Parent or subsidiary organizations.• Internet cookie data recipients, like Google Analytics.|
|J: Non-public education information.||• Internet service providers.• Data analytic providers.• Government entities.• Operating systems and platforms.• Social networks.• Data brokers or aggregators.• Service providers.• Affiliates.• Partners.• Parent or subsidiary organizations.• Internet cookie data recipients, like Google Analytics.|
|K: Inferences drawn from other personal information.||• Internet service providers.• Data analytic providers.• Government entities.• Operating systems and platforms.• Social networks.• Data brokers or aggregators.• Service providers.• Affiliates.• Partners.• Parent or subsidiary organizations.• Internet cookie data recipients, like Google Analytics.|
- Your Rights and Choices under the CCPA and STL
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
- Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the "right to know"). Once we receive your request and confirm your identity, we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
We do not provide a right to know or data portability disclosure for B2B Personal Information.
- Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
We do not provide these deletion rights for B2B Personal Information.
Under the STL, you may also request information about whether we have disclosed personal information to any third-parties for the third-parties’ direct marketing purposes.
- Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request by either of the contact options under Questions, concerns or complaints - Contact Details. Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. You may only submit a request to know twice within a 12-month period.
Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. You do not need to create an account with us to submit a request to know or delete.We will only use personal information provided in the request to verify the requestor's identity or authority to make it.
- Response Timing and Format
We will confirm receipt of your request within ten (10) business days. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; nor suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
Words that are capitalized in this Notice have the following meanings:
“Client” means a customer of BuildWithin, who engages the Company, among other things, to use the Company services and platform.
“EU” means the European Union, and “EEA” means the European Economic Area, which includes the EU plus Iceland, Liechtenstein and Norway; for purposes of this Notice, any reference to the EEA will also include Switzerland, even though it is not a member of either the EU or the EEA.
“GDPR” means the General Data Protection Regulation, which is the EU regulation that governs the protection of the Personal Data of EEA residents and balances that protection against the free movement of that Data.
“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data includes “Special Categories of Personal Data”.
“Processing” means any activity that involves the use of Personal Data. It includes obtaining, recording or holding the Data, or carrying out any operation or set of operations on it including organizing, amending, retrieving, using, disclosing, erasing or destroying it.
“Processor” also means us, or any other natural or legal person (including corporations, partnerships or other business entities) which, acting alone or jointly with others, Processes Personal Data for a controller or a party with whom you deal directly and is primarily responsible for the security of your Data and your privacy rights.
“Services” means collectively the BuildWithin platform (“Platform”) and related services.
“Special Categories of Personal Data” includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
XIII. Changes and updates to the Privacy Notice
Last Updated: November 11, 2021