Effective: May 2018
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
You can contact us at: either DPO@stackla.com or by mail to Stackla – 33 New Montgomery St, Suite 360, San Francisco, CA 94105, U.S.A.
The General Data Protection Regulations, (GDPR), apply from 25 May 2018, creating consistent data protection rules across Europe. It applies to companies that are based in the EU and global companies that process personal data about individuals who are based in the EU. At Stackla, we shall ensure that we do not just observe the requirements of the GDPR for those Users based in the EU, but that we adopt the GDPR principles of transparency, control and accountability for all our Users across the globe.
The GDPR gives our Users certain rights when using our Services, which include the right to:
- be informed;
- withdraw consent;
- restrict processing;
- data portability;
- object; and
Our commitment to you is:
We promise we will:
- Process data lawfully, fairly and in a transparent manner
- Collect data for specified, explicit and legitimate purposes (mostly to provide services to you)
- Never sell or pass your data onto anyone else
- Ensure your data is processed and stored securely and is kept up-to-date
You will always:
- Have access to the data stored on you
- Be able to correct any inaccuracies in the data
- Be able to erase your data and restrict its processing where it doesn’t conflict with obligations to regulatory bodies
- Know we will erase any data no longer required, even if you haven’t asked
- Know that as technology changes we will constantly review and update our processes to ensure we’re always protecting your data
Processing your personal data: Necessary for the Performance of a Contract
The processing of your personal data by Stackla or a third party will be undertaken to fulfil the services agreed to complete our contractual obligations to you and any obligations to any regulatory bodies.
Processing your personal data: Legitimate Interest
The processing of your personal data by Stackla or a third party may be undertaken if we have a legitimate interest to do so. In our case this includes:
- For the purposes of providing our clients with information about our services and to monitor usage in order to improve those services from time to time. Specifically when you visit our website and input your personal data, we may add you to our CRM data base to contact you specifically in relation to our services.
- Ensuring that any data is stored and transferred securely and in a way that protects against the unlawful use, destruction or loss of your personal data.
- Sharing your personal information as part of a business sale, reorganisation or similar transaction.
Processing your personal data: By Consent
Where we process your personal data by relying on your consent to do so, we shall ensure that such consent is:
- freely given by you;
- specific with regards to what processing we wish to undertake so that you are fully informed;
- unambiguous and given by a clear affirmative action.
1. Information Stackla collects
(a) Stackla may collect personally identifiable information about you such as your IP address, full name, user name, password, email address, city, time zone, telephone number, and other information that you decide to provide Stackla with, or that you decide to include in your public profile.
The legal basis for this processing is our legitimate interests, namely monitoring and improving our Website and enabling you to communicate with us and for us to send you reports and other material by request.
(c) Log File Information: Log file information is automatically reported by your browser or mobile application each time you access Stackla’s website(s) or the Stackla Product. For example, when you access Stackla’s website(s) or Stackla’s Product, Stackla’s servers will automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your operating system, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed and other such information. Stackla does not link this automatically-collected data to personally identifiable information.
(d) Information Related to Data Collected for Stackla Customers: Stackla collects information under the direction of its customers, and has no direct relationship with the individuals whose data it may process. If you are a client of one of Stackla’s current customers and would no longer like to be tracked by such customer, please contact the respective customer directly. Stackla may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.
(e) Access and Retention of Data Controlled by Stackla Customers: An individual who is a current or former Stackla customer who seeks access or wishes to correct, amend or delete inaccurate data should direct their query to DPO@Stackla.com. An individual who is a client of a current or former Stackla customer who seeks access or wishes to correct, amend or delete inaccurate data should direct their query to the respective customer first and then, if no response is obtained or such response is not satisfactory, should contact DPO@Stackla.com. If Stackla receives a request under this provision, Stackla will acknowledge it within seventy-two (72) business hours and handle it promptly.
Stackla will retain personal data it processes on behalf of its customers for as long as needed to provide its services. Stackla will retain this personal information as necessary to comply with our legal obligations, resolve disputes and enforce its agreements.
2. How Stackla uses your information
(a) Stackla uses the information it collects to operate and maintain its website(s) and the Stackla Product, send you marketing communications, respond to your questions and concerns and to help our partners improve their online offerings.
The legal basis for this processing is our legitimate interests, enabling you to communicate with us and for us to send you reports and other material by request.
3. How Stackla shares your information
(a) Personally Identifiable Information: Stackla will not rent or sell your personally identifiable information to others. Stackla may store personal information in locations outside the direct control of Stackla (for instance, on servers or databases co-located with hosting providers). Any personally identifiable information you elect to make publicly available on Stackla’s website(s) or the Stackla Product will be available to others. If you remove information that you have made public on Stackla’s website(s) or the Stackla Product, copies may remain viewable in cached and archived pages of Stackla’s website(s) or the Stackla Product or if other users have copied or saved that information.
(b) Non-Personally Identifiable Information: We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help them understand the usage patterns for certain Stackla website(s) or the Stackla Product and those of our partners. If you remove information that you have made public on the Stackla Product or Stackla’s website(s), copies may remain viewable in cached and archived pages of the Stackla Product or Stackla’s website(s), or if other users have copied or saved that information. Non-personally identifiable information may be stored indefinitely.
(c) Instances where Stackla is required to share your information: Stackla will disclose your information where required to do so by law, if subject to subpoena or other legal proceeding or if Stackla reasonably believes that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Service or to protect the security or integrity of our Product; and/or (c) to exercise or protect the rights, property, or personal safety of Stackla, its users or others.
(d) In the event of a change of control: Stackla may buy or sell/divest/transfer the company (including any shares in the company), or any combination of its products, services, assets and/or businesses. Your information such as customer names and email addresses, and other User information related to the Stackla Product may be among the items sold or otherwise transferred in these types of transactions. Stackla may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company. You will be notified via email and/or a prominent notice on Stackla’s website(s) of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
(e) Behavioral Targeting / Re-Targeting: Stackla partners with third parties to display advertising on Stackla’s website(s) and manage Stackla’s advertising on other sites. Stackla’s third party partners may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. The only way to completely “opt out” of the collection of any information through cookies or other tracking technology is to actively manage the settings on your browser or mobile device. Please refer to your browser’s or mobile device’s technical information for instructions on how to delete and disable cookies, and other tracking/recording tools (to learn more about cookies, clear gifs/web beacons and related technologies, you may wish to visit http://www.allaboutcookies.org and/or the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org). If you access the Stackla Product or Stackla’s website(s) on your mobile device, you may not be able to control tracking technologies through the settings.
Storage and Processing. Your information collected through the Stackla Service may be stored and processed in the United States, EEA, or any other country in which Stackla or its subsidiaries, affiliates or service providers maintain facilities. Stackla may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that we will not transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction however, to ensure that your personal information does receive an adequate level of protection we have put in place appropriate measures, in the form of standard contractual clauses, to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
4. How We Protect Your Information. Stackla is concerned with protecting your privacy and data, but we cannot ensure or warrant the security of any information you transmit to Stackla or guarantee that your information on the Stackla Service may not be accessed, disclosed, altered or destroyed by breach of any of our industry standard physical, technical or managerial safeguards. When you enter sensitive information (such as log in credentials) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). No method of transmission over the Internet or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Site, you can contact us at DPO@stackla.com We use an outside help platform, and a credit card processing company to bill you if you purchase services. These companies do not retain, share, store or use personally identifiable information for any other purposes.
Stackla complies with the EU Data Protection Directive 95/46/EC framework as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Stackla has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.
5. Compromise of Personal Information. In the event that personal information is compromised as a breach of security, Stackla will promptly notify our customers in compliance with applicable law.
6. Our Choices About Your Information. For current Stackla customers, you can review, correct, update or delete inaccuracies to the information about you that Stackla keeps on file by logging into your account to update your password and billing information. Alternately (and for former Stackla customers), you can contact us directly at DPO@stackla.com. We will acknowledge your request within seventy-two (72) hours and handle it promptly. We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
7. Children’s Privacy. Protecting the privacy of young children is especially important. For that reason, Stackla does not knowingly collect or solicit personal information from anyone under the age of 13. In the event that we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at DPO@stackla.com
10. Your rights not to have your data processed. You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. We will never disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at DPO@stackla.com, or unsubscribing with immediate effect at the bottom of our marketing emails.
11. Access to information. You have the right to access information held about you. Your right of access can be exercised in accordance with the Act and you can request access to the personal data we hold on you and verify the lawfulness of processing.
You can request access to your personal data we hold by emailing, DPO@stackla.com,. We will respond to your request within 30 days and any data will be provided in a machine-readable format