Collectively, we refer to the EU-U.S Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as the "Principles".
Information That You Provide Us: When you sign up for any account or service operated by us, we store all information that you provide to us. This may include personal information like email addresses, your name, passwords, phone numbers, birth date, gender, and address information. For services that require payment, we also collect credit card information, which is stored in encrypted form on secure servers, including PCI-compliant third-party vendors.
Browser Cookies: When you use one of our services, we may store certain information in browser cookies. These cookies identify your browser and allow us to enhance your online experience. Most browsers are configured to accept cookies, but you may change your browser's settings so that you are informed every time a cookie is set, or to prevent cookies from being set at all. Please note, however, that many of our services do not function properly if cookies are disabled. Advertisers or other third parties do not have access to our cookies. However, such advertisers may set their own cookies. Such cookies are subject to the advertisers' own privacy policies, not this Policy.
Analytics: On sites that we own (e.g. crowdstack.com), we track overall usage and traffic on our own sites, including page views, visits, IP addresses, and traffic sources, using third party services like Google Analytics. We do not use Google Analytics (or any other third party analytics services) on Crowdstack Pro customer sites. For all other services, however, we use Google Analytics to track usage and traffic on an aggregated basis, including page views, visits, and traffic sources.
Visit Information Via Server Logs: We record information on our server logs from your browser, including your IP address, cookie information, and page request.
User Communications: Any email or written correspondence that you send us may be stored.
Transaction Records: Data from any monetary transaction taking place via our service may be stored.
We use collected information to enhance your experience online, authenticate you when you sign in, send notifications, fulfill your requests for services, contact you, customize the advertising or content that you see, and provide anonymous reporting for internal and external clients.
We do not track your activity between sites using our services, or from one of our sites to another; therefore "do not track" requests are not applicable for our platforms and services. If you are on a site hosted by us that is serving third party ads, that particular ad partner is responsible for its response to your browser's Do Not Track request.
We do not share personal information with other individuals, organizations, or companies outside of our company and its related entities, unless we have your consent or unless:
We are not responsible for the processing of your personal information by any third party, other than those third parties acting as our subcontractors to process data on our behalf. We remain liable and responsible for the data processing undertaken by our subcontractors on our behalf.
Note that we may share certain aggregated, non-personal information, such as demographic information, browser type, and usage statistics. In such cases, the information does not identify you personally.
While we do not provide any personal information to advertisers, it is possible that, if you view a certain ad, it may have been delivered to you based on targeting demographic criteria (for example, men who are between 18-24 years of age). Please note that in such situations, the advertiser does not know any specific personal information about you. You understand, however, that the advertiser will make the assumption that you meet its particular targeting criteria. We may also share conversion data with advertisers.
We process personal information only for the purposes for which it was collected, and in accordance with the Principles. We review our data collection, storage, and processing practices to ensure that we only collect, store, and process the personal information needed to provide our services. We depend on our users to update or correct their own personal information.
Depending where you reside, you have certain rights related to your personal data. The rights available to you depend on our reason for processing personal information. Please note that these rights are also subject to local data protection laws and regulations, and that these rights do not apply in all situations.
Your rights include:
To exercise your rights, please contact us at [email protected]. We respond to all legitimate requests and will contact you if we need additional information from you in order to honor your request. Additionally, some registered users may update their user settings, profiles, organization settings and event registrations by logging into their accounts and editing their settings or profiles.
We are a U.S.-based business that operates on a global basis. This means that your personal information may be transferred to and stored in the United States, which may be subject to different standards of data protection than your country of residence.
We take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights.
We periodically review our compliance with the Principles. If you have questions or concerns, please contact us at: Crowdstack, Inc., ATTN: Crowdstack Privacy Administrator, 1985 Riviera Drive, Suite 103-122, Mount Pleasant, SC 29464, USA. If you contact us at this address with your concerns/questions, we will respond. We will also cooperate with the appropriate regulatory authorities to resolve any complaints regarding the transfer of personal information that cannot be resolved between us and you.
We restrict access to personal information to our employees, contractors, related entities, and agents who need to access the information in order to operate, sustain, improve, or repair our services. These individuals are bound to confidentiality agreements and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. We take appropriate security measures to protect your information. These measures include physical, electronic, and procedural safeguards, as well as software/system security reviews.
If your dispute or complaint cannot be resolved through our internal process, we have agreed to cooperate with the EU Data Protection Authorities and the Swiss Federal Data Protection and Information Commission, and to participate in the dispute resolution procedures of the panel established by the EU Data Protection Authorities. You may contact the relevant EU Data Protection Authority here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
If your dispute or complaint cannot be resolved by us, nor by the panel established by the EU Data Protection authorities or through the U. S. Department of Commerce, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
We are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
The European Union has stronger privacy laws than the United States and a core tenet of the GDPR is that any EU personal data transferred out of the EU must be protected to the same level as guaranteed under EU law. We aspire to protect all personal data - no matter where it is processed and/or stored. For EU based customers, we provide options for processing data within the EU for some of our service plans. In addition, we can provide a standard Data Processing Addendum (DPA) that is GDPR-compliant.
We grant rights to your personal data in accordance with Brazil’s General Data Protection Law. In addition, we do not collect sensitive data (which is data that relates to racial or ethnic origin, religious beliefs, political opinion, affiliation to unions or political, philosophical or religious organizations, health information, sexual preference, or genetic and biometric data) or use anonymized data to formulate behavioral profiles of a particular natural person, if that person is identified.
We may revise this Policy in the future. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address on your account or through our support site.
If you have any questions or comments, or wish to file a complaint regarding our Policy, please contact us at:
Crowdstack Privacy Administrator
1985 Riviera Drive
Mt. Pleasant, SC 29464 USA