PRIVACY NOTICE AND POLICY
2. Personal Information That May Be Collected
(c) Information from Children. DI Group does not provide services or information for use by children, and will not collect or post information from a child under the age of 16 without the involvement of a parent or guardian.
(e) Links to Other Web Sites. The Site may contain links to other web sites. DI Group is not responsible for the privacy practices or the content of those other web sites, or for any PII you may disclose to such web sites.
3. Uses Made of the Information
(a) Limited Uses Identified. Without your prior consent, DI Group will not use your PII for any purpose other than that for which it is submitted. DI Group uses PII to reply to inquiries, handle complaints, provide operational notices and in program record-keeping.
(b) Marketing Uses. Unless you mark an “x” on the opt-out option box herein provided, DI Group reserves the right to provide you with information about DI Group’s Site and Services, and related information in which you have indicated an interest.
(c) Stored Information Uses. DI Group stores and retains PII, with the storage being maintained by a contracted third party. The data constituting PII is encrypted at rest, and accessible only in conformity with guidelines established by DI Group and its custodian. This PII is stored and retained in order to permit DI Group to provide the Services and to provide you with support and the information you have requested from DI Group.
(d) Online Advertising. Some companies that help DI Group deliver interactive on-line advertising, such as banner ads, may collect and use information about DI Group’s Site users to help DI Group better understand the types of advertising or promotions that are most appealing to DI Group’s Site users. After it is collected the information is aggregated so it is not identifiable to a specific individual.
4. Disclosure of the Information
(a) Within Corporate Organization. DI Group may share your PII within the DI Group corporate organization, and with Deer Isle Entities, and may transfer PII to countries in the world where DI Group offers Services.
(b) Mergers and Acquisitions. Circumstances may arise where for business reasons, DI Group decides to sell, buy, merge or otherwise reorganize its businesses in the United States or some other country. Such a transaction may involve the disclosure of PII to prospective or actual purchasers, and/or receiving such information from sellers. It is DI Group’s practice to seek appropriate protection for information in these types of transactions.
(c) Agents. DI Group employs or engages other companies and individuals to perform business functions on behalf of DI Group. These persons are provided with PII required to perform their functions, but are prohibited by contract from using the information for other purposes. These persons engage in a variety of functions which include, but are not limited to, delivering packages, removing repetitive information from user lists, analyzing data, providing marketing assistance, and providing user services.
(d) Marketing Analysis by Third Parties. DI Group reserves the right to disclose to third parties PII for marketing analysis; however, other than PII disclosed as a consequence of DI Group providing the Services, any information disclosed will be in the form of aggregate data that does not describe or identify an individual user.
(e) Disclosure to Governmental Authorities. Under certain circumstances, personal information may be subject to disclosure pursuant to a judicial or other government subpoenas, warrants or orders.
(a) No Tracking of Personal Information. DI Group’s Site(s) are not set up to track, collect or distribute personal information not entered by visitors. Through website access logs DI Group does collect clickstream data and HTTP protocol elements, which generate certain kinds of non-identifying site usage data, such as the number of hits and visits to the Site. This information is used for internal purposes by technical support staff for research and development, user analysis and business decision making, all of which provides better services to the public. The statistics garnered, which contain no PII and cannot be used to gather such information, may also be provided to third parties.
(c) Use of Web Beacon Technologies. DI Group may also use web beacon or other technologies to better tailor the Site to provide better customer service. If these technologies are in use, when a visitor accesses these pages of the Site, a non-identifiable notice of that visit is generated which may be processed by DI Group or by its affiliates. Web beacons usually work in conjunction with cookies. If you do not want cookie information to be associated with your visits to these pages, you can set your browser to turn off cookies; however, web beacon and other technologies will still detect visits to these pages, but the notices they generate cannot be associated with other non-identifiable cookie information and are disregarded.
(d) Collection of Non-Identifiable Information. DI Group may collect non-identifiable information from user visits to the DI Group Site in order to provide better customer service. Examples of such collecting include: traffic analysis, such as tracking of the domains from which users visit, or tracking numbers of visitors; measuring visitor activity on the DI Group Site; system administration; user analysis; and business decision making. Such information is sometimes known as “clickstream data.” DI Group or its contractors may use this data to analyze trends and statistics.
(e) Collection of Personal Information. DI Group collects PII when you enter Registration Data. DI Group may extract some PII in a non-identifiable format and combine it with other non-identifiable information, such as clickstream data. This information is used and analyzed only at an aggregate level (not at an individual level) to help DI Group understand trends and patterns. This information is not reviewed at an individual level.
6. Information Security
(a) Commitment to Online Security. DI Group employs physical, electronic and managerial procedures to safeguard the security and integrity of personal information. PII is accessible only by staff designated to access it. All DI Group agents and contractors with access to personal information on the DI Group Site are also bound to adhere to DI Group security standards.
(b) No Liability for Acts of Third Parties. DI Group will exercise all reasonable efforts to safeguard the confidentiality of PII. However, transmissions protected by industry standard security technology and implemented by human beings cannot be made absolutely secure. Consequently, DI Group shall not be liable for unauthorized disclosure of PII due to no fault of DI Group including, but not limited to, errors in transmission and unauthorized acts of DI Group staff and/or third parties.
(b) Opt-Out Right. You have the right at any time to cease permitting PII to be collected, used or disclosed by DI Group and/or by any third parties with whom DI Group has shared and/or transferred such personal information. Right of cancellation may be exercised by contacting DI Group via email at firstname.lastname@example.org, telephone at [(212) 488-0555], or postal mail at 2 West 46th Street, Suite 402, New York, New York 10036. After processing the cancellation, DI Group will delete your PII from its data base.
8. Access Rights to Data and GDPR Compliance
(a) Information Maintained by DI Group. Upon your request, DI Group will provide a reasonable description of your PII that DI Group maintains. DI Group can be contacted by email at email@example.com, telephone at [(212) 488-0555], or postal mail at 2 West 46th Street, Suite 402, New York, New York 10036.
(b) Users Located in the EEA. Users located in the European Economic Area are afforded certain protections under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or “GDPR”). Under the GDPR, you are entitled to submit a Subject Access Request (“SAR”) to DI Group. A SAR is a request which we are obligated to comply with, at no cost or penalty to you, which permits you to:
Review and audit your PII;
Be informed about the uses of your PII, including the names of any sub-processors we employ to assist us;
Correct any of your PII;
Erase any of your PII (a minimum amount of your PII is necessary for DI Group to provide its Services, so while you are permitted to erase all of your PII it may render DI Group unable to provide you with Services); and
Request that we restrict the processing of any of your PII, with the understanding of potential loss of functionality as described above;
You can submit an SAR by sending your request to firstname.lastname@example.org with the word “SAR” in the subject line, and we will ensure that we respond to your request within 30 days. DI Group is not permitted to charge you in order to comply with any SAR, nor will DI Group penalize you in any way for submitting an SAR.
Pursuant to the GDPR the basis for our collection, processing and retention of your Personal Information is your consent, which you have the right to revoke at any time by emailing us at email@example.com with the words “Revoke GDPR Consent” in the subject line, along with an explanation of the portion, which may be all, of your PII for which you are revoking your consent to retention or processing.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
Deer Isle Group, LLC
2 West 46th Street, Suite 402
New York, New York 10036