Privacy Notice

 

SafePorter Privacy Notice

Effective Date: May 15th, 2020

Privacy Notice Summary

This DataProtected privacy notice (the “Privacy Notice”) explains what personal information SafePorter LLC (“Safeporter”, “we”, “us”, “our”) gathers about you when you use the OurDataProtected.com admin portal, the MyDataProtected.com diversity surveys and inclusion feedback portal, and any related mydataprotected.com or ourdataprotected.com websites (individually and collectively the “DataProtected Tools”), what we use that information for and to whom we give that information.  It also sets out your rights in relation to your information and who you can contact for more information or queries. 

 

Click on the links below to take you to the more detailed sections of this Notice:

 

What does this Privacy Notice cover?

 

 SafePorter is fully committed to protecting your privacy and handling your information in an open and transparent manner. This Privacy Notice sets out how we will collect, handle, store and protect information about you when:

  • you interact with or use the “SafePorter Tools” or

  • you interact with us related to your engagement with the “SafePorter Tools” or

  • we perform any other activities that form part of the operation of the SafePorter Tools and this Website.

 

When we refer to “our Website” or “this Website” in this Privacy Notice we mean the specific webpages of MyDataProtected.com or OurDataProtected.com from which you accessed this Privacy Notice.

 

This Privacy Notice also contains information about when we share your personal information with third parties (for example, our service providers).

In this Privacy Notice, “Personal Information”, means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal data” under applicable data privacy laws, rules, or regulations. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal information. 

By using or accessing the Website in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Notice, and you hereby consent that we will collect, use, and share your information in the following ways.

 

What information do we collect from you?

We collect Personal Information about you when you access or use our Website or provide such information directly to us in connection with MyDataProtected organizational surveys, inclusion feedback, or use of the OurDataProtected admin portal.

We may collect or obtain such data because you give it to us (for example in a secure form on our Website) or, in the case of administrative access, because your organization provided it.  To improve your experience when you use this Website and ensure that it is functioning effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) and Web beacons which may collect personal information. Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our cookie notice.

 

We collect and process of the following types of Personal Information about you:

Personal Identifiers:

 

Anyone who contacts SafePorter directly:

  • Your name

  • Your email

  • Any other information that could identify you that you provide in relation to your inquiry or correspondence

(All of the foregoing, “Personal Identifiers.”)

 

MyDataProtected Survey and Inclusion Feedback Users:

We will not at any time collect personal information about you from your employer. We may collect the following personal information from you:

  • Race, gender, sexuality, ability, and other special categories of personal information addressed in your diversity survey

  • Inclusion feedback and incident information

  • Your opinions and assessments related to specific additional surveys from your employer

  • Your DataProtected ID Number

  • Your IP address

  • Country of access

  • Browser type

 (All of the foregoing, “Personal Identifiers.”)

We process your Personal Identifiers for the purposes of administering the diversity, inclusion feedback, and other surveys through MyDataProtected.com

 

OurDataProtected Admin Portal Users:

We may collect the following personal information from you or your employer:

  • Employer name

  • Work email address

  • Your IP address

  • Browser type

  • SafePorter service desk inquiry details and correspondence

(All of the foregoing, “Personal Identifiers.”)

We process Personal Identifiers for the purposes of providing you access to your organization’s OurDataProtected Admin Portal.

 

We may also send you information about new features of the DataProtected Tools or updates to our user guides. SafePorter will not send you marketing emails related to your use of the Services, but you can opt-out of emails from SafePorter and the DataProtected Tools at any time by emailing Privacy@safeportersecure.com

 

Special Categories of Personal Information ( also "Sensitive Personal Information"): Diversity Data

 

Through our MyDataProtected.com surveys, you may provide answers that give information about your race, gender, sexuality, ability, or other diversity related data. (All of the foregoing, “Diversity Data”)

 

We process Diversity Data for the following purposes:

  • To provide aggregate-only diversity information or inclusion and other program feedback to employers and organizations that allow them insight into the status, progress, and effectiveness of their programs and initiatives.

 

Device Information:

Solely related to security of our site, we may automatically collect certain information about the computer or devices (including mobile devices) you use to access the Services.  For example, we may collect and analyze information such as IP addresses, browser types, browser language, operating system, the state or country from which you accessed the Services.

 

Children’s Information:

 

SafePorter does not knowingly collect or solicit Personal Information from children under 18; if you are a child under 18, please do not attempt to register for or otherwise use the Services or send us any Personal Information. If we learn we have collected Personal Information from a child under 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us Personal Information, please contact us at Privacy@safeportersecure.com .

 

How we use information about you

Use of personal information collected via our Website

We use the information that we collect for the following purposes:

  • For the purposes for which you provided the information;

  • To provide and administer the MyDataProtected.com surveys and feedback intake forms, including to facilitate your use of our website;

  • To provide you access to the OurDataProtected Admin Hub; or

  • to manage and respond to any request or inquiry you submit via email.

 

Your Diversity Data and inclusion feedback are only provided to your employer in the aggregate, and are held in escrow (not released into the aggregate totals) where they can be linked to you due to timing or a discernable shift in aggregate totals. Your inclusion and program feedback is provide to your employer without context or information beyond that contained in your submission.

 

The basis upon which we process your personal information

We use your personal information for the purposes outlined above because of: (a) our legitimate interests in the effective delivery of our Website and the DataProtected Tools; (b) our legitimate interests in the effective and lawful operation of our Website so long as such interests are not outweighed by your interests; (c) the legal and regulatory obligations that we are subject to.

To the extent that we process any sensitive personal information relating to you for any of the purposes outlined above, we will do so because you have given us your explicit consent to process that data.

To whom we disclose your information

Survey respondent Diversity Data and inclusion feedback is included in aggregated diversity data shared with your employer. Data that would be identifying due to timing, scarcity, or for any other reason is held in escrow until it would not be identifying.

 

 

Third party processors: We use third parties to process some of your Personal Information on our behalf, for example security and fraud prevention providers, hosting and other technology and communications providers. We have in place with each processor a contract that requires them only to process the data on our instructions and to take proper care in using it.

These processors include:

-  Amazon Web Services

MyDataProtected Survey and Inclusion Feedback Users:

SafePorter will share your Diversity Data with your organization in the aggregate only and your inclusion and program feedback without any context or information beyond that which is contained in your submission.

 

OurDataProtected Admin Portal Users:

We may share information about your use of and engagement with the Admin Portal with your organization.

 

Please note that SafePorter LLC is located in the United States. Where your organization is in the EU or the UK or otherwise subject to GDPR, SafePorter will only engage with that organization as a client when there are adequate safeguards in place to protect your personal information that comply with their, and our, legal obligations. The adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal information to third countries, with additional clauses to address GDPR requirements.

Further details of the transfers described above and the adequate safeguards used by us in respect of such transfers are also available from us by contacting the Privacy Office.

 

We may also need to disclose your personal information if required to do so by law, by a regulator or during legal proceedings.

We may share non-personal, de-identified and aggregated information with third parties for data analytics and aggregate organizational comparison purposes.

 

Protection of your personal information

 

SafePorter is dedicated to the protection of your Personal Information from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Information and how we are processing that data.

We use a range of physical, electronic and managerial measures to ensure that we keep your personal information secure, accurate and up to date. These measures include:

  • education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal information

  • administrative and technical controls to restrict access to personal information on a ‘need to know’ basis

  • technological security measures, including fire walls, encryption and anti-virus software

  • physical security measures, such as staff security passes to access locations and systems containing personal information.  

 

Although we use appropriate security measures once we have received your personal information, the transmission of data over the internet (including by e-mail) is never completely secure.  We endeavor to protect personal information, but we cannot guarantee the security of data transmitted to us or by us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.

 

How long do we keep your information?

 

Your Personal Information is tied to your DataProtected ID number and is retained until that ID number is offboarded from our system by your organization or you delete your information, which you can do at any time.

 

In contrast, the name, email and organization of anyone who is provided access to a Client’s OurDataProtected admin portal will be retained until the Client removes the account or notifies SafePorter to remove the account.

 

In some cases we retain Personal Information for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or is otherwise required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

Your rights

GDPR

You have various rights in relation to your personal information. In particular, you have a right to:

  • obtain confirmation that we are processing your personal information and request a copy of the personal information we hold about you

  • ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete

  • ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information

  • object to our processing of your personal information.

To exercise any of your rights, or if you have any other questions about our use of your personal information, please contact us.

Right to complain

If you are unhappy with the way we have handled your personal information or any privacy query or request that you have raised with us, you have a right to complain to the EU or UK Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us.

 

California Resident Rights

 

We will not provide your Personal Information to third parties for such third parties’ direct marketing purposes.

 

If you are a California resident, you have the rights outlined in this section under the California Consumer Privacy Act (“CCPA”). Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Privacy Notice and you are a California resident, the portion that is more protective of Personal Information shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at privacy@safeportersecure.com.

 

Access

 

You have the right to request certain information about our collection and use of your Personal Information over the past 12 months. We will provide you with the following information:

 

  • The categories of Personal Information that we have collected about you.

  • The categories of sources from which that Personal Information was collected.

  • The business or commercial purpose for collecting or selling your Personal Information.

  • The categories of third parties with whom we have shared your Personal Information.

  • The specific pieces of Personal Information that we have collected about you.

 

If we have disclosed your Personal Information for a business purpose over the past 12 months, we will identify the categories of Personal Information shared with each category of third-party recipient.

 

Deletion

 

You have the right to request that we delete the Personal Information that we have collected from you. For any User with a DataProtected ID Number, you can also delete your information at any time through the survey portal.

 

Exercising Your Rights

 

To exercise the rights described above, you must send us a request that (1) provides enough information to allow us to verify that you are the person about whom we have collected Personal Information, and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Information provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request.

We will not discriminate against you for exercising your rights under the CCPA.

 

We will work to respond to your Valid Request within 30 days of receipt.

 

You may submit a Valid Request by sending an email to privacy@safeportersecure.com


 

 

Other State Law Privacy Rights

 

 

Nevada Resident Rights

 

Nevada law requires the following wording even though we do not sell your data: If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at privacy@safeportersecure.com with the subject line “Nevada Do Not Sell Request” and providing us with your name. We do not sell your Personal Information as defined in Nevada Revised Statutes Chapter 603A.

 

Changes to this Privacy Notice

We may modify or amend this Privacy Notice from time to time.

To let you know when we make changes to this Privacy Notice, we will amend the revision date at the top of this page. The new modified or amended Privacy Notice will apply from that revision date. Please periodically review this Notice to be informed about how we handle your information.