Track record of successful GDPR implementations across industries.
1. Introduction and Scope
At VeraSafe, privacy is what we do. Because of our focus on privacy, we take the protection of personally identifiable information (“Personal Data”) very seriously.
In the course of operating our business, we process Personal Data in a variety of ways. This Privacy Policy (the “Policy”) addresses the individuals (“Data Subjects”) whose Personal Data we may receive in the course of marketing and selling the services VeraSafe provides to its clients (“Services”), and Data Subjects whose Personal Data we receive in the course of our regulatory outreach activities, including our consultations with supervisory authorities or other regulatory agencies.
This Policy does not apply to Personal Data we process in other contexts, such as Personal Data we process in the course of providing our Services. This Policy also does not apply to the Personal Data of employees, prospective employees, contractors, prospective contractors, suppliers, business owners, directors, and officers of VeraSafe. To access VeraSafe’s other privacy policies, please visit https://www.verasafe.com/legal-notices/.
2. Entities Covered by This Privacy Policy
This Policy covers VeraSafe, LLC and the following affiliate entities:
- VeraSafe Czech Republic s.r.o.;
- VeraSafe Ireland Limited;
- VeraSafe Legal, LLP;
- VeraSafe Netherlands BV;
- VeraSafe United Kingdom Ltd; and
- VeraSafe South Africa (Pty) Ltd.
Throughout this Policy, when we refer to “VeraSafe”, “we”, “us”, or “our”, we mean VeraSafe, LLC and its affiliates, collectively.
3. Our Role with Respect to Your Personal Data
Within the scope of this Policy, VeraSafe acts as a data controller for the Personal Data we process. This means that we decide how and why Personal Data is collected and further processed.
4. Basis of Processing
We may process your Personal Data on the basis of:
- your consent;
- the need to perform a contract that we entered into with you;
- our legitimate interests, such as our interest in marketing and selling our Services;
- our obligation to comply with applicable law; or
- any other ground, as required or permitted by applicable law.
Where we process your Personal Data based on your consent, you may withdraw your consent at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect our processing performed on other lawful grounds.
Where we receive your Personal Data as part of providing our Services to you based on a contract, we require certain Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.
5. How We Receive Personal Data
We may collect or otherwise receive your Personal Data when:
- you provide it to us directly as a client or prospective client, by contacting us via phone, email, mail, a contact form on our website, or live chat service, or paying us through our online portal;
- you click on one of our ads, social media posts, or open one of our emails;
- we receive it from other companies within our corporate group;
- we receive it from a data protection authority or another government agency;
- we obtain it from publicly available sources, such as publicly accessible websites, including social media pages or corporate, government, or professional websites; and
- when an associate of yours or one of our partners or clients refers you to our Services by providing your Personal Data to us.
6. Categories of Personal Data
We may process the following categories of Personal Data:
- biographical information, such as first and last name;
- professional information, such as job title, position, and information about your organization;
- billing information, such as bank account information and payment card number;
- contact information, such as email address, postal address, phone number, and fax number;
- identifiers and device information, such as IP address and associated location, operating system, and device IDs; and
- your interests,
7. Purposes of Processing Personal Data
We may process your Personal Data for the purposes of:
- managing our relationship with you;
- selling our Services to you;
- responding to your requests or questions;
- sending you email marketing communications about our business, or that of our business partners, that you have expressed interest in, or which we think may interest you;
- collecting payments that are due to VeraSafe;
- enforcing our legal rights;
- measuring and improving our products and services, marketing initiatives, and website performance;
- complying with laws and regulations applicable to VeraSafe.
8. Personal Data Retention
When the purposes of processing are satisfied, we will delete the related Personal Data within six months.
9. Sharing Personal Data with Third Parties
We may share Personal Data with our affiliates, business partners, and service providers who process Personal Data on our behalf, and who agree to use the Personal Data only to assist us in providing our Services, or as required by law. Our service providers provide:
- website and application hosting services;
- software development services;
- professional translation services;
- cloud storage services;
- email software;
- team collaboration tools;
- project management software;
- video and web conferencing software;
- VOIP telephone software and services;
- Internet messaging software;
- email scheduling, analytics, and tracking software;
- payment processing software;
- office productivity software;
- professional tax/accounting services;
- customer relationship management software;
- accounting software;
- electronic signature software;
- marketing automation software; and
- advertising software and services.
If you have given us permission, we may share your information, including Personal Data, with our business partners for their own direct marketing purposes. Please note that messages delivered from a VeraSafe business partner are subject to the business partner’s privacy policy.
Some of these third parties may be located in countries outside of the European Union (EU) or the European Economic Area (EEA). In some cases, the European Commission may not have determined that these countries’ data protection laws provide a level of protection equivalent to European Union law. We will only transfer your Personal Data to third parties in these countries when there are appropriate safeguards in place. These may include the European Commission-approved standard contractual data protection clauses which are available from the European Commission.
10. Other Disclosures of Your Personal Data
We may disclose your Personal Data to the extent required by law or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by government or law enforcement officials or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. We may, where you opt to serve as a reference for prospective clients, share your Personal Data with those prospective clients or, with your permission, publish your Personal Data in our marketing materials.
11. Cookies
A “cookie” is a small file stored on your device that contains information about your device. For more information about the cookies we use, please refer to our Cookie Policy, which forms a part of this Policy.
12. Data Integrity & Security
We have implemented and will maintain technical, administrative, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
13. Your Privacy Rights: Access & Review
If we process your or your child’s Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability with respect to such Personal Data.
You may have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized. To submit these requests or raise any other questions, please contact us by using the information in the “Contact Us” section below.
14. Privacy of Children
The Services are not directed at, or intended for use by, children under the age of 16.
15. European Economic Area and United Kingdom Supervisory Authority Oversight
If you are a Data Subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Economic Area member states or the United Kingdom (UK).
16. Changes to This Policy
If we make any material change to this Policy, we will post the revised Policy to this web page. We will also update the “effective on” date.
17. Contact Us
If you have any questions about this Policy or our processing of your Personal Data, please write to us at [email protected] or by postal mail at:
VeraSafe
Attn: General Counsel
100 M Street S.E., Suite 600
Washington D.C., 20003
USA
You may also contact us by phone at our client support number 1-888-376-1079 (or if calling from outside the U.S. dial +1-617-398-7067).
We will respond to legitimate inquiries within 30 days of receipt.
18. Data Protection Representative in the European Union
We have appointed our group company, VeraSafe Czech Republic s.r.o. (“VeraSafe Czech Republic”), as the representative in the EU for data protection matters for VeraSafe’s group companies that are not established in the EU. While you may also contact VeraSafe, LLC, if you are located in the European Economic Area, you may contact VeraSafe Czech Republic on matters related to our processing of Personal Data in the EEA. To contact VeraSafe Czech Republic, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or call via telephone: +420 228 881 031.
Alternatively, VeraSafe Czech Republic can be contacted by mail at:
VeraSafe Czech Republic s.r.o.
Klimentská 46
Prague 1, 11002
Czech Republic
19. Data Protection Representative in the United Kingdom
We have appointed our group company, VeraSafe United Kingdom Ltd. (“VeraSafe United Kingdom”), as the representative in the UK for data protection matters for VeraSafe’s group companies that are not established in the UK. While you may also contact VeraSafe, LLC, if you are in the United Kingdom, you may contact VeraSafe United Kingdom on matters related to the processing of Personal Data in the United Kingdom. To contact VeraSafe United Kingdom, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or call via telephone: +44 (20) 4532 2003.
Alternatively, VeraSafe United Kingdom can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London, SE1 7TL
United Kingdom