Privacy Policy
Updated August 8, 2023
(A) THIS NOTICE This Notice explains how we may Process your Personal Data, and while Vepp processes Personally Identifiable Information (PII), we only store data in its non-PII form. This Notice may be amended or updated from time to time, so please check it regularly for updates.
This Notice is issued by Vepp on behalf of itself and its affiliates (together, “Vepp”, "Xperiti, Inc. ®", “we”, “us” and “our”) and is addressed to individuals outside our organization with whom we interact, including customers, visitors to our Sites, and other users of our services (together, “you”). Defined terms used in this Notice are explained in Section (Q) below.
For the purposes of this Notice, Vepp is the Controller. Contact details are provided in Section (P) below.
This Notice may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Notice carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Notice.
(B) Our Lawful Bases for Processing (EEA and UK End Users)
For individuals in the European Economic Area (“EEA”) or the United Kingdom (“UK”), Vepp only processes your personal data when we have a valid legal basis to do so. Our legal basis for processing the data we collect will depend on what information we collected and the context for processing it. Generally, we will only collect and process your data where:
-
we need to fulfill our responsibilities and obligations in any contract or agreement with you
-
to comply with our legal obligations under applicable law;
-
the processing is necessary for our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, to safeguard our services; to communicate with you; or to update our services); or
-
you have given your consent to do so.
To the extent we rely on consent to collect and process your data, you have the right to withdraw your consent at any time per the instructions provided in this Policy.
(C) PROCESSING OF PERSONAL DATA – Processing of Personal Data
We may Process your Personal Data: directly from you (e.g., where you contact us); in the course of our relationship with you (e.g., if you make a purchase); when you visit our Sites; when you register to use any of our Sites, or services; or when you interact with any third party content or advertising on a Site. We may also receive Personal Data about you from third parties (e.g., law enforcement authorities).
Processing of Personal Data: We may Process Personal Data about you from the following sources:
Data you provide: We may Process your Personal Data when you provide it to us (e.g., where you contact us via email or telephone). Relationship data: We may Process your Personal Data in the ordinary course of our relationship with you (e.g., we provide a service to you, or to your employer). Registration details: We may Process your Personal Data when you use, or register to use, any of our Sites or services.
(D) TRANSFORMATION OF PERSONAL DATA – Transformation of Personal Data
We may Process your Personal Data and transform it into non-PII data (e.g., records of your interactions with us). We may also Process your Personal Data, such as records of your interactions with us, or our clients, and transform it into non-PII data to later be stored.
(E) CATEGORIES OF PERSONAL DATA WE MAY PROCESS – Categories of Personal Data we may Process
We may Process: your personal details (e.g., your name, biographical information); demographic data; your contact details (e.g., your address); records of your consents; payment details; information about our Sites (e.g., the type of device you are using); details of your employer (where relevant); information about your interactions with our content or advertising; and any views or opinions you provide to us. We may Process the following categories of Personal Data about you:
Personal details: given name(s); preferred name; and photograph (if provided). Demographic information: date of birth; salutation; title; and language preferences. Contact details: address; telephone number; email address; and details of your public business networking profile(s) or online biographies. Consent records: records of any consents you may have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent). Employer details: where you interact with us in your capacity as an employee, the name, address, telephone number and email address of your employer, to the extent relevant. Views and opinions: any views and opinions that you choose to send to us.
(F) LEGAL BASIS FOR PROCESSING PERSONAL DATA – Legal basis for Processing Personal Data
We may Process your Personal Data where: you have given your prior, express consent; the Processing is necessary for a contract between you and us; the Processing is required by applicable
law; the Processing is necessary to protect the vital interests of any individual; or where we have a valid legitimate interest in the Processing.
In Processing your Personal Data in connection with the purposes set out in this Notice, we may rely on one or more of the following legal bases, depending on the circumstances: Consent: We may Process your Personal Data where we have obtained your prior, express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way); Contractual necessity: We may Process your Personal Data where the Processing is necessary in connection with any contract that you may enter into with us; Compliance with applicable law: We may Process your Personal Data where the Processing is required by applicable law; Vital interests: We may Process your Personal Data where the Processing is necessary to protect the vital interests of any individual; or Legitimate interests: We may Process your Personal Data where we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.
(G) DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES – Disclosure of Personal Data to third parties
We may disclose your Personal Data to: our Processors; any purchaser of our business; and any third party providers of plugins or content used on our Sites.
We may disclose your Personal Data to other entities within the Vepp group, for legitimate business purposes (including operating our Sites, and providing services to you), in accordance with applicable law. In addition, we may disclose your Personal Data to:
third party Processors (such as payment services providers; security and authentication providers; etc.), located anywhere in the world, subject to the requirements noted below in this Section (G); any relevant third party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); any relevant third party provider, where our Sites use third party plugins or content. If you choose to interact with any such plugins or content, information about your activities on our Sites may be shared with the relevant third party provider.
(H) INTERNATIONAL TRANSFER OF PERSONAL DATA – International transfer of Personal Data
Because of the international nature of our business, we may need to transfer your Personal Data within the Vepp group, and to third parties as noted in Section (G) above, in connection with the purposes set out in this Notice. For this reason, we may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
(I) DATA SECURITY – Data Security
We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law.
(J) DATA MINIMIZATION – Data Minimization
We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Notice.
(K) DATA RETENTION – Data Retention
We take every reasonable step to ensure that your Personal Data is only retained for as long as they are needed in connection with a lawful purpose.
(L) DATA USE - How We Use Your Data
We use non-PII data for the following business and commercial purposes:
-
Provide Services: To operate, provide, and maintain our services.
-
Develop Existing Services: To improve, enhance, modify, add to, and further develop our services.
-
Help Prevent Fraud or Protect Privacy: To help protect you, our partners, Vepp, and others from fraud, malicious activity, and other privacy and security-related concerns.
-
Develop New Services: To develop new products and services.
-
Integrate that data into existing or new products we may sell to you or other customers of Vepp.
-
Develop Insights: To develop insights based on the data we’ve collected.
-
Provide Support: To provide support to you including to help respond to your inquiries related to our services.
-
For Legal Purposes: To comply with contractual and legal obligations under applicable law and for other legal purposes such as to establish and defend against claims.
-
With Your Consent: For other notified purposes with your consent or at your direction.
(M) YOUR LEGAL RIGHTS – Your Legal Rights
Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data, including:
the right to request restriction of Processing of your Personal Data that we Process; the right to object, on legitimate grounds, to the Processing of your Personal Data by us or on our behalf; the right to have your Personal Data that we Process transferred to another Controller, to the extent applicable; where we Process your Personal Data on the basis of your consent, the right to withdraw that consent; and the right to lodge complaints with a Data Protection Authority regarding the Processing of your Personal Data by us or on our behalf.
(N) TERMS OF USE All use of our Sites is subject to our Terms of Use.
(O) DIRECT MARKETING – Direct Marketing
We may Process your Personal Data to contact you via email, telephone, direct mail, or other communication formats to provide you with information regarding services that may be of interest to you. If we provide services to you, we may send information to you regarding our services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us and always in compliance with applicable law.
(P) CONTACT DETAILS If you have any comments, questions or concerns about any of the information in this Notice, or any other issues relating to the Processing of Personal Data by Vepp, please contact:
Vepp Data Protection Officer
Address 200 Park Ave, New York, NY 10019, United States
Email privacy@xperiti.com
(Q) DEFINITIONS ‘Controller’ means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
‘Data Protection Authority’ means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
‘Personal Data’ means information that is about any individual, or from which any individual is identifiable.
‘Process’, ‘Processing’ or ‘Processed’ means anything that is done with any Personal Data, whether or not by automated means, such as collection, temporary recording, organization for immediate processing purposes, structuring, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Processor’ means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
‘Sensitive Personal Data’ means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.
‘Sites’ means the websites owned or operated by Vepp.
‘We’, ‘us’, ‘our’ and ‘ours’ means Vepp.
‘You’, ‘your’ and ‘yours’ means those to whom this Notice is addressed.