Our company is registered and based in the US and so your data will be processed, transferred or stored outside the EU and the UK to countries including the US, which do not have the same data protection as the EU. However, wherever we transfer, process or store your personal data, we will take reasonable steps to protect it.
We comply with GDPR and the Data Privacy Framework when transferring the personal data of EU, UK and Swiss individuals, and you can find out more here.
EU and UK Residents – transfers
Since some countries do not have the same level of data protection the law restricts the transfer of your personal data so that this can only take place if:
Certain conditions are met. These include, for example:
- There is a list of countries (approved by the European Commission) which provide an adequate level of data protection.
- There is an obligation on us to ensure that appropriate safeguards are in place, such as; binding corporate rule; compliance with an approved code of conduct, using contractual data protection clauses approved and/or adopted by the European Commission; certification under an approved mechanism. An example would be the EU-US Data Privacy Framework where organizations self-certify that they meet the Data Privacy Framework standards – see EU, UK and Swiss individuals – Data Privacy Framework for transfers to the U.S., below.
- There is a derogation or exemption, including your informed, compliant and valid consent or contractual performance obligation (including pre-contractual steps) which we would usually rely on and which allows us to do this.
- It’s a one-off transfer which meets the relevant criteria.
EU, UK and Swiss individuals – the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework
With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Convert Insights is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the DPF Principles, EU, UK and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Convert Insights’ accountability for personal data that it receives in the United States under the Data Privacy Framework Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Convert Insights remains responsible and liable under the DPF Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Convert Insights proves that it is not responsible for the event giving rise to the damage.
Data Privacy Framework Enforcement & Disputes
In compliance with the Data Privacy Framework Principles, Convert Insights Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF. European Union, United Kingdom and Swiss individuals with DPF inquiries or complaints should first contact should Convert Insights Inc. at:
Convert Insights Inc.
Department: Data Privacy Framework Principles
2093 PHILADELPHIA PIKE #9985
CLAYMONT, DE 19703, USA
We have also committed to refer unresolved privacy complaints under the EU-US DPF Principles to an independent dispute resolution mechanism, DATA PRIVACY FRAMEWORK SERVICES, operated in the United States by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. The services of DATA PRIVACY FRAMEWORK SERVICES are provided at no cost to you.
If your Data Privacy Framework complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.