4. LEGAL BASIS OF PROCESSING PERSONAL DATA
If you are visiting our Website from the European Economic Area, we typically collect and/or process your Personal Data when we have a legitimate business interest or your specific consent.
5. KEEPING YOUR PERSONAL DATA SECURE
To protect your Personal Data we use appropriate technical measures corresponding to the type of Personal Data and the risks associated with processing such Personal Data. In the event of a data breach we will contact those affected and to the extent required the required regulator as required by applicable law.
6. PERSONAL DATA SHARED WITH THIRD PARTIES
Unless you have opted out from receiving commercial communications from Freshpaint, we also may share contact information (that we collect through various marketing efforts) with trusted business partners, such as system integrators, distributors, and referral partners. We may share personal information for legal, protection, and safety purposes; to comply with laws; to respond to lawful requests and legal processes; to protect our rights and property including but not limited to enforcing our agreements, policies, and terms of service. We may also share information in an emergency.
We may share or transfer your information in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business. Also, we reserve the right to fully use and disclose any information that is not in personally identifiable form (such as statistics and survey results that do not identify you individually by name). We may also share aggregated and/or anonymized data with others for their own uses. We may also share any information that you voluntarily choose to include in a publicly accessible area of the Sites will be available to anyone who has access to that content, including other users.
7. PAYMENT INFORMATION
Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processor, Stripe and we never receive or store your full payment card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with its own Privacy Policy here:
https://stripe.com/us/checkout/legal.
8. RETENTION OF PERSONAL DATA
We may retain your Personal Data in connection with our ongoing legitimate business interest. When an ongoing legitimate business interest with respect to your Personal Data no longer exists we will delete such Personal Data.
9. YOUR RIGHTS WITH RESPECT TO PERSONAL DATA
Object to processing and opt-out.In connection with promotions or other projects, we may ask you specifically whether you have objections against a certain kind of data use or sharing. If you opt-out under such circumstances, we will respect your decision. To opt out of receiving commercial communications from Freshpaint please click on the “opt-out” link in the communication or, please contact us at privacy@Freshpaint.io. Please note that our affiliates and other data recipients have their own data privacy policies, which may differ from ours and you would have to contact them separately with respect to opt-out requests. In connection with promotions or other projects, we may ask you specifically whether you have objections against a certain kind of data use or sharing. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.
Correct or Update. You may send requests about personal information to our Contact Information below. You can request to change contact choices, opt-out of our sharing with others, and update your personal information.If personal information you have submitted through the site is no longer accurate, current, or complete, and you wish to update it, please send an e-mail to
privacy@Freshpaint.io. Upon appropriate request we will usually update or amend your information, but we reserve the right to use information obtained previously to verify your identity or take other actions that we believe are appropriate.
You may request that we delete your personal information as well as request that we make your personal information available for porting.
Withdraw consent.You may withdraw your consent at any time, but such withdrawal shall only apply with respect to any processing after such withdrawal and you may request that Freshpaint make your Personal Data portable and make such Personal Data available to you. Right to complain.You may complain to a data protection authority regarding the use or collection of your personal information. Please contact you local data protection authority for more information regarding how to file such a complaint.
10. IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS
This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “
Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“
CCPA”) but does not include information exempted from the scope of the CCPA
Your California privacy rights
You have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.
Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
Deletion. You can ask us to delete the Personal Information that we have collected from you.
Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
How to exercise your information, access, and deletion rights. You may submit a request to exercise your information, access or deletion rights by visiting emailing
privacy@freshpaint.io. We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities and your agent must provide valid power of attorney or other proof of authority acceptable to us in our reasonable discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request.
We do not sell your personal information. Based on our current understanding of the CCPA, we do not “sell” your personal information as defined in the CCPA. However, like many companies online, Freshpaint uses services provided by Google, Facebook, and other advertising companies that track website visitor activity to help deliver interest-based ads to those visitors. Use of these services may constitute a “sale” of Personal Information under the CCPA where the user has not opted into the tracking. However, our past practice of allowing this tracking on an opt-out basis may have resulted in the “sale” of your Personal Information prior to January 1, 2020.
Personal information we collect, use, and disclose. The below describes the categories of Personal Information we collect by reference to the categories specified by the CCPA (California Civil Code § 1798.140(o)).
Statutory category of personal information (PI)
Identifiers (general)
1. PI we collect
- Contact information
- Profile information
2. Sources of the PI
- You
- Third party sources
3. Business/commercial purpose for PI collection
- Service delivery
- Research & development
- Marketing
- Compliance & Protection
4. Parties to whom we disclose PI for a business purpose
- Advertising partners
- Service providers
Commercial Information
1. PI we collect
- Communications
- Marketing Information
2. Sources of the PI
- You
- Third party sources
3. Business/commercial purpose for PI collection
- Service delivery
- Research & development
- Marketing
- Compliance & Protection
4. Parties to whom we disclose PI for a business purpose
- Service providers
Financial Information
1. PI we collect
- Transaction information
2. Sources of the PI
- Our Customers
3. Business/commercial purpose for PI collection
- Service delivery
- Compliance & Protection
4. Parties to whom we disclose PI for a business purpose
- Payment processors
- Service providers
Identifiers (online)
1. PI we collect
- Device data
2. Sources of the PI
- You
- Automatic collection
3. Business/commercial purpose for PI collection
- Service delivery
- Site operation
- Research & development
- Marketing
- Compliance & Protection
4. Parties to whom we disclose PI for a business purpose
- Advertising partners
- Service providers
Internet or Network Information
1. PI we collect
- Online activity data
2. Sources of the PI
- Automatic collection
3. Business/commercial purpose for PI collection
- Service delivery
- Site operation
4. Research & development
- Marketing
- Compliance & Protection
5. Parties to whom we disclose PI for a business purpose
- Advertising partners
- Service providers
Professional or Employment Information
1. PI we collect
- Contact information
- Profile information
2. Sources of the PI
- You
- Third party sources
3. Business/commercial purpose for PI collection
- Service delivery
- Research & development
- Marketing
- Compliance & Protection
4. Parties to whom we disclose PI for a business purpose
- Service providers
Sensory Information
1. PI we collect
- Communications
2. Sources of the PI
- You
3. Business/commercial purpose for PI collection
- Marketing
- Compliance & Protection
4. Parties to whom we disclose PI for a business purpose
- Service providers
Inferences
1. PI we collect
- User preferences derived from any of the information listed above that we collect from Customers
2. Sources of the PI
- Us
3. Business/commercial purpose for PI collection
- Service delivery
- Site Operation
- Research & development
- Marketing
- Compliance & Protection
4. Parties to whom we disclose PI for a business purpose
- Service providers
We may further disclose each category of Personal Information to our affiliates, to our professional advisors, in connection with our compliance and protection activities and in connection with business transfers as described in the section above entitled PERSONAL DATA SHARED WITH THIRD PARTIES. The above describes our practices as of, and during the 12 months preceding, the effective date of this Privacy Policy.
11. CROSS-BORDER DATA TRANSFER
If we transfer your personal information out of the European Economic Area or Switzerland and are required to apply additional safeguards to your personal information under European data protection legislation, we will do so. Such safeguards may include applying the European Commission Model contracts for the transfer of personal data to third countries described here, or for transfers to third parties in the United States, ensuring they participate in the EU-U.S. Privacy Shield Framework or Swiss-U.S. Privacy Shield Framework. Please contact us for further information about any such transfers or the specific safeguards applied.
Freshpaint itself has self-certified to the EU-U.S. and Swiss-U.S. Privacy Shield. For more information, see our Privacy Shield Notice.
12. PRIVACY SHIELD NOTICE
Prefalytics, Inc. doing business as Freshpaint (“Freshpaint” or “we”, “us” or “our”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred to it in the United States from the European Economic Area (“EEA”) or Switzerland, respectively. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit
www.privacyshield.gov.
Scope. Our certification of adherence to the Privacy Shield Principles applies to the personal data that (a) we collect from our customers and other visitors to our website for account management, billing or marketing purposes (“Freshpaint User Data”) and (b) that we process on behalf of our customers in providing online services to them under a service agreement (“Services Data”).
Data processed. The Freshpaint User Data that we collect, use and share is described in our Privacy Policy. While our customers decide what Services Data to submit, it typically includes information about their own users and how they use the customer’s sites, applications and services and third-party applications. We process Services Data as instructed by our customers and do not own or control Services Data.
Purposes of data processing. We collect, use, and share Freshpaint User Data for the purposes described in our Privacy Policy. We process Services Data for the purpose of providing our online services to our customers, which may include accessing and processing the data to provide the services, to correct and address technical or service problems, to follow instructions of the customer who submitted the data, or in response to contractual requirements.
Inquiries and complaints. In compliance with the Privacy Shield Principles, Freshpaint commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Freshpaint at: privacy@freshpaint.io.
Freshpaint has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit
https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Arbitration. If you are located in the EEA or Switzerland and neither Freshpaint nor our dispute resolution provider resolves your complaint, you may be entitled to invoke binding arbitration under certain conditions more fully described on the
Privacy Shield website.
Third parties who may receive personal data. We share Freshpaint User Data with third parties as described in our Privacy Policy. We may share Services Data with third parties under the following circumstances and only in accordance with the applicable customer agreements:
Affiliates. We may disclose Services Data to our subsidiaries and corporate affiliates for use consistent with this Privacy Policy.
Service Providers. We may employ third party companies and individuals to administer and provide the Service on our behalf (such as customer support, hosting, website analytics, email delivery, database management services). Freshpaint maintains contracts with these service providers restricting their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations, including the onward transfer provisions, and we may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
Legal requirements. We may disclose Services Data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency, or in the good faith belief that such action is necessary (a) to comply with a legal obligation, (b) to protect or defend our rights, interests or property or that of third parties, (c) to prevent or investigate possible wrongdoing in connection with the services, (d) to act in urgent circumstances to protect the personal safety of customers, their users or the public; or (e) to protect against legal liability.
Business Transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Services Data may be part of the transferred assets.
In addition, we may be required to disclose any personal data that we process in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Your rights to access, to limit use, and to limit disclosure. Individuals in the EEA and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, we have committed to respect those rights. We process Services Data only on behalf of our customers in accordance with their instructions. This means that if you wish to access Services Data and request that we correct, amend, or delete it if it is inaccurate or processed in violation of Privacy Shield, you should contact that customer with your request. We will then help them to fulfill that request in accordance with their instructions.
If your personal data includes Freshpaint Personal Data, you can request access to that data and request that we correct, amend, or delete it if it is inaccurate or processed in violation of Privacy Shield by emailing your request to privacy@freshpaint.io. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
13. U.S. FEDERAL TRADE COMMISSION ENFORCEMENT
Freshpaint's commitments under the Privacy Shield are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence.
14. HOW TO CONTACT FRESHPAINT REGARDING PERSONAL DATA
We welcome your comments or questions about this privacy policy. You may also contact us as follows:
Email address:
privacy@Freshpaint.ioMailing Address: 5214F Diamond Heights Blvd #3502 San Francisco, CA 94131