WEBSITE PRIVACY STATEMENT
Article 1. SCOPE
1.1 This Statement covers only data collected through the Site and not any other data collection or processing, including, without limitation, data collection practices of other web pages to which we link to, or data that we or our affiliates collect offline or through websites that do not display a direct link to this Statement.
Article 2. TYPES OF DATA AND COLLECTION METHODS
2.1 Through the Site, we receive data that you actively submit as well as data that we may track:
2.1.1 Actively Submitted Data: When you request information, subscribe for a service, register as a user, respond to an online survey or otherwise actively send us data, we usually collect data such as your name, email address(es), mailing address(es), telephone number(s), and certain information related to the business you conduct. In connection with chargeable services and/or merchandise, we will also collect payment information (e.g., credit card number and related verification information). In each such instance, you will know what data we obtained through the Site, because you provided it.
2.1.3 Combinations: Unless you also actively submit personal information such as your name or address, passively tracked data does not typically allow us to identify you personally (even though it can theoretically be done, we do not have the means or an interest to find out who you are, unless you identify yourself voluntarily through an active submission of data). To the extent permitted by applicable law, we reserve the right to combine passively tracked data with personal data that you actively submit.
Article 3. HOW WE COLLECT AND USE DATA
3.1 We collectactively submitted data primarily for two purposes: First, for the purpose for which you originally sent us the data (e.g., to order products or sign you up for a newsletter or direct mailing). Second, for purposes of informing you about our products, sales and offerings.
3.2 We collect passively submitted data primarily for purposes of administering, protecting and improving our Site and our systems, to better understand the preferences of our Site visitors, to identify server problems, to compile aggregated statistics about Site usage, and to help personalize your experience of our Site.
Article 4. COLLECTION OF INFORMATION BY THIRD PARTIES
4.1.1 If we do have a relationship with any co-branded pages, any personally identifiable information that you provide when signing up at any co-branded page may be collected by, or shared with, our third-party partner. We have no control over, and are not responsible for, any partners’ use of your personally identifiable information. If applicable, you should check our posted partners’ websites for information regarding their privacy policies.
ARTICLE 5. SECURITY
We use reasonable physical, technical and administrative measures to protect personal information you provide through our Sites or in connection with our products and services. For example, we store your personal data in systems located inside controlled facilities with limited access and where the transmission of your personal data is encrypted. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure, therefore, we cannot warrant the security of any information transmitted to us. Please inform us immediately if you believe that your interaction with us is no longer secure. Furthermore, it is your responsibility to safeguard any password and User ID you may use to access our websites, and to notify us immediately at firstname.lastname@example.org if you suspect that your user credentials may have been compromised. Scrip complies with applicable data protection laws and applicable data breach notification requirements.
ARTICLE 6. DATA STORAGE AND RETENTION
Your personal data is stored on our systems and servers located in the United States. We will retain your Personal Data for the period necessary to fulfill the purposes that have been stated in this Privacy Statement, except if a longer retention period is required or permitted by law. Factors which will determine our retention period, include, but is not limited to the following criteria:
• Length of your ongoing relationship with us, for example how long you’ve been a customer and your purchase history with us;
• If there is a statutory obligation to retain personal data, for example, government regulations may require certain records such as financial transactions to be held for a minimum period of time;
• Whether retention is proper based on issues such as regulatory investigations, dispute resolution or litigation.
ARTICLE 7. DATA TRANSFER FROM THE EUROPEAN UNION (“EU”) TO THE UNITED STATES (“US”)
The United States where Scrip is based, has neither sought nor received an adequacy decision from the EU. An adequacy decision permits the free flow of data, without further safeguard between the EU and a foreign jurisdiction. Notwithstanding this fact, there are derogations set forth under Article 49 of the General Data Protection Regulation (“GDPR” or “regulation”) which allow the transfer of personal data of EU residents.
Transfer is permissible if the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risk of such transfers for the data subject, due to the absence of an adequacy decision and appropriate safeguards. In addition, GDPR also permits such transfer of personal data under any one of the following conditions, amongst others:
• The transfer is necessary for the performance of a contract between a data subject, and the data Controller.
• The transfer is necessary for the implementation of pre-contractual measures being taken at the request of the data subject.
• The transfer is necessary for important reasons of public interest.
• The transfer is necessary for the establishment, exercise or defense of legal claims.
ARTICLE 8. DATA SUBJECT RIGHTS WITHIN THE EU
Under the GDPR, residents of the EU are entitled to certain privacy rights. Rights, it should be noted, are not always absolute, and usually subject to exceptions. Nevertheless, the following rights are recognized under the regulation: right to be informed, right of access, right of rectification, right of erasure (“right to be forgotten”), right to restrict processing, right to data portability, right to object to processing and right not to be subject to automated decision making, including profiling. Furthermore, EU residents also have the right to lodge complaint with the appropriate data protection authority. If you have concerns about how Scrip processes your personal data, you may contact the data protection authority for your country, region or where an alleged infringement occurs at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
ARTICLE 9. DISCLOSURE OF PERSONAL INFORMATION
As we noted above, we are not in the business of selling or renting your information to telemarketers and do not share your personally identifiable information with others, except as follows:
• We may share your information with agents and service providers who use the data only on our behalf and for our purposes.
• We may share your information as required by law or in the interest of protecting or exercising our or others’ legal rights, e.g., without limitation, in connection with requests from law enforcement officials and in connection with court proceedings.
• We may share or transfer your information in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business.
• Also, we reserve the right to fully use and disclose any information collected via the Site that is not in personally identifiable form.
ARTICLE 10. CHILDREN’S PRIVACY
The Site is intended for adults and children under adult supervision. We do not intentionally or knowingly collect, personally-identifiable information from children under the age of eighteen (18) and we request that individuals under the age of eighteen (18) not submit any personal information on the Site. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without the parent or guardian’s consent by, for example, misrepresenting his or her age, that parent or guardian should contact us at email@example.com. If we determine that we have collected personal information of children under the age of 18, we will immediately delete such information and any accounts believed to be held by children under 18.
We reserve the right to amend this Privacy Statement at any time and for any reason. If we make material changes, such as a change to the purposes of processing of personal data that is not consistent with the purpose for which it was originally collected, we will notify you either by prominently posting a notice of such changes on our websites before they take effect, or by directly sending you an email notification. Please check the top of this page to see the date it was last revised. Your use of our websites following any changes means that you accept the revised Privacy Statement and you are bound by it. If you would like to review the version of the Privacy Statement that was effective immediately prior to a revision or if you have any questions pertaining to this statement, please contact us at firstname.lastname@example.org.
ARTICLE 12. HOW TO CONTACT US
If you have data privacy concerns and wish to review, correct, update, restrict, or delete your personal data, and if you will like us to transmit a copy of your personal data electronically to either yourself or another Data Controller, then send an email to email@example.com or by postal mail to:
360 Veterans Parkway, Ste 115
Bolingbrook, IL 60440
The request must include your name, address, email and telephone number, as well as the action you would like us to take. We will need to verify your identity before we can act on the request. You should be aware that there could be instances when we may be unable to fulfill such request for good reasons, in such case, we shall provide you with an explanation.