Privacy Policy

DERBYSOFT PRIVACY POLICY

DerbySoft Inc., and/or its affiliates (“DerbySoft,” “we,” or ”us”) respect your privacy and we take the processing of information related to you (your “Personal Information”) seriously. This Privacy Policy (the “Policy”), explains how and why we collect, use, share and otherwise process your Personal Information when you interact with us in the ways described below. How we process your Personal Information depends on which Services you use and how you use them. As a result, some of the information in this Policy may not apply to you.

The Scope of This Privacy Policy

This Policy describes how and why DerbySoft collects, uses, maintains, protects, discloses, or otherwise processes your Personal Information when you use our services (collectively the “Services”), such as when you:

Access and use our website(s), such as www.derbysoft.com or any other site that we operate that includes a link to this Policy (our “Site” or “Sites”);
Subscribe to our electronic communications;
Communicate with our service representatives or engage use our customer support features (including via chat functions, email, text, or phone); or
Register and attend our online or in-person events and webinars.

This Policy also applies to Personal Information we collect from third parties about you.

This Policy does not apply to the extent we process Personal Information as a service provider/processor in order to provide business services pursuant to a contract with, and at the direction of, a corporate customer. This Policy also does not apply to Personal Information we process in our role as an employer.

Residents in some U.S. states may have additional rights under the laws of their state. Please see our U.S. State-Specific Supplemental Notice for more information about the privacy rights applicable to you.

Changes to this Policy

We may update this policy from time to time as we adopt or implement new data privacy practices and we encourage you to periodically review this Policy for the latest information on our practices. If we make changes to the Policy, we will revise the date at the top of the Policy. If we make significant changes to this Policy, we will inform you prior to starting any new activities.

Cross-Border Data Transmission

The Site is maintained by DerbySoft, Inc., which is headquartered in Dallas, Texas. Our primary data storage and processing facilities are in the United States of America (“USA”). If you access or otherwise use the Services from another country, please note that all data we collect will be transmitted outside of your country and into the USA, where it will reside and be processed. In addition, we may process or store your data in countries beyond your country and the USA. By continuing to access this Site, or by providing us with your Personal Information, to the extent permitted under applicable law, you explicitly consent to have your data so processed and stored.

Personal Information We Collect

When you use our Services, we may collect the following types of Personal Information:

Identifiers, such as name, email address, business address, business telephone number, company ID, user name and password.
Internet usage information, such as your IP addresses, cookie IDs, and information regarding your interactions with and use of the Sites. For more information, see “Cookies,” below.
Commercial information, including products and services purchased, potentially purchased, obtained or considered, or other purchasing or consumer history relating to DerbySoft products.
Rough geolocation data.
Inferences drawn from any of the above-referenced information to create a profile about your preferences, characteristics, behavior, and attitudes.

How We Collect Personal Information

Information We May Collect Automatically

Information about your computer or mobile device. When you visit our Site, we may automatically receive and store certain types of information, such as the name of the domain and host from which you access the Internet; the IP address of the device you are using and the browser and operating system you are using; the date and time you access our Site; the Internet address of the website from which you linked to our Site; any search terms you used to find our Site; the device identifiers and mobile and network information, and your actions on our Site. We may retain this information to assist us in analyzing the behavior of visitors to our Site, to resolve problems with our network and, in general, to administer our Site.

Cookies

DerbySoft, and third parties acting on its behalf, may use cookies or similar technologies, such as web beacons or web bugs, to collect the information described above, including tracking your device’s browsing habits on our Site. Our Site uses cookies to maintain session information you provide to us, so that when you leave our Site and return, our Site will recognize your device. A “cookie” is a small text file that is sent to your computer to collect information about your activities on our Site. The cookie transmits this information back to the applicable Site each time your browser requests a page from our Site. “Web beacons” are small pieces of code placed on websites used to collect advertising metrics, such as counting page views, promotion views, or advertising responses. Our Site may also set cookies or web beacons to measure aggregate web statistics, including the number of monthly visitors, number of repeat visitors, most popular webpages and other information. We may allow our third-party service providers to place cookies for the same purposes that we can and we may otherwise allow third-parties to use cookies as set out in this Policy.

You have a choice about most cookies. You can modify your browser preferences to allow you to accept or reject all non-necessary cookies or to notify you when a cookie is set. However, because information we obtain may be combined, we may still be able to identify your web browser, computer or mobile device when you access our Site even if you disable cookies. If you choose to reject all cookies, you may be unable to use certain areas of our Site. Please consult your browser instructions for information on how to modify your choices about cookies. Finally, you may delete any existing cookies manually from the hard drive of your device. For more information about cookies, please visit www.allaboutcookies.org.

We may use Google Analytics to help analyze how users use our Site, and we may use other third-party service providers to perform similar functions. Google Analytics uses cookies and other technologies to collect information such as how often users visit our Site, what pages they visit, and what other sites they used prior to coming to our Site. We use the information we get from Google Analytics only to improve our Site and Service. From our Site, Google Analytics collects the IP address assigned to you and some device configurations on the date you visit our Site. Google Analytics plants a persistent Cookie on your web browser to identify you as a unique user the next time you visit our Site. For more information about our use of Google Analytics, please visit https://policies.google.com/technologies/partner-sites.

Log Data

Our web servers may also collect “log data.” Log data provides aggregate information about the number of visits to different pages on our Site. We use log data for troubleshooting purposes and to track which pages people visit in order to improve our Site. We do not link log data collected to Personal Information. Third-party vendors may also collect aggregate log data independently from us.

Tracking Images

We may use tracking images (such as GIFs), which are small image files that we may embed into our emails and newsletters, to learn whether you opened or forwarded them or clicked on any of the content. This information tells us about the effectiveness of our emails and newsletters and helps us ensure that we’re delivering information that you find interesting.

Do-Not-Track

Some web browsers may transmit “Do-Not-Track” signals to websites with which the browser communicates. Because there is not yet an accepted standard for how to respond to browser Do-Not-Track signals, we do not currently respond to them.

Information You May Provide to Us

Generally, we may require you to provide certain Personal Information to access or use certain functions, products or services on our Site or otherwise provided as part of our Services, such as requesting information about our products or requesting that your event be added to our event calendar. We may collect Personal Information from you offline, such as when you visit us at a convention, visit our offices or request information over the phone. You can choose not to provide such Personal Information, in which case you may not be able to access or use such functions, products or services. This Personal Information may include:

Contact Information. Contact information includes your name, alias, business contact information, postal address, email address, telephone number, account name, social media handle, and similar information. We collect this in various contexts, including when you request information about our Services or otherwise provide it to us.
Commercial Transaction Information. We maintain records of commercial information related to our Services, including records of Services obtained or considered, as well as your purchasing or consuming history and tendencies.
Professional Information. We collect information about the customer representatives and other individuals who engage with us regarding our Services. Professional information includes employer, job title, organization and other business affiliations.
Feedback data. We may collect Personal Information in or along with survey responses or in any other feedback or comments you give us.

If you submit any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Policy.

How We Use and Share Your Personal Information

How we use your Personal Information. We may use your Personal Information for a variety of reasons. Depending on how you interact with our Site and Services, these include using Personal Information for the following purposes:

Delivering Our Services, including our business services, to you and to provide the related customer support, communication, and security.
Policy Enforcement, including enforcing our terms of service, and other policies.
Advertising & Marketing to send advertisements and marketing material via physical and electronic mail relating to product specials and other promotional events or offers, perform marketing research and data analytics, and perform similar activities.
Contextual and Behavioral Targeting to provide contextual customization of ads shown as part of an interaction with our Site or application, using tracking technologies like cookies and pixels.
Counting Ad Impressions & Website Interactions to audit interactions with our Sites, applications, or advertisements, count ad impressions to unique visitors, verify position and quality of ad impressions, and perform similar activities.
Fraud Prevention to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to prosecute those responsible for that activity.
Processing Transactions to process or fulfill orders and transactions, verify customer information, process payments, and perform similar activities.
Defending Against Claims & Litigation to defend against or respond to potential or actual claims and litigation.

How we share your Personal Information. We may share your Personal Information with the following:

Business Services Providers. These are those persons or entities with whom we have a relationship to provide business operations services and support to DerbySoft. These providers may include the following:

IT Operations Providers. These include cloud computing service providers, internet service providers, data backup and security providers, functionality and infrastructure providers, and similar service providers.
Operations Providers. These include service providers with whom we partner to provide day-to-day business operations, including payment processors, security vendors, business software service providers, hospitality service providers, banks, facilities management providers.
Professional Advisors. These include lawyers, accountants, consultants, security professionals, and other similar parties when disclosure is reasonably necessary to comply with our legal and contractual obligations, prevent or respond to fraud or abuse, defend ourselves against attacks, or protect the rights, property, and safety of us, our customers, and the public.

Marketing and Advertising Providers. These include advertising, direct marketing, and lead generation providers, affiliate marketing program providers, retargeting platforms, data brokers, ad networks, marketing consultants, and similar services providers.

DerbySoft Entities. We may share personal data among the DerbySoft group of entities, including DerbySoft, Ltd. (Hong Kong), DerbySoft Technology Spain, S.L. (Spain), DerbySoft, Inc. (Texas), and any subsidiaries, joint venturers, or other companies that we control or that are under common control with us.

Legally Required Parties/Governmental Entities. Persons to whom we are required by law to provide information, such as pursuant to a subpoena or a court order.

Reorganization. Persons involved in the consideration, negotiation, completion of a business transaction, including the sale, merger, consolidation, acquisition, change in control, transfer of substantial assets, bankruptcy, or reorganization, and any subsequent integration.

Authorized Disclosures: To any party when authorized by the individual to whom it pertains to share it.

Social Media

Our Site may contain plug-ins and other features that integrate third-party social media platforms into our Site. You will be able to activate them manually. If you do so, the third-parties who operate these platforms may be able to identify you, they may be able to determine how you use our Site and they may link and store this information with your social media profile. Please consult the data protection policies of these social media platforms to understand what they will be doing with your Personal Information. If you activate these plug-ins and other features, you will be doing so at your own risk.

Third-Party Websites

Our Site may contain links to other parties’ websites. This Policy, and our responsibility, is limited to our own collection practices. We do not have any control over such third-party websites and are not responsible for their privacy policies or practices. In addition, we cannot ensure the content of the websites maintained by these third-parties, even if accessible using a link from our Site. We urge you to read the privacy and security policies of any external websites before providing any Personal Information while accessing those websites.

Storage of Data

DerbySoft stores Personal Information for as long as reasonably necessary to fulfill the purposes described in this Policy and necessary for our business records, and as required under applicable law.

Protection of Your Data

While we cannot guarantee the full security of anyone’s data (including our own), we understand the importance of data security and therefore take reasonable technical and organizational measures to protect your Personal Information – and the information systems on which your Personal Information is stored – in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction and we contractually require our suppliers and service providers to protect your Personal Information.

Commercial Electronic Message Consent

By providing your email address to DerbySoft through our Site or otherwise, you affirmatively and expressly consent to receiving commercial emails from DerbySoft, to the extent permitted by applicable laws. DerbySoft may send you commercial emails in order to deliver a newsletter, to provide you with more information about our Services, and to provide you with updates, special offers, and other information, including but not limited to Site updates. You may unsubscribe from these commercial emails at any time by clicking on the “unsubscribe” link included in any email or by contacting DerbySoft via email at privacy@derbysoft.net.

Children

Our Site is not directed at children. Consistent with the Federal Children’s Online Privacy Protection Act of 1998 (COPPA), DerbySoft will not knowingly request or collect personally identifiable information from any child under age 13 without requiring parental consent. Any person who provides his or her Personal Information to use through our Site or the Services represents that he or she is older than 12 years of age. If we become aware that we have collected children’s Personal Information in a manner not permitted by COPPA, we will remove such data as required by COPPA. If you believe that we have mistakenly or unintentionally collected the Personal Information of a minor without appropriate consent please contact us via email at privacy@derbysoft.net and we will take steps to delete their Personal Information from our systems.

U.S. STATE-SPECIFIC PRIVACY RIGHTS AND NOTICES

Individuals who reside in the United States or are in the United States may have additional privacy rights under the law of the state in which they reside and when such laws become effective. Please review this section to determine what rights you may have as a resident of certain U.S. states.

Notice at Collection for California Residents:

The chart below describes what categories of Personal Information we collect, how we use it, and why we use it. California law requires us to provide this information using the categories enumerated in the law. Some elements of Personal Information may fall into multiple categories.

Identifiers	Examples of information collected: Name, email address, public IP addresses, cookieIDsSource(s) of information: Directly from you; automatically when you interact with usPurpose(s) of collection and use: All purposes listed in “How We Use and Share Your Personal Information” above
Additional categories of information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	Examples of information collected: Name, address, telephone number, and employment information. Also, financial information and payment card information if such is associated with you individually. Source(s) of information: Directly from you; the company with which you are affiliated. Purpose(s) of collection and use: All purposes listed in “How We Use and Share Your Personal Information” above
Commercial Information	Examples of information collected: Transaction history; billing and payment records; feedback information. Source(s) of information: Directly from you; data generated by us. Purpose(s) of collection and use: All purposes listed in “How We Use and Share Your Personal Information” aboveRetention Considerations: Commercial information is maintained for the length of time we maintain customer information.
Internet or Electronic Network Activity Information	Examples of information collected: Device identifiers device type and operating system; mobile network information; cookie or tracking pixel information; usage information (information about products or pages you browse and other interactions with our Sites, apps, and advertisements).Source(s) of information: Automatically when you interact with us online or connect with our systems (such as wireless internet provided at our locations); service providers; third parties. Purpose(s) of collection and use: All purposes listed in “How We Use and Share Your Personal Information” above
Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information	Examples of information collected: Call recordings (such as customer service calls); photographs; videoSource(s) of information: Directly from you; automatically when you interact with usPurpose(s) of collection and use: All purposes listed in “How We Use and Share Your Personal Information” above
Professional or Employment-Related Information	Examples of information collected: Current employer informationSource(s) of information: Directly from you or your employer when your employer is a customer of ours. Purpose(s) of collection and use: All purposes listed in “How We Use and Share Your Personal Information” above
Inferences Drawn About You	Examples of information collected: Interests; preferencesSource(s) of information: Directly from you; automatically when you interact with us; from third parties (commercial data brokers, other companies with which you engage)Purpose(s) of collection and use: All purposes listed in “How We Use and Share Your Personal Information” above

Retention of Your Personal Information Under CCPA. We retain the Personal Information we collect only as reasonably necessary for the purposes described in this Policy, or otherwise disclosed to you at the time of collection. For example, we will retain certain identifiers for as long as it is necessary to comply with our tax, accounting, and recordkeeping obligations, and for research, development and security purposes, as well as an additional period of time as necessary to protect, defend, or establish our rights, defend against potential claims, and to comply with our legal obligations. From time to time, we may also de-identify your Personal Information, retain it, and use it for a business purpose in compliance with CCPA.

To opt-out of the online sale/sharing of your Personal Information under CCPA, please click on the “Do Not Sell My Personal Information” link in the cookies consent tool. If you do not see the cookie consent tool, you can also reach it by clicking on “Do Not Sell/Share My Personal Information” here or at the bottom of our Site.

To opt-out of the offline sale/sharing of your Personal Information under CCPA, email us at privacy@derbysoft.net.

Your U.S. Privacy Rights and How to Exercise Them

U.S. residents may review the following to learn more about the privacy rights afforded to them in certain jurisdictions.

The Rights to Access, Correct, and Delete Personal Information

Available to residents of California, Colorado, Connecticut, Utah, and Virginia.

You have the right to request access to and receive certain details about what Personal Information we collect, use, and sell, as well as the right to request that we delete certain Personal Information that we have collected from you. If we hold Personal Information that is not accurate, you have the right to request that we correct this information.

To exercise these rights, you or your designated agent can send a request in writing to: privacy@derbysoft.net.

We will honor these requests in accordance with our legal obligations and in the timeframe permitted by the applicable law (generally 30-45 days).

The Right to Limit the Use of Sensitive Personal Information

Available to residents of California.

You have the right to request that we limit our use and disclosure of your “Sensitive Personal Information,” (as that term is defined under the California Consumer Privacy Act (the CCPA)) to certain permissible purposes. However, we process Sensitive Personal Information only as permitted by the CCPA, and we don’t use Sensitive Personal Information to infer characteristics about you. Accordingly, we do not offer an option to limit further processing of Sensitive Personal Information.

The Right to Opt-Out of Sale or Sharing For Targeted Advertising Purposes

Available to residents of California, Colorado, Connecticut, Utah, and Virginia.

You have the right to opt-out of the sale of your Personal Information to third parties. Under the applicable privacy laws for your state, a “sale” means the exchange of your Personal Information for money but may include exchanges for other valuable consideration. You also have the right to opt-out of the sharing of your Personal Information for purposes of targeted advertising (called a “sharing” of Personal Information under the CCPA).

Opting Out of Online Sale/Sharing

Some of the tracking technologies we use on our online services may be considered a “sale” or “sharing” under applicable law. The categories of Personal Information we “sell” or “share” , and have “sold” or “shared” within the last 12 months include: Identifying Information, Device Information and Other Unique Identifiers, Internet or Other Network Activity, Geolocation Data, and Commercial Data. We may disclose these categories of Personal Information to advertisers and marketing partners, data analytics providers, and social media networks. You can opt out of the sale or sharing via tracking technologies via the following methods:

For our Sites: you can adjust your cookie and other privacy settings in the cookie consent banner provided on our Site. To opt-out of the sale/sharing of your Personal Information, please click on the “Do Not Sell My Personal Information” link in the cookies consent tool. If you do not see the cookie consent tool, you can also reach it by clicking on “Do Not Sell/Share My Personal Information” here or at the bottom of our Site.

Residents of certain states may utilize a browser or extension that broadcasts an opt-out preference signal recognized as valid under the applicable law, such as the Global Privacy Control (GPC) (learn more here: https://globalprivacycontrol.org/orgs), we will honor such signal as a valid opt-out request for the browser identifier we associate with it.

Opting Out of Offline Selling/Sharing

Requests to opt out of “sale” / “sharing” will be linked to your browser identifier only unless you are logged in to an account with us and we are able to link your browser identifier to your account information. Accordingly, if you are not logged in or we are not otherwise able to associate your browser identifier with your account or other contact information, we are not able to link your request to opt-out of sale/sharing to sale/sharing transactions outside of the online context. Therefore, if you would like to opt-out of the sale/sharing of your Personal Information in the offline context, email us at privacy@derbysoft.com .

The Right to Opt-Out of Profiling

Available to residents of Colorado, Connecticut, and Virginia.

You have the right to opt-out of the use of your Personal Information for “profiling” in furtherance of decisions that produce legal or similarly significant effects concerning you. “Profiling” means using automated processing of your Personal Information to evaluate, analyze, or predict personal aspects concerning your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. DerbySoft does not engage in such practices. Therefore, we do not offer the right to opt-out of this right.

The Right to Appeal Our Decisions Regarding Your Rights Requests

Available to residents of Colorado, Connecticut, and Virginia.

You may appeal our decision to your request regarding your Personal Information. To do so, please contact us by emailing us a privacy@derbysoft.com. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.

The Right to Non-Discrimination

Available to residents of California, Colorado, Connecticut, Utah, and Virginia.

You have a right not to receive discriminatory treatment for the exercise of your privacy rights. We will not engage in discriminatory actions with respect to your exercise of rights available to you under applicable privacy laws.

Responding to Your U.S. Privacy Rights Requests

Receiving and Verifying Your Requests

You can submit your requests regarding your various privacy rights using the mechanisms described above. For some requests, you will be required to submit some Personal Information necessary for us to verify your identity, and we may contact you to verify the request. The Personal Information we request as part of the verification process will be used only to verify your request and demonstrate compliance with our obligations under the law.

Residents of California, Colorado, and Connecticut may designate an authorized agent to submit certain requests on your behalf. Authorized agents can submit requests in the same manner as the individuals on whose behalf they act. In accordance with the applicable law, we may require you and your agent to submit additional information to verify your and your agent’s identity, and to confirm the agent’s authorization to act on your behalf. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

GDPR Rights and Notices

If we process Personal Information from UK/EU residents in a manner subject to the General Data Protection Regulation or the UK GDPR (“GDPR) then, in addition to the above, the following information shall also apply to our collection, processing use and retention of that information:

Controller and Data Protection Contact

DerbySoft, Inc. with address at 14800 Landmark Blvd., Suite 640, Dallas, Texas 75254 is the Controller and can be reached at privacy@derbysoft.net.

Data Protection Representative and Contact

Since DerbySoft as a company is not headquartered in the European Union, it has appointed the following EU representative for data protection according to Art. 27 GDPR:

DerbySoft Technology Spain S.L. (Spain)
Avinguda Diagonal, 472, 08006 Barcelona, Spain

Contact: privacy@derbysoft.com

Source of Data

We will process your Personal Information mainly because you provided it to us, or we collected your Personal Information as described above. In certain cases, we may also receive Personal Information from third parties, such as service providers if permitted.

Basis and Purpose for Processing

As set out above, we collect and process Personal Information for which you have given your express consent at the time of collection. For example, we collect Personal Information when you elect to participate in one of our promotions. We also collect and process Personal Information for the purposes of our legitimate interests, such as to help us better manage your sales enquiry, in order to improve our services, to deliver the services and perform obligations under contracts we have with you or your company, and to comply with our own legal obligations.

Legal Bases for Processing

In regard to Cookies, the legal basis for the processing of Personal Information associated with the use of Cookies as described above is Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate interest of improvement of the stability and functionality of our Site (for “necessary cookies”) and Art. 6 para 1 sentence 1 lit. a GDPR on the basis of your consent for all other cookies (marketing- and analysis cookies). You can find further information about the cookies we set and on the duration of the cookie storage in the cookie settings of our cookie consent tool which is displayed always at the bottom of our Site.

The legal basis for the processing of Log Data and Tracking Images as described above is Art. 6 para. 1 sentence 1 lit. f GDPR.

The legal basis for the processing of Personal Information based on your communication with us by Email as described above is Art. 6 para. 1 sentence 1 lit. b GDPR, as we process the Personal Information in order to answer your request. Only DerbySoft employees who are working on such contact requests receive access to the Personal Information related to these emails.

In regard to our use of Google Analytics for the Site as described above, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR, as we will ask you for your consent for the processing of your Personal Information in this regard. You can refuse your consent or withdraw your consent at anytime with effect for the future. The related Personal Information may be processed by and to Google in the USA, Google LLC, Alphabet Inc., and Google Ireland Limited.

The legal basis for the processing of Personal Information in regard to the hosting of our site by our technology service provider and the storage on a third party server as described above, is Art. 6 para. 1 sentence 1 lit. b GDPR on the basis of your usage of our Site and Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate interest of improvement of the stability and functionality of our Site.

Sensitive Data

We do not collect sensitive data, for example, biometric data, health data or data revealing racial or ethnic origin from visitors to our Site.

Recipients/Access to Personal Information

Access to your Personal Information will in general only be granted to DerbySoft employees or employees of affiliated entities or subsidiaries of DerbySoft who require access to your Personal Information in order to fulfill the purposes as stated in this Policy and in order to provide you with the services. External recipients will receive access to your Personal Information only as described in this Policy and in particular but not exhaustive in the below section on “Onward Transfer and Categories of Recipients”.

Intercompany Transfer

We may transfer Personal Information belonging to you to our affiliated entities, e.g. any corporate subsidiaries or affiliates, in accordance with applicable UK/EU laws. Any such transfer will be subject to intercompany agreements incorporating UK or EU Standard Contractual Clauses including supplementary measures, in case the subsidiary or affiliated company is not located in the UK/EEA. A copy of the EU Standard Contractual Clauses can be obtained by contacting privacy@derbysoft.net.

Onward Transfer and Categories of Recipients

Except as otherwise provided in this Policy, we only disclose Personal Information to third-parties who reasonably need to have access to it for the purpose of the transaction or activity for which it was originally collected or to provide services to or perform tasks on our behalf or under our instruction. All such third-parties must agree to use such Personal Information we provide to them only for the purposes for which we have engaged them and they must: (a) comply with the applicable UK/EU Standard Contractual Clauses or another (transfer) mechanism permitted by the applicable UK/EU & Swiss data protection law(s) for transfers and processing of Personal Information (unless the third party is located in the UK/EEA); and (b) agree to provide adequate protections for the Personal Information that are no less protective than those set out in this Policy. Where we have knowledge that an entity to whom we have provided Personal Information is using or disclosing Personal Information in a manner contrary to this Policy, we will take reasonable and appropriate steps to prevent, remediate or stop the use or disclosure. You have a right to request a copy of such transfer mechanism. To exercise such right, please email us at privacy@derbysoft.net.

Authorized Transfer

We also may disclose Personal Information for other purposes or to other third-parties when you have consented to or explicitly requested such disclosure. Please be aware that we will disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, in accordance with applicable UK, EU & Swiss data protection law(s).

Data Processors

We may retain third-parties to process or analyze Personal Information we collect from our Site. For example, our Site may be maintained or hosted by a third-party service provider, a promotion may be administered by a sales promotion agency and/or products may be fulfilled by a wholesaler. These suppliers and other third-parties who provide services for us are contractually obligated not to use Personal Information about you except as we authorize.

Profiling and Automated Decision Making

We may analyze Personal Information we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use Personal Information about you to detect and reduce fraud and credit risk. We do not use your Personal information for any solely-automated-decision making.

Your Rights

You may e-mail us at privacy@derbysoft.net to exercise the following rights:

access your data to check and review it;
have a copy of your Personal Information;
request that we supplement, correct or delete your Personal Information;
request that we cease or restrict the collection, processing, use or disclosure of your Personal Information;
object to the processing of your Personal Information;

If we process your Personal Information on the basis of your consent, you can withdraw your consent at any time with effect for the future. Please note that a withdrawal of consent does not affect the legality of prior processing.

You also have the right to lodge a complaint with a supervisory (data protection) authority in relation to the processing of your Personal Information. To exercise such right and lodge a complaint, you can contact the supervisory authority competent for your place of residence or the one competent for our place of business. We would appreciate the opportunity to resolve the issue in advance of you making a complaint to the relevant authority.

If you request to have Personal Information removed, we may retain some of your Personal Information as necessary for the purposes of our legitimate business interests or in furtherance of public interests in accordance with applicable law.

China Addendum

Last Updated and Effective Date: October 28, 2024

For the purposes of this China Addendum (this “Addendum”), references to “personal information”, “sensitive personal information”, “process/processing”, “controller”, “processor”, and “supervisory authority” shall have the same meaning as “personal information”, “sensitive personal information”, “process/processing”, “personal information processor”, “entrusted party” and “supervisory authority” as defined in the Personal Information Protection Law of the People’s Republic of China (the “PIPL”).

For the purpose of this Addendum only, “China” herein is excluding Hong Kong Special Administrative Region, Macau Special Administrative Region and Taiwan. If our processing activities of your Personal Information within the territory of China are subject to the PIPL, the Controller located in China responsible for processing and protecting your Personal Information is DerbySoft (Shanghai) Co., Ltd., with address at 6th Floor, Building 8, No. 120, Lujiazui Software Park, Lane 91, Eshan Road, Pudong New District, Shanghai 200127, and can be reached at privacy@derbysoft.net.[1]

Personal Information We Collect and Our Purpose

When you visit https://www.derbysoft.com/cn, our Chinese Official Website, (the “Chinese Website”), for the purpose of allowing you to access or use certain functions, products or services on our Chinese Website, we will collect the following types of Personal Information:

Registration data: name, email address, contact number, company served and title; and

Other data: user name, device ID, IP address, registration and login information.

We will not collect sensitive personal information.

Legal Bases for Processing

Depending on the circumstances, we will rely on one or more of the following legal bases for processing your Personal Information:

You have given us consent to process your Personal Information

The processing is necessary for the conclusion or performance of a contract to which you are a contracting party;

The processing is necessary to fulfil statutory functions or statutory obligations;

The processing is necessary to respond to public health emergencies or protect the life, health or property safety of natural persons under emergency circumstances;

Personal Information is processed within a reasonable scope to conduct news reporting, public opinion-based supervision, or other activities in the public interest;

The Personal Information that has been disclosed by the individuals themselves or other Personal Information that has been legally disclosed is processed within a reasonable scope in accordance with the PIPL; or

Under any other circumstance as provided by any law or administrative regulation.

Provision of Personal Information to Third Parties

As set out in section of “How we share your Personal Information”, we may entrust third-party service providers to assist us in providing relevant operation and service support, including IT operations providers, operations providers, professional advisors and marketing and advertising providers. For companies, organisations and individuals who we entrust to process your Personal Information, we ask them to handle your Personal Information in accordance with our instructions, this Policy, this Addendum, and applicable laws.

Personal Information Export

For the purposes stated in this Addendum, we may transfer your Personal Information to our affiliates and third-party companies located outside of China. The foreign recipients and details of the transfer are as follows:

Recipients	Contact information	Categories of personal information being shared	Purpose and means of the recipient’s processing
DerbySoft, Ltd. (Hong Kong)	privacy@derbysoft.net	The categories under Personal Information We Collect and Our Purpose	Please see the privacy policy below for more information: https://www.derbysoft.com/privacy-policy/
DerbySoft Technology Spain, S.L. (Spain)	privacy@derbysoft.net	The categories under Personal Information We Collect and Our Purpose	Please see the privacy policy below for more information: https://www.derbysoft.com/privacy-policy/
DerbySoft, Inc. (Texas)	privacy@derbysoft.net	The categories under Personal Information We Collect and Our Purpose	Please see the privacy policy below for more information: https://www.derbysoft.com/privacy-policy/

Where Personal Information is transferred to another jurisdiction outside China, your Personal Information will be secured by appropriate safeguards when required by the PIPL and applicable regulations. To the extent required under PIPL and applicable law, we will obtain separate consent from you before the transfer of your Personal Information.

Your Rights

You may e-mail us at privacy@derbysoft.net to exercise the following rights:

the right to know and the right to decide on the processing of your Personal Information;

the right to restrict or refuse the processing of your Personal Information by others;

the right to consult and duplicate your Personal Information;

the right to request us to correct or supplement your Personal Information where you discover the information is incorrect or incomplete;

the right to withdraw your consent to the processing of Personal Information based on your consent (but please note that your withdrawal of consent does not affect the validity of the processing of Personal Information that has been carried out based on your consent before the withdrawal);

the right to request the transfer of Personal Information to your designated controller;

the right to delete your Personal Information under specific circumstances.

To protect the security of your Personal Information, we need to verify your identity in order to respond to your rights request(s), and we may not be able to respond to the request(s) for rights related to Personal Information that are not from you or authorised by you (for example, requests to consult Personal Information of someone else).

Additionally, the rights above are subject to limitations and exceptions under applicable law. We will respond to and comply with your request(s) consistent in accordance with the timeline required by the PIPL and relevant regulations. If you have unresolved concerns, you also have the right to complain to relevant supervisory authority or where applicable, file a lawsuit with the court in accordance with applicable law.

Children

We do not knowingly collect Personal Information from children under the age of 14 without parental/guardian consent. If you are the parent or guardian of your child and believe that we have Personal Information of your child without parental/guardian consent, or if you wish to withdraw such consent, please contact us via the contact information provided in this Addendum. and we will delete such information.

Updates

This Addendum may be updated periodically. We will update the date at the top of its first page accordingly and encourage you to check for changes that we have made. On some occasions, we may also actively advise you of specific data processing activities or significant changes to this Addendum, as required by PIPL and applicable laws and regulations.

Corrections and Updates

If you want to view, delete or modify your Personal Information, you may do so by emailing privacy@derbysoft.net. Please note that we may be required to keep certain information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives in accordance with applicable laws.

We reserve the right to verify the identity of any person making a request to opt-out, delete or modify Personal Information provided, however, that we will have no liability of any kind resulting from false or erroneous requests or any change or deletion made by us based on such a request.

Contact, Questions or Complaints

We take your privacy seriously and invite you to contact us at the address below also with any further questions or concerns you may have regarding this Policy or our collection, storage and use of your Personal Information:

DerbySoft, Inc. Attn: Legal Department
14800 Landmark Blvd., Suite 640
Dallas, Texas 75254

privacy@derbysoft.net

DerbySoft Acquires Leading Travel Trade Marketplace, PKFARE

Hello world!

Hello world!

The 3 Most Common Mistakes in Hotel Distribution Strategy and How To Fix Them