DerbySoft Privacy Policy

Last Updated and Effective Date: June 30, 2023

DerbySoft respects your privacy. In this Privacy Policy, we will share with you the types of Personal Information we gather and how we may use that information so that you can better understand your privacy rights. Because information privacy is an ongoing effort, we may update this policy from time to time as we implement new practices or adopt new practices. We encourage you to periodically review this webpage for the latest information on our privacy practices.

How we handle information about you depends on which of our Services you use and how you use them. As a result, not all of the information in this privacy policy may not apply to you.

The Scope of This Privacy Policy

This Privacy Policy describes Derbysoft’s practices for collecting, using, maintaining, protecting, and disclosing (“processing”) your personal information when you use our services (collectively the “Services”), such as when you:

  • Access and use our website (the “Site”)
  • Subscribe to our electronic communications
  • Communicate with our service representatives or features (including via chat functions, email, text, or phone)
  • Use our Services anywhere we collect information from you and refer to this Privacy Policy.

This Privacy Policy also applies to personal information we collect from third parties about you.

Where we provide business services pursuant to a contract with a customer of ours, the customer controls the information processed by our business services. This Privacy Policy does not apply to the extent we process personal information in the role of a service provider/processor on behalf of our customers. This Privacy Policy also does not apply to Personal Information we process in our role as an employer.

We may make additional features, functionality, offers, activities or events available to you subject to additional or different privacy rules that we disclose in connection with those opportunities.

Residents in some U.S. states may have additional rights under the laws of their state. Please see our U.S. State-Specific Supplemental Notice for more information about the privacy rights applicable to you.

Cross-Border Data Transmission

The DerbySoft Site is maintained by DerbySoft, Inc., which is headquartered in Dallas, Texas. Our primary data storage and processing facilities are in the United States of America (“USA”). If you are accessing the Services from another country, please note that all data we collect will be transmitted outside of your country and into the USA, where it will reside and be processed. In addition, we may process or store your data in countries beyond your country and the USA. By continuing to access this Site, or by providing your Personal Information, you explicitly consent to have your data so processed and stored, to the extent this is possible or necessary under the relevant applicable laws.

Personal Information We Collect

When you use our Services, we may collect the following types of Personal Information:

  • Identifiers, such as name, date of birth, email address, physical address, telephone number, account number or name and password.
  • Internet usage information, such as your browsing history, IP addresses, cookie IDs, search history, and information regarding your interactions with and use of the Websites. For more information, see “Cookies,” below.
  • Commercial information, including products purchased, potentially purchased, obtained or considered, or other purchasing or consumer history.
  • Professional or employment-related information, including information contained in applications for job positions, such as resumes shared with us.
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
  • Geolocation data, used to determine which retailer of our products and services is closest to the consumer.
  • Inferences drawn from any of the above-referenced information to create a profile about your preferences, characteristics, behavior, and attitudes.

How We Collect Personal Information

Information We May Collect Automatically

Information about your computer. When you visit our Site, we may automatically receive and store certain types of information, such as the name of the domain and host from which you access the Internet; the IP address of the computer you are using and the browser and operating system you are using; the date and time you access our Site; the Internet address of the website from which you linked to our Site; any search terms you used to find our Site; the device identifiers and mobile and network information, and your actions on our Site. We may retain this information to assist us in analyzing the behavior of visitors to our Site, to resolve problems with our network and, in general, to administer our Site.

Cookies

Derbysoft, and third parties acting on its behalf, may use cookies or similar technologies, such as web beacons or web bugs, to collect the information described above, including tracking your device’s browsing habits on our Site. Our website uses cookies to maintain session information you provide to us, so that when you leave our Site and return, our Site will recognize your device. A “cookie” is a small text file that is sent to your computer to collect information about your activities on our Site. The cookie transmits this information back to the applicable Site each time your browser requests a page from our Site. “Web beacons” are small pieces of code placed on websites used to collect advertising metrics, such as counting page views, promotion views, or advertising responses. Our website may may also set cookies or web beacons to measure aggregate web statistics, including the number of monthly visitors, number of repeat visitors, most popular webpages and other information. We may allow our third-party service providers to set cookies for the same purposes that we can and we may otherwise allow third-parties to use cookies as set out in this Privacy Policy.

You always have a choice about most cookies. You can modify your browser preferences to allow you to accept or reject all non-necessary cookies or to notify you when a cookie is set. However, because information we obtain may be combined, we may still be able to identify your web browser, computer or mobile device when you access our Services even if you disable cookies. If you choose to reject all cookies, you may be unable to use certain areas of our Site. Please consult your browser instructions for information on how to modify your choices about cookies. Finally, you may delete any existing cookies manually from the hard drive of your device. For more information about cookies, please visit www.allaboutcookies.org.

We may use Google Analytics to help analyze how users use our Site, and we may use other third-party service providers to perform similar functions. Google Analytics uses cookies and other technologies to collect information such as how often users visit our Site, what pages they visit, and what other sites they used prior to coming to our Site. We use the information we get from Google Analytics only to improve our Site and Service. From our Site, Google Analytics collects the IP address assigned to you and some device configurations on the date you visit our Site, rather than your name. Google Analytics plants a persistent Cookie on your web browser to identify you as a unique user the next time you visit our Site. Google’s ability to use and share information collected by Google Analytics about your visits to our Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy at https://policies.google.com/privacy?hl=en.

Log Data

Our web servers may also collect “log data.” Log data provides aggregate information about the number of visits to different pages on our Site. We use log data for troubleshooting purposes and to track which pages people visit in order to improve our Site. We do not link log data collected to Personal Information. Third-party vendors may also collect aggregate log data independently from us.

Tracking Images

We may use tracking images (such as GIFs), which are small image files that we may embed into our emails and newsletters, to learn whether you opened or forwarded them or clicked on any of the content. This information tells us about the effectiveness of our emails and newsletters and helps us ensure that we’re delivering information that you find interesting.

Do-Not-Track

Some web browsers may transmit “Do-Not-Track” signals to websites with which the browser communicates. Because there is not yet an accepted standard for how to respond to browser Do-Not-Track signals, we do not currently respond to them.

Information You May Provide to Us

Generally, we may require you to provide certain Personal Information to access or use certain functions, products or services on our Site or otherwise provided as part of our Services, such as requesting information about our products or requesting that your event be added to our event calendar. We may collect Personal Information from you offline, such as when you visit us at a convention, visit our offices or request information over the phone. You can choose not to provide such Personal Information, in which case you may not be able to access or use such functions, products or services. This personal information may include:

  • Contact Information. Contact information includes your name, alias, business contact information, postal address, email address, telephone number, account name, social media handle, and similar information. We collect this is various contexts, including when you request information about our Services or otherwise provide it to us.
  • Identity Verification Information. In certain contexts, we may be required to verify your identity by collecting information such as your social security number, driver’s license number, state or federal identification number, passport number, and similar identifiers.
  • Commercial Transaction Information. We maintain records of commercial information related to our Services, including records of Services obtained or considered, as well as your purchasing or consuming history and tendencies.
  • Billing and Payment Information. To process payments, we collect and use your payment information. This can include your Contact Information along with your credit or debit card information and any other relevant information.
  • Personal Characteristics. If you or a third-party provides us information about your personal characteristics, such as your race, ethnicity, religion, dietary restrictions, personal preferences, or similar information, we may retain that information in order to comply with a legal obligation or to fulfill a request related to that information.
  • Professional Information. We collect information about the customer representatives and other individuals who engage with us regarding our Services.  Professional information includes employer, work history, education history, professional certifications, and similar information.
  • Feedback data. We may collect personal information in or along with survey responses or in any other feedback or comments you give us.
  • Sensitive Personal Information. Depending on the nature of your interaction with Derbysoft, we may collect personal information that is considered sensitive or highly personal under various laws. Sensitive personal information includes social security numbers, government-issued ID numbers, account login credentials, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union memberships, health information, and sex life or sexual orientation information.

If you submit any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

How We Use and Share Your Personal Information

We may use your Personal Information for a variety of reasons. Depending on how you interact with our Site and Services, these include using personal information for the following purposes:

  • Delivering Our Services, including our business services, to you and to provide the related customer support, communication, and security.
  • Policy Enforcement, including enforcing our terms of service, and other policies.
  • Advertising & Marketing to send advertisements and marketing material via physical and electronic mail relating to product specials and other promotional events or offers, perform marketing research and data analytics, and perform similar activities.
  • Contextual and Behavioral Targeting to provide contextual customization of ads shown as part of an interaction with our website or application, using tracking technologies like cookies and pixels.
  • Counting Ad Impressions & Website Interactions to audit interactions with our websites, applications, or advertisements, count ad impressions to unique visitors, verify position and quality of ad impressions, and perform similar activities.
  • Fraud Prevention to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to prosecute those responsible for that activity.
  • Processing Transactions to process or fulfill orders and transactions, verify customer information, process payments, and perform similar activities.
  • Defending Against Claims & Litigation to defend against or respond to potential or actual claims and litigation.
  • Claims & Benefits Administration to process claims, administer benefits, and conduct employee drug tests in accordance with applicable laws.
  • Employee & Emergency Contact Communications to communicate with our employees or individuals listed as an employee’s emergency contact.

We may share your personal information with the following:

Business Services Providers. These are those persons or entities with whom we have a relationship to provide business operations services and support to DerbySoft. These providers may include the following:

  • IT Operations Providers. These include cloud computing service providers, internet service providers, data backup and security providers, functionality and infrastructure providers, and similar service providers.
  • Operations Providers. These include service provider with whom we partner to provide day-to-day business operations, including payment processors, security vendors, business software service providers, hospitality service providers, banks, facilities management providers.
  • Professional Advisors. These include lawyers, accountants, consultants, security professionals, and other similar parties when disclosure is reasonably necessary to comply with our legal and contractual obligations, prevent or respond to fraud or abuse, defend ourselves against attacks, or protect the rights, property, and safety of us, our customers, and the public.

Marketing and Advertising Providers. These include advertising, direct marketing, and lead generation providers, affiliate marketing program providers, retargeting platforms, data brokers, ad networks, marketing consultants, and similar services providers.

DerbySoft Entities. We may share personal data among the Derbysoft group of entities, including DerbySoft, Ltd. (Hong Kong), Derbysoft, Inc. (Texas), and any subsidiaries, joint venturers, or other companies that we control or that are under common control with us.

Legally Required Parties/Governmental Entities. Persons to whom we are required by law to provide information, such as pursuant to a subpoena or a court order.

Reorganization. Persons involved in the consideration, negotiation, completion of a business transaction, including the sale, merger, consolidation, acquisition, change in control, transfer of substantial assets, bankruptcy, or reorganization, and any subsequent integration.

Authorized Disclosures: To any party when authorized by the individual to whom it pertains to share it.

Social Media

Our Site may contain plug-ins and other features that integrate third-party social media platforms into our Site. You will be able to activate them manually. If you do so, the third-parties who operate these platforms may be able to identify you, they may be able to determine how you use this website and they may link and store this information with your social media profile. Please consult the data protection policies of these social media platforms to understand what they will be doing with your Personal Information. If you activate these plug-ins and other features, you will be doing so at your own risk.

Third-Party Websites

Our Site may contain links to other parties’ websites. This Privacy Policy, and our responsibility, is limited to our own collection practices. We do not have any control over such third-party websites and are not responsible for their privacy policies or practices. In addition, we cannot ensure the content of the websites maintained by these third-parties, even if accessible using a link from our websites. We urge you to read the privacy and security policies of any external websites before providing any Personal Information while accessing those websites.

Storage of Data

DerbySoft stores Personal Information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy and necessary for our business records, and as required under applicable law.

Protection of Your Data

While we cannot guarantee the full security of anyone’s data (including our own), we understand the importance of data security and therefore take reasonable technical and organizational measures to protect your Personal Information – and the information systems on which your Personal Information is stored – in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction and we contractually require our suppliers and service providers to protect your Personal Information.

Commercial Electronic Message Consent

By providing your email address to DerbySoft through our Site or otherwise, you affirmatively and expressly consent to receiving commercial emails from DerbySoft, to the extent this is possible and necessary under the relevant applicable laws. DerbySoft may send you commercial emails in order to deliver a newsletter, to provide you with more information about our Services, and to provide you with updates, special offers, and other information, including but not limited to Site updates. You may unsubscribe from these commercial emails at any time by clicking on the “unsubscribe” link included in any email or by contacting DerbySoft via email at privacy@derbysoft.net.

Children

Our Site is not directed at children. Consistent with the Federal Children’s Online Privacy Protection Act of 1998 (COPPA), DerbySoft will not knowingly request or collect personally identifiable information from any child under age 13 without requiring parental consent. Any person who provides his or her Personal Information to use through our Site or the Services represents that he or she is older than 12 years of age. If we become aware that we have collected children’s Personal Information in a manner not permitted by COPPA, we will remove such data as required by COPPA.

U.S. STATE-SPECIFIC PRIVACY RIGHTS AND NOTICES

Individuals who reside in the United States or are in the United States may have additional privacy rights under the law of the state in which they reside and when such laws become effective. Please review this section to determine what rights you may have as a resident of certain U.S. states.

The chart below describes what we collect, how we use it, and additional retention considerations that arise when we apply these criteria to such information. California law requires us to provide this information using the categories enumerated in the law. Some elements of personal information may fall into multiple categories.

Identifiers
  • Examples of information collected: Name, Pemail address, public IP addresses, cookieIDs
  • Source(s) of information: Directly from you; automatically when you interact with us
  • Purpose(s) of collection and use: All purposes listed in “How We Use Personal Information” above
  • Retention Considerations: Identifiers that are associated with a client of ours will be retained for the length of time for which we maintain client records, plus a reasonable period thereafter. Identifiers associated with website analytics and tracking will be maintained in accordance with industry standard practices.
Additional categories of information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Examples of information collected: Name, address, telephone number, and employment information. Also, financial information and payment card information if such is associated with you individually.
  • Source(s) of information: Directly from you; the company with which you are affiliated.
  • Purpose(s) of collection and use: All purposes listed in “How We Use Personal Information” above
  • Retention Considerations: Information that are associated with a client of ours will be retained for the length of time for which we maintain client records, plus a reasonable period thereafter, as determined by our legal obligations.
Commercial Information
  • Examples of information collected: Transaction history; billing and payment records; feedback information.
  • Source(s) of information: Directly from you; data generated by us.
  • Purpose(s) of collection and use: All purposes listed in “Our Use of Personal Information” above
  • Retention Considerations: Commercial information is maintained for the length of time we maintain customer information.
Internet or Electronic Network Activity Information
  • Examples of information collected: Device identifiers (MAC address); device type and operating system; mobile network information; cookie or tracking pixel information; usage information (information about products or pages you browse and other interactions with our websites, apps, and advertisements).
  • Source(s) of information: Automatically when you interact with us online or connect with our systems (such as wireless internet provided at our locations); service providers; third parties.
  • Purpose(s) of collection and use: All purposes listed in “Our Use of Personal Information” above
  • Retention Considerations: We dispose of this information on a regular basis, when no longer reasonably necessary for a business purpose.
Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information
  • Examples of information collected: Call recordings (such as customer service calls); photographs; video
  • Source(s) of information: Directly from you; automatically when you interact with us
  • Purpose(s) of collection and use: All purposes listed in “Our Use of Personal Information” above
  • Retention Considerations: We dispose of this information on a regular basis when no longer reasonably necessary for a business purpose.
Professional or Employment-Related Information
  • Examples of information collected: Current employer information
  • Source(s) of information: Directly from you or your employer when your employer is a customer of ours.
  • Purpose(s) of collection and use: All purposes listed in “Our Use of Personal Information” above
  • Retention Considerations: This information is typically retained for the length of time you or your employer is a customer.
Inferences Drawn About You
  • Examples of information collected: Interests; preferences
  • Source(s) of information: Directly from you; automatically when you interact with us; from third parties (commercial data brokers, other companies with which you engage)
  • Purpose(s) of collection and use: All purposes listed in “Our Use of Personal Information” above
  • Retention Considerations: This information is typically retained for the length of time you or your employer is a customer.

Your U.S. Privacy Rights and How to Exercise Them

U.S. residents may review the following to learn more about the privacy rights afforded to them in certain jurisdictions.

The Rights to Access, Correct, and Delete Personal Information

Available to residents of California, Colorado, Connecticut, Utah, and Virginia.

You have the right to request access to and receive certain details about what personal information we collect, use, and sell, as well as the right to request that we delete certain personal information that we have collected from you. If we hold personal information that is not accurate, you have the right to request that we correct this information.

To exercise these rights, you or your designated agent can exercise these rights by:

We will honor these requests in accordance with our legal obligations and in the timeframe permitted by the applicable law (generally 30-45 days).

The Right to Limit the Use of Sensitive Personal Information

Available to residents of California.

You have the right to request that we limit our use and disclosure of your “sensitive personal information,” (as that term is defined under the California Consumer Privacy Act (the CCPA)) to certain permissible purposes. However, we process sensitive personal information only as permitted by the CCPA, and we don’t use sensitive personal information to infer characteristics about you. Accordingly, we do not offer an option to limit further processing of Sensitive Personal Information.

The Right to Opt-Out of Sale or Sharing For Targeted Advertising Purposes

Available to residents of California, Colorado, Connecticut, Utah, and Virginia.

You have the right to opt-out of the sale of your personal information to third parties. Under the applicable privacy laws for your state, a “sale” means the exchange of your personal information for money but may include exchanges for other valuable consideration. You also have the right to opt-out of the sharing of your personal information for purposes of targeted advertising (called a “sharing” of personal information under the CCPA).

Opting Out of Online Sale/Sharing

Some of the tracking technologies we use on our online services may be considered a “sale” or “sharing” under applicable law. The categories of personal information we “sell” or “share” include: Identifying Information, Device Information and Other Unique Identifiers, Internet or Other Network Activity, Geolocation Data, and Commercial Data. We may disclose these categories of personal information to advertisers and marketing partners, data analytics providers, and social media networks. You can opt out of the sale or sharing via tracking technologies via the following methods:

  • For websites: you can adjust your cookie and other privacy settings in the cookie consent banner provided on our website. To opt-out of the sale/sharing of your personal information, please click on the “Do Not Sell My Personal Information” link in the cookies consent tool. If you do not see the cookie consent tool, please use your browser to clear your cookies and reload the page.

Residents of certain states may utilize a browser or extension that broadcasts an opt-out preference signal recognized as valid under the applicable law, such as the Global Privacy Control (GPC) (learn more here: https://globalprivacycontrol.org/orgs), we will honor such signal as a valid opt-out request for the browser identifier we associate with it.

Opting Out of Offline Selling/Sharing

Requests to opt out of “sale” / “sharing” will be linked to your browser identifier only unless you are logged in to an account with us and we are able to link your browser identifier to your account information. Accordingly, if you are not logged in or we are not otherwise able to associate your browser identifier with your account or other contact information, we are not able to link your request to opt-out of sale/sharing to sale/sharing transactions outside of the online context. Therefore, if you would like to opt-out of the sale/sharing of your personal information in the offline context, we recommend you submit a request vias our Request Form found https://www.derbysoft.com/contact/.

The Right to Opt-Out of Profiling

Available to residents of Colorado, Connecticut, and Virginia.

You have the right to opt-out of the use of your personal information for “profiling” in furtherance of decisions that produce legal or similarly significant effects concerning you. “Profiling” means using automated processing of your personal information to evaluate, analyze, or predict personal aspects concerning your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.  DerbySoft does not engage in such practices. Therefore, we do not offer the right to opt-out of this right.

The Right to Appeal Our Decisions Regarding Your Rights Requests

Available to residents of Colorado, Connecticut, and Virginia.

You may appeal our decision to your request regarding your personal information. To do so, please contact us by emailing us a privacy@derbysoft.com. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.

The Right to Non-Discrimination

Available to residents of California, Colorado, Connecticut, Utah, and Virginia.

You have a right not to receive discriminatory treatment for the exercise of your privacy rights. We will not engage in discriminatory actions with respect you exercise of rights available to you under applicable privacy laws.

Responding to Your U.S. Privacy Rights Requests

Receiving and Verifying Your Requests

You can submit your requests regarding your various privacy rights using the mechanisms described above. For some requests, you will be required to submit some personal information necessary for us to verify your identity, and we may contact you to verify the request. The personal information we request as part of the verification process will be used only to verify your request and demonstrate compliance with our obligations under the law.

Residents of California, Colorado, and Connecticut may designate an authorized agent to submit certain requests on your behalf. Authorized agents can submit requests in the same manner as the individuals on whose behalf they act. In accordance with the applicable law, we may require you and your agent to submit additional information to verify your and your agent’s identity, and to confirm the agent’s authorization to act on your behalf. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

GDPR Rights and Notices

If we process Personal Information from UK/EU residents in a manner subject to the General Data Protection Regulation or the UK GDPR (“GDPR) then, in addition to the above, the following information shall also apply to our collection, processing use and retention of that information:

Controller and Data Protection Officer

We have appointed Mara Angenendt with business address at 14800 Landmark Blvd., Suite 640, Dallas, Texas 75254 as data protection officer, which can be reached under privacy@derbysoft.net.

Data Protection Representative

Since DerbySoft as a company is not headquartered in the European Union, it has appointed the following company as its EU representative for data protection according to Art. 27 GDPR:

DerbySoft Technology Spain S.L. (Spain)
Avinguda Diagonal, 472, 08006 Barcelona, Spain

Source of Data

We will process your Personal Information mainly because you provided it to us, or we collected your Personal Information as described above. In certain cases, we may also receive Personal Information from third parties, such as service providers if permitted.

Basis and Purpose for Processing

As set out above, we collect and process Personal Information for which you have given your express consent at the time of collection. For example, we collect Personal Information when you elect to participate in one of our promotions. In addition we also collect and process Personal Information for the purposes of our legitimate interests, such as to help us better manage your sales enquiry, in order to improve our services, to deliver the services and perform obligations under contracts we have with you or your company, and to comply with our own legal obligations.

Legal Bases for Processing

In regard to Cookies the legal basis for the processing of Personal Information associated with the use of Cookies as described above is Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate interest of improvement of the stability and functionality of our Site (for “necessary cookies”) and Art. 6 para 1 sentence 1 lit. a GDPR on the basis of your consent for all other cookies (marketing- and analysis cookies). You can find further information about the cookies we set and on the duration of the cookie storage in the cookie settings of our cookie consent tool which is displayed always at the bottom of our Site.

The legal basis for the processing of Log Data and Tracking Images as described above is Art. 6 para. 1 sentence 1 lit. f GDPR.

The legal basis for the processing of Personal Information based on your communication with us by Email as described above is Art. 6 para. 1 sentence 1 lit. b GDPR, as we process the Personal Information in order to answer your request. Only DerbySoft employees who are working on such contact requests receive access to the Personal Information related to these emails.

In regard to our use of Google Analytics for the Site as described above, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR, as we will ask you for your consent for the processing of your Personal Information in this regard. You can refuse your consent or withdraw your consent at anytime with effect for the future. The related Personal Information may be processed by and to Google in the USA, Google LLC, Alphabet Inc., and Google Ireland Limited.

The legal basis for the processing of Personal Information in regard to the hosting of our site by our technology service provider and the storage on a third party server as described above, is Art. 6 para. 1 sentence 1 lit. b GDPR on the basis of your usage of our Site and Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate interest of improvement of the stability and functionality of our Site.

Sensitive Data

We do not collect sensitive data, for example, biometric data, health data or data revealing racial or ethnic origin from visitors to our Site.

Recipients/Access to Personal Information

Access to your Personal Information will in general only be granted to DerbySoft employees or employees of affiliated entities or subsidiaries of DerbySoft who require access to your Personal Information in order to fulfill the purposes as stated in this Privacy Policy and in order to provide you with the services. External recipients will receive access to your Personal Information only as described in this Privacy Policy and in particular but not exhaustive in the below section on “Onward Transfer and Categories of Recipients”.

Intercompany Transfer

We may transfer Personal Information belonging to you to our affiliated entities, e.g. any corporate subsidiaries or affiliates, in accordance with applicable UK/EU laws. Any such transfer will be subject to intercompany agreements incorporating UK or EU Standard Contractual Clauses including supplementary measures, in case the subsidiary or affiliated company is not located in the UK/EEA. A copy of the EU Standard Contractual Clauses can be obtained by contacting privacy@derbysoft.net.Onward Transfer and Categories of Recipients

Onward Transfer and Categories of Recipients

Except as otherwise provided in this Privacy Policy, we only disclose Personal Information to third-parties who reasonably need to have access to it for the purpose of the transaction or activity for which it was originally collected or to provide services to or perform tasks on our behalf or under our instruction. All such third-parties must agree to use such Personal Information we provide to them only for the purposes for which we have engaged them and they must: (a) comply with the applicable UK/EU Standard Contractual Clauses or another (transfer) mechanism permitted by the applicable UK/EU & Swiss data protection law(s) for transfers and processing of Personal Information (unless the third party is located in the UK/EEA); and (b) agree to provide adequate protections for the Personal Information that are no less protective than those set out in this Privacy Policy. Where we have knowledge that an entity to whom we have provided Personal Information is using or disclosing Personal Information in a manner contrary to this Privacy Policy, we will take reasonable and appropriate steps to prevent, remediate or stop the use or disclosure. You have a right to request a copy of such transfer mechanism. To exercise such right, please contact. privacy@derbysoft.net.

Authorized Transfer

We also may disclose Personal Information for other purposes or to other third-parties when you have consented to or explicitly requested such disclosure. Please be aware that we will disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, in accordance with applicable UK, EU & Swiss data protection law(s).

Data Processors

We may retain third-parties to process or analyze Personal Information we collect from our Site. For example, our Site may be maintained or hosted by a third-party service provider, a promotion may be administered by a sales promotion agency and/or products may be fulfilled by a wholesaler. These suppliers and other third-parties who provide services for us are contractually obligated not to use Personal Information about you except as we authorize.

Profiling and Automated Decision Making

We may analyze Personal Information we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use Personal Information about you to detect and reduce fraud and credit risk. We do not use your Personal information for any solely-automated-decision making.

Your Rights

You may contact us by e-mail at privacy@derbysoft.net to exercise the following rights:

  • access your data to check and review it;
  • have a copy of your Personal Information;

request that we supplement, correct or delete your Personal Information; or cease or restrict the collection, processing, use or disclosure of your Personal Information; the right of correction will include the right to have incomplete Personal Information completed, including by means of providing a supplementary statement;

object to the processing of your Personal Information;

receive the Personal Information you have provided to us in a structured, commonly used and machine-readable format and have it transmitted to another controller provided that the processing is based on your respective consent or to execute a contractual relationship or a relationship prior to entering into contract with you.

if we process your Personal Information on the basis of your consent, you can withdraw your consent at any time with effect for the future Please note that a withdrawal does not affect the legality of prior processing.

You also have the right to lodge a complaint with a supervisory (data protection) authority in relation to the processing of your Personal Information. To exercise such right and lodge a complaint, you can contact the supervisory authority competent for your place of residence or the one competent for our place of business. We would appreciate the opportunity to resolve the issue in advance of you making a complaint to the relevant authority.

If you request to have Personal Information removed, we may retain some of your Personal Information as necessary for the purposes of our legitimate business interests or in furtherance of public interests in accordance with applicable law.

Corrections and Updates

If you want to view, delete or modify your Personal Information, you may do so by sending an email to privacy@derbysoft.net. Please note that we may be required to keep certain information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives in accordance with applicable laws.

We reserve the right to verify the identity of any person making a request to opt-out, delete or modify Personal Information provided, however, that we will have no liability of any kind resulting from false or erroneous requests or any change or deletion made by us based on such a request.

Contact, Questions or Complaints

We take your privacy seriously and invite you to contact us at the address below also with any further questions or concerns you may have regarding this Privacy Policy or our collection, storage and use of your Personal Information:

DerbySoft, Inc. Attn: Legal Department
14800 Landmark Blvd., Suite 640
Dallas, Texas 75254

privacy@derbysoft.net

Report security or privacy issues that affect Derbysoft products or web servers.