Privacy Policy

INFORMATION FOR RESIDENTS OF CALIFORNIA AND CERTAIN OTHER U.S. STATES: Click here.

European Economic Area (“EEA”), Switzerland, and UK Residents: Click here.

Your privacy is important to DerbySoft, Inc. and its affiliates (“DerbySoft” or “we”) and we take it seriously. This Privacy Policy (the “Policy”), explains how and why we collect, use, disclose, and otherwise process your personally identifiable information (“personal information” or “data”) when you interact with us in the ways described below. How we process your personal information depends on which Services you use and how you use them. As a result, some of the information in this Policy may not apply to you.

The Scope of This Privacy Policy

This Policy describes how and why Derbysoft collects, uses, maintains, protects, discloses, or otherwise processes your personal information when:

you access and use our website(s), such as www.derbysoft.com or any other site that we operate that includes a link to this Policy (our “Site” or “Sites”);
we collect information about your access or use any of the Software-as-a-Service services, including but not limited to, software, and web applications (“Online Services”) that we operate and which link to this policy (“Service Usage Data“);
we conduct our business operations activities such as sales activities, marketing activities, user experience activities, event activities, support services (including via chat functions, email, text, or phone), professional services, or when you otherwise interact with us, including both online and offline interactions (“Business Operations”); and
when we recruit you for employment, such as when you apply for a job with us (“Recruitment Processes”).

This Policy also applies to personal information we collect from third parties about you.

Our Sites, Online Services, Business Operations, and Recruitment Processes are collectively referred to in this Privacy Policy as our “Services”.

This Policy does not apply to the extent we process personal information as a service provider/processor to provide business services pursuant to a data processing agreement with, and at the direction of, a corporate customer. This Policy also does not apply to personal information we process in our role as an employer.

Cross-Border Data Transmission

The Site is maintained by DerbySoft, Inc., which is headquartered in Dallas, Texas. Our primary data storage and processing facilities are in the United States of America (“USA”). If you access or otherwise use the Services from another country, please note that all data we collect will be transmitted outside of your country and into the USA, where it will reside and be processed. In addition, we may process or store your data in countries beyond your country and the USA. By continuing to access this Site, or by providing us with your personal information, to the extent permitted under applicable law, you explicitly consent to have your data processed and stored as described in this Policy.

Types of Personal Information We Collect

When you use our Services, we may collect the following types of personal information:

Identifiers, such as name, date of birth, email address, physical address, telephone number, account number or name and password.
Internet usage information, such as your browsing history, IP addresses, cookie IDs, search history, and information regarding your interactions with and use of the Sites. For more information, see “Cookies,” below.
Commercial information, including products purchased, potentially purchased, obtained or considered, or other purchasing or consumer history.
Approximate geolocation data.
Professional or Employment related information.

We may also collect the following types of personal information for Recruitment Processes:

Country and eligibility to work in the location applied for
Education information
Work history
Previous employment at DerbySoft
Specific skills, languages and professional licenses
Social security, driver’s license, state identification card, or passport number

How We Collect Personal Information

Information We May Collect Automatically

When you visit our Site, we may automatically receive and store certain types of information, such as the name of the domain and host from which you access the Internet; the IP address of the device you are using and the browser and operating system you are using; the date and time you access our Site; the Internet address of the website from which you linked to our Site; any search terms you used to find our Site; the device identifiers and mobile and network information, and your actions on our Site. We may retain this information to assist us in analyzing the behavior of visitors to our Site, to resolve problems with our network and, in general, to administer our Site.

Cookies

Derbysoft, and third parties acting on its behalf, may use cookies or similar technologies, such as web beacons or web bugs, to collect the information described above, including tracking your device’s browsing habits on our Site. Our Site uses cookies to maintain session information you provide to us, so that when you leave our Site and return, our Site will recognize your device. A “cookie” is a small text file that is sent to your computer to collect information about your activities on our Site. The cookie transmits this information back to the applicable Site each time your browser requests a page from our Site. “Web beacons” are small pieces of code placed on websites used to collect advertising metrics, such as counting page views, promotion views, or advertising responses. Our Site may also set cookies or web beacons to measure aggregate web statistics, including the number of monthly visitors, number of repeat visitors, most popular webpages and other information. We may also allow our third-party service providers to place cookies for the same purposes that we do and we may otherwise allow third-parties to use cookies as set out in this Policy.

You have a choice about most cookies. You can modify your browser preferences to allow you to accept or reject all non-necessary cookies or to notify you when a cookie is set. However, because information we obtain may be combined, we may still be able to identify your web browser, computer or mobile device when you access our Site even if you disable cookies. If you choose to reject all cookies, you may be unable to use certain areas of our Site. Please consult your browser instructions for information on how to modify your choices about cookies. Finally, you may delete any existing cookies manually from the hard drive of your device. For more information about cookies, please For more information on cookies, please see the Cookies section of this Policy and the Cookie Policy and List

We may use Google Analytics to help analyze how users use our Site, and we may use other third-party service providers to perform similar functions. Google Analytics uses cookies and other technologies to collect information such as how often users visit our Site, what pages they visit, and what other sites they used prior to coming to our Site. We use the information we get from Google Analytics only to improve our Site and Service. From our Site, Google Analytics collects the IP address assigned to you and some device configurations on the date you visit our Site. Google Analytics plants a persistent Cookie on your web browser to identify you as a unique user the next time you visit our Site. For more information about our use of Google Analytics, please visit https://policies.google.com/technologies/partner-sites.

Log Data

Our web servers may also collect “log data.” Log data provides aggregate information about the number of visits to different pages on our Site. We use log data for troubleshooting purposes and to track which pages people visit to improve our Site. We do not link log data collected to personal information. Third-party vendors may also collect aggregate log data independently from us.

Tracking Images

We may use tracking images (such as GIFs), which are small image files that we may embed into our emails and newsletters, to learn whether you opened or forwarded them or clicked on any of the content. This information tells us about the effectiveness of our emails and newsletters and helps us ensure that we’re delivering information that you find interesting.

Do-Not-Track

Some web browsers may transmit “Do-Not-Track” signals to websites with which the browser communicates. Because there is not yet an accepted standard for how to respond to browser Do-Not-Track signals, we do not currently respond to them.

Information You May Provide to Us

Generally, we may require you to provide certain personal information to access or use certain functions, products or services on our Site or otherwise provided as part of our Services, such as requesting information about our Services. We may collect personal information from you offline, such as when you visit us at a convention, visit our offices or request information over the phone. You can choose not to provide such personal information, in which case you may not be able to access or use such functions, products or services. This Personal Information may include:

Contact Information. Contact information includes your name, alias, business contact information, postal address, email address, telephone number, account name, social media handle, and similar information. We collect this in various contexts, including when you request information about our Services or otherwise provide it to us.

Commercial Transaction Information. We maintain records of commercial information related to our Services, including records of Services obtained or considered, as well as your purchasing or consuming history and tendencies.

Billing and Payment Information. To process payments, we collect and use your payment information. This can include your Contact Information along with your credit or debit card information and any other relevant information.

Professional Information. We collect information about the customer representatives and other individuals who engage with us regarding our Services, for example when you apply for a position with us. Professional information includes employer, work history, education history, professional certifications, and similar information.

Feedback data. We may collect personal information in or along with survey responses or in any other feedback or comments you give us.

Identity Verification Information. In certain contexts, for example when you apply for a position with us, we may be required to verify your identity by collecting information such as your social security number, driver’s license number, state or federal identification number, passport number, and similar identifiers.

Sensitive Personal Information. Except as described below, the Company will not request or otherwise collect or process information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, sexual orientation, genetic information, or biometric information for Recruitment Processes unless required by law. If you provide such information to us for Recruitment Processes, DerbySoft will only process such information if it is necessary.

Positions in the United States:

DerbySoft, or a third-party service provider under contract with DerbySoft, may check criminal history records for information about convictions, but only to the extent required or permitted by law.

You may have the option to provide information about your gender, race and ethnic origin, disability, and veteran status in order for DerbySoft to facilitate nondiscrimination in the

Recruitment Processes, including to conduct equal employment opportunity monitoring and to comply with government reporting obligations.

Whether you provide information about your gender, race and ethnic origin, disability, and veteran status is entirely voluntary. If you decline to provide this information, your application(s) will not be affected in any way. If you choose to provide this information, you consent to DerbySoft using it as described above. This information will not be used to evaluate your application for employment.

Positions in China: If you apply for a position in China, at the final offer stage, you may need to provide health declaration or medical records in order for DerbySoft to evaluate your fitness for the relevant job position. In such cases, DerbySoft will make sure that the processing of such information is only for this purpose, and DerbySoft’s processing of such information will be conducted with security measures in place and in a manner having the least impact on your personal rights and interest.

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Policy.

Information We May Collect From Others

For Recruitment Processes, we may also collect personal information from you through communications and interviews with DerbySoft employees and third parties, namely contact information, work and educational history from publicly available resources, prior employers, educational institutions, and other references, and to the extent required or permitted under applicable law, credit reports and criminal checks from pre-employment screening providers (in which case, we will collect dates of birth, social security numbers or other identifiers, alias names, driver license and other details as needed only to the extent permitted by law).

How We Use Your Personal Information

We may use your personal information for a variety of reasons. Depending on how you interact with our Site and Services, these include using personal information for the following purposes:

Delivering Our Services, including our business services, to you and to provide the related customer support, communication, and security.
Policy Enforcement, including enforcing our terms of service, and other policies.
Advertising & Marketing to send advertisements and marketing material via physical and electronic mail relating to specials and other promotional events or offers, perform marketing research and data analytics, and perform similar activities.
Contextual and Behavioral Targeting to provide contextual customization of ads shown as part of an interaction with our Site or application, using tracking technologies like cookies and pixels.
Counting Ad Impressions & Website Interactions to audit interactions with our Sites, applications, or advertisements, count ad impressions to unique visitors, verify position and quality of ad impressions, and perform similar activities.
Fraud Prevention to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to prosecute those responsible for that activity.
Processing Transactions to process or fulfill orders and transactions, verify customer information, process payments, and perform similar activities.
Defending Against Claims & Litigation to defend against or respond to potential or actual claims and litigation.

How We Disclose Your Personal Information

We may disclose your personal information to the following:

Business Services Providers. These are those persons or entities with whom we have a relationship to provide business operations services and support to DerbySoft. These providers may include the following:
- IT Operations Providers. These include cloud computing service providers, internet service providers, data backup and security providers, functionality and infrastructure providers, and similar service providers.
- Operations Providers. These include service providers with whom we partner to provide day-to-day business operations, including payment processors, security vendors, business software service providers, hospitality service providers, banks, facilities management providers.
- Professional Advisors. These include lawyers, accountants, consultants, security professionals, and other similar parties when disclosure is reasonably necessary to comply with our legal and contractual obligations, prevent or respond to fraud or abuse, defend ourselves against attacks, or protect the rights, property, and safety of us, our customers, and the public.
- Marketing and Advertising Providers. These include advertising, direct marketing, and lead generation providers, affiliate marketing program providers, retargeting platforms, data brokers, ad networks, marketing consultants, and similar services providers.
DerbySoft Entities. We may share personal data among the Derbysoft group of entities, including DerbySoft, Ltd. (Hong Kong), DerbySoft Technology Spain, S.L. (Spain), DerbySoft (UK) Limited (United Kingdom), Derbysoft, Inc. (Texas), and any subsidiaries, joint venturers, or other companies that we control or that are under common control with us.
Legally Required Parties/Governmental Entities. Persons to whom we are required by law to provide information, such as pursuant to a subpoena or a court order.
Reorganization. Persons involved in the consideration, negotiation, completion of a business transaction, including the sale, merger, consolidation, acquisition, change in control, transfer of substantial assets, bankruptcy, or reorganization, and any subsequent integration.
Authorized Disclosures. To any party when authorized by the individual to whom it pertains to share it.
Social Media. Our Site may contain plug-ins and other features that integrate third-party social media platforms into our Site. You will be able to activate them manually. If you do so, the third-parties who operate these platforms may be able to identify you, they may be able to determine how you use our Site and they may link and store this information with your social media profile. Please consult the data protection policies of these social media platforms to understand what they will be doing with your personal information. If you activate these plug-ins and other features, you will be doing so at your own risk.
Third-Party Websites. Our Site may contain links to other parties’ websites. This Policy, and our responsibility, is limited to our own collection practices. We do not have any control over such third-party websites and are not responsible for their privacy policies or practices. In addition, we cannot ensure the content of the websites maintained by these third-parties, even if accessible using a link from our Site. We urge you to read the privacy and security policies of any external websites before providing any personal information while accessing those websites.

Storage of Data

DerbySoft stores personal information for as long as reasonably necessary to fulfill the purposes described in this Policy and necessary for our business records, and as required under applicable law.

Protection of Your Data

We maintain appropriate technical and organisational measures designed to protect your personal information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, and access. DerbySoft personnel and service providers with access to personal information are required to keep such information confidential and secure. Despite our efforts, no security controls are 100% risk-free, and DerbySoft does not warrant or guarantee that your personal information will be secure in all circumstances.

Commercial Electronic Message Consent

By providing your email address to DerbySoft through our Site or otherwise, you affirmatively and expressly consent to receiving commercial emails from DerbySoft, to the extent permitted by applicable laws. DerbySoft may send you commercial emails in order to deliver a newsletter, to provide you with more information about our Services, and to provide you with updates, special offers, and other information, including but not limited to Site updates. You may unsubscribe from these commercial emails at any time by clicking on the “unsubscribe” link included in any email or by contacting DerbySoft via email at privacy@derbysoft.net.

Children

Our Site is not directed at children. Consistent with the Federal Children’s Online Privacy Protection Act of 1998 (COPPA), DerbySoft will not knowingly request or collect personally identifiable information from any child under age 13 without requiring parental consent. Any person who provides his or her personal information to use through our Site or the Services represents that he or she is older than 12 years of age. If we become aware that we have collected children’s personal information in a manner not permitted by COPPA, we will remove such data as required by COPPA. If you believe that we have mistakenly or unintentionally collected the personal information of a minor without appropriate consent please contact us via email at privacy@derbysoft.net and we will take steps to delete their personal information from our systems.

RESIDENTS OF CALIFORNIA AND CERTAIN OTHER U.S. STATES

If you are a resident of the State of California, which has enacted the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (as amended, the CCPA), or if you are a resident of another U.S. state where DerbySoft is subject to similar requirements (the “Other States”), this section applies to you.

NOTICE AT COLLECTION:

In addition to the chart below:

For more information on the categories of personal information that we collect or generate, and the sources of such personal information, please see the “How We Collect Personal Information” section above.

For more information on how and for what purposes we use personal information, please see the “How We Use Personal Information” section above.

For more information on how we disclose personal information, please see the “How We Disclose Personal Information” section above.

The table below generally identifies the categories of personal information that we collect and have collected in the prior twelve (12) months, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose. In some cases (such as where required by law), we may ask for your consent or give you certain choices prior to collecting or using certain personal information

What Personal Information We Collect or Generate	To Whom We Disclose It
Identifiers (such as name, alias, user ID, username, account number or unique personal identifier; email address, phone number, address and other contact information; IP address and other online identifiers, SSN, driver’s license number, passport number, tax ID and other government identifiers)	Advisors and agents Regulators, government entities and law enforcement Affiliates and subsidiaries Advertising networks Data analytics providers Social networks Internet service providers, operating systems and platforms Business customer/client Others as required by law Any other person at your direction or with your consent
Commercial information such as Events attended, products or services purchased, your Site preferences, transaction history, billing and payment records, feedback information, etc.	Advisors and agents Regulators, government entities and law enforcement Affiliates and subsidiaries Advertising networks Data analytics providers Social networks Internet service providers, operating systems and platforms Business customer/client Others as required by law Any other person at your direction or with your consent
Internet or Other Electronic Network Activity Information including, but not limited to, browsing history, search history, and information regarding your interaction with an internet website or application, as well as physical and network access logs and other network activity information] related to your use of any DerbySoft device, network, or other information resource.	Advisors and agents Regulators, government entities and law enforcement Affiliates and subsidiaries Advertising networks Data analytics providers Social networks Internet service providers, operating systems and platforms Business customer/client Others as required by law Any other person at your direction or with your consent
Location data such as approximate geolocation information about a particular individual or device.	Advisors and agents Regulators, government entities and law enforcement Affiliates and subsidiaries Advertising networks Data analytics providers Social networks Internet service providers, operating systems and platforms Business customer/client Others as required by law Any other person at your direction or with your consent
Audio recordings, photographs, video recordings, and other similar digital assets (including from our Events or conferences)	Advisors and agents Regulators, government entities and law enforcement Affiliates and subsidiaries Advertising networks Data analytics providers Social networks Internet service providers, operating systems and platforms Business customer/client Others as required by law Any other person at your direction or with your consent
Professional or employment‑related information such as current and former employer(s) and positions, performance information, professional membership records, references, assessment records, cover letters, resumes, attendance records, conduct information (including disciplinary and grievance records), and termination data	Advisors and agents Regulators, government entities and law enforcement Affiliates and subsidiaries Data analytics providers Internet service providers, operating systems and platforms Others as required by law Any other person at your direction or with your consent
Education Information such as degrees earned, educational institutions attended, transcripts, training records, and other information about your educational history or background that is not publicly available personally identifiable information as defined under the Family Educational Rights and Privacy Act	Advisors and agents Regulators, government entities and law enforcement Affiliates and subsidiaries Data analytics providers Internet service providers, operating systems and platforms Others as required by law Any other person at your direction or with your consent
Additional categories of information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) such as name, account name, user ID, contact information, education and employment information, SSN and government identifiers, account number, and financial or payment information	Advisors and agents Regulators, government entities and law enforcement Affiliates and subsidiaries Data analytics providers Internet service providers, operating systems and platforms Business customer/client Others as required by law Any other person at your direction or with your consent
Characteristics of Protected Classifications Under California and Federal Law such as race/ethnicity, gender, sex, veteran status, disability, and other characteristics of protected classifications under California or federal law. (Note: generally, this information is collected on a voluntary basis, and is used in support of our equal opportunity efforts, diversity and inclusion efforts, and reporting obligations, or where otherwise required by law).	Advisors and agents Regulators, government entities and law enforcement Affiliates and subsidiaries Data analytics providers Internet service providers, operating systems and platforms Others as required by law Any other person at your direction or with your consent
Sensitive Personal Information such as: (a) Social Security number and other government identifiers; (b) financial account and payment information (e.g., for direct deposit purposes); (c) racial/ethnic origin or sexual orientation (e.g., on a voluntary basis to support of our equal opportunity and diversity and inclusion efforts and reporting obligations, or where otherwise required by law, citizenship or immigration information; or union membership); and (d) health information (e.g., as necessary to provide reasonable accommodation)	Advisors and agents Regulators, government entities and law enforcement Affiliates and subsidiaries Data analytics providers Internet service providers, operating systems and platforms Others as required by law Any other person at your direction or with your consent

Sources of Personal Information. In general, we may collect the personal information identified in the table above from the following categories of sources:

Directly from you or your employer
From you or your activity or transactions with us, including with our Site
From cookies or other tracking technologies, unless you opt out

From call recordings (such as customer service calls)
From our photos or audio or video recordings of Events
From others who attend Events that you attend
Referrals and references
Former employers
Other Employees
Service providers and Third parties
Affiliates and subsidiaries
From websites or other digital properties where you have made such information public
From others, including data brokers, as permitted by law
From others, including our Business Partners or Sponsors, as directed by you or permitted by law

Sale and Sharing of Personal Information.CCPA laws define a “sale” as disclosing or making available to a third-party personal information in exchange for monetary or other valuable consideration, and “sharing” broadly includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. While we do not disclose personal information in exchange for monetary compensation, we may “sell” or “share” (as defined by CCPA) the following information: Identifiers, Commercial Information, and Device, internet, and electronic network activity information for targeted advertising. We do not “sell” or “share” (as defined by the CCPA) sensitive personal information, nor do we “sell” or “share” sensitive or non-sensitive personal information of those we know are under sixteen (16) years of age.

Retention

We retain the personal information we collect only as reasonably necessary for the purposes described below or otherwise disclosed to you at the time of collection. For example, we will retain your information as necessary to comply with our tax, accounting, and recordkeeping obligations, to consider you for additional positions (with your permission), as well as an additional period of time as necessary to protect, defend, or establish our rights, defend against potential claims, and comply with our legal obligations.

Purposes for Collecting, Using, Disclosing, and Processing Personal Information

Business operations and customer services: relating to the organization and operation of our business and our performance of services to customers, including related to:
auditing and assessing performance and business operations, including customer services and associated activities;
training and quality control;
customer development and providing after-sales services to customers;
satisfying customer reporting and auditing obligations;
facilitating business development opportunities, as relevant; and
facilitating communications in furtherance of the foregoing.
Recruiting, hiring and managing, and evaluating candidates: to review, assess, recruit, consider or otherwise manage candidates and job applications, including:
scheduling and conducting interviews;
identifying candidates, including by working with external recruiters;
reviewing, assessing and verifying information provided, and otherwise screening or evaluating Applicants’ qualifications, suitability and relevant characteristics;
extending offers, negotiating the terms of offers, and assessing salary and compensation matters;
satisfying legal and regulatory obligations;
communicating with Applicants regarding their applications and about other similar position(s) for which they may be interested;
maintaining Applicant personal information for future consideration; and
in support of our equal opportunity employment policy and practices.
Security and monitoring: to monitor and secure our resources, network, premises and assets, including:
to detect, prevent, investigate and respond to security and privacy incidents;
managing physical and technical access controls;
maintaining and reviewing access and use in order to ensure the security and functioning of our systems and assets; and
to ensure the security and functioning of our systems and assets, and secure our offices, premises and physical assets, including through the use of electronic access systems and video monitoring.

Health and safety: for health and safety purposes, such as contact tracing or including conducting appropriate screenings of Applicants prior to entering or accessing certain locations or premises.
Auditing, accounting and corporate governance:relating to financial, tax and accounting audits, and audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business purposes such as administration of our records retention program.
M&A and other business transactions: for planning, due diligence and implementation of commercial transactions, for example mergers, acquisitions, asset sales or transfers, bankruptcy or reorganization or other similar business transactions.
Defending and protecting rights: to protect and defend our rights and interests and those of third parties, including to manage and respond to Applicant and other legal disputes, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.
Complying with legal obligations: relating to compliance with applicable legal obligations (such as hiring eligibility, responding to subpoenas and court orders) as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulations, Social Security and tax laws, environmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.
Contacting you about potential positions: to identify other positions for which an Applicant may be suited or interested, and to contact Applicants about such positions. (If you do not wish to be contacted about potential positions, please let us know using the contact information below.)

Sensitive Personal Information. Notwithstanding the purposes described above, we do not collect, use, or disclose sensitive personal information about candidates beyond the purposes authorized by the CCPA. Accordingly, we only use and disclose sensitive personal information about candidates as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent, and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.

Your Privacy Rights

If you are a resident of California or one of the Other States, you have the following rights:

You have the right to opt out having your personal information sold, shared, or used for targeted advertising. You can exercise this right by managing your cookie preferences using the cookies consent tool or by clicking on the ‘Do Not Sell/Share My Personal Information’ link in the footer of our Site.
You can also opt out by visiting our Site with a legally recognized opt‑out preference signal enabled on your browser, such as the Global Privacy Control. Please note that our processing of the signal may be limited to the specific browser or device that you are using. You may need to renew your opt‑out choice if you use a different browser or device to access our Site, or if you clear your cookies.
Please note that DerbySoft does not engage in the offline “sale” of your personal information as defined by CCPA.

If you are a resident of California or one of the Other states, you also have the following rights and can exercise these rights by emailing us at privacy@derbysoft.net:

You have the right to know what personal information we have collected about you and to get access to that personal information.
You have the right to correct inaccurate personal information that we have collected about you.
You have the right to request that we delete the personal information that we have collected about you.
You have the right to request the portability of your personal information.
You have the right to appeal if we deny your request to exercise your rights of access, correction, deletion, or portability.
You have the right not to be discriminated against for exercising your rights under the CCPA or applicable laws with similar requirements. We will not discriminate against you for exercising your rights under the CCPA or laws with similar requirements.

California residents only: If you have concerns about the outcome of an appeal, you have the right to contact the Office of the Attorney General for the State of California.

Receiving and Verifying Privacy Rights Requests

We will take steps to verify your request by matching the information provided by you with the information we have in our records. Your request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient details that allows us to properly understand, evaluate, and respond to it.

In some cases, we may request additional information to verify your request or where necessary to process your request.

Authorized agents may initiate a request on behalf of another individual through one of the above methods; authorized agents will be required to provide proof of their authorization and we may also require that the relevant California resident directly verify their identity and the authority of the authorized agent.

Contact Us About This Notice

For additional details, or if you have questions regarding our use of your personal information as described in this Notice, you may email us at privacy@derbysoft.net.

European Economic Area (“EEA”), Switzerland, and UK Resident Rights and Notices

The following information applies to personal information related to EEA, Switzerland, and UK residents.

Throughout this notice we use the term “processing” to refer to all activities involving your personal data, including collecting, handling, storing, sharing, accessing, using, transferring, erasing and disposing of personal data.

This privacy notice (“Notice”) is provided to you in compliance with data protection laws. This notice does not confer any rights or obligations that are not conferred by law. This notice does not constitute or form part of any contract nor is it an offer to contract. This notice does not confer any contractual right on you, or place any contractual obligation on us.

Controller and Data Protection Contact

DerbySoft, Inc. with address at 14800 Landmark Blvd., Suite 640, Dallas, Texas 75254 is the Controller and can be reached at privacy@derbysoft.net.

Data Protection Representative and Contact

DerbySoft as a company is not headquartered in the EEA, and it has appointed the following EU representative for data protection according to Art. 27 GDPR:

DerbySoft Technology Spain S.L. (Spain)
Avinguda Diagonal, 472, 08006 Barcelona, Spain

Contact: privacy@derbysoft.com

Personal Data

We generally collect personal data directly from you (e.g., from your device, in your application, submitted online, in email, further communications, on the telephone or during interviews, or otherwise provided to us):

Contact Details – notably your name, address (including country), telephone number and email address;
Internet Usage Data – including your IP address, usage patterns, traffic data, location data, logs, other communication data, and the resources that you access, as well as information about your device and internet connection, including your operating system and browser type, including using cookies and similar tracking technologies through others that we engage to provide analytics services, serve advertisements, and perform related services across the web and in mobile apps. For more information on cookies, please see the Cookies section of this Policy and the Cookie Policy and List.
Professional Data – notably your resume, job history, academic history, job reference, experience, eligibility information, verification information, certificates and qualifications, interviews, notes related to the foregoing.
Other Data – any other data you provide us over the course of your business relationship with us, within your application, or during Recruitment Processes.

In some cases, we may collect personal data about you from other sources:

From call recordings (such as customer service calls)
From our photos or audio or video recordings of Events
From others who attend Events that you attend
Referrals and references
Former employers
Other Employees
Service providers and Third parties
Affiliates and subsidiaries
From websites or other digital properties where you have made such information public
From others, including data brokers, as permitted by law
From others, including our Business Partners or Sponsors, as directed by you or permitted by law
From Recruitment agencies (Contact Details, Application Data);

We process “special categories” of personal data (also called “sensitive personal data”), which is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation as part of your use of the Services only to the extent that is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law, or where processing is necessary for the establishment, exercise or defense of legal claims.

You are generally not required to provide your personal data to us unless applicable law requires it or where we have to collect personal data for compliance with a legal obligation to which we are subject. However, if you do not provide your personal data, we might not be able to decide whether you qualify for a job position. In some cases, this may mean that we will be unable to hire you.

Purposes of Processing Personal Data and Legal Bases

We process your personal data to operate our business, make hiring decisions, and comply with our legal obligations. More specifically, we process your personal data for the purposes and rely on the legal bases set forth in the table below. Where relevant, the legitimate interest in processing personal data is also included in the table below.

The relevant legal bases are:

Contract Performance: processing is necessary to take precontractual measures, enter into a contract with you, or perform a contract with you at your request;
Legal Obligations: processing is necessary for us to comply with a Member State or EU legal obligation;
Legitimate Interests: processing is in our legitimate interests as a business, or the legitimate interests of a third party, and those interests are not overridden by your interests, fundamental rights or freedoms; or
Consent: processing is based on your prior, freely given consent. You will be informed about the purposes of such processing prior to being asked to give consent.

In exceptional cases, we may process Personal Data to protect your Vital Interests or those of another person, or because processing is necessary for the performance of a task we carry out in the PublicInterest.

Purpose of processing Categories of Personal Data processed	Legal basis	Legitimate interest (where relevant)
When you elect to participate in one of our promotions Contact Details	Contract Performance	Not Applicable
To help us manage your sales enquiry Contact Details	Contract Performance: where there is no Legal Obligation Legitimate Interests: where there is no Legal Obligation or Contract Performance	We have a legitimate interest to respond to inquiries that you make regarding our Services
To deliver the Services and perform obligations under contracts we have with you or your company Contact Details	Contract Performance	Not Applicable
To host our Site, and maintain and optimize Site performance Internet Usage Data Contact Details Professional Data	Legitimate Interests: where there is no Legal Obligation or Contract Performance	We have a legitimate interest to host our Site and maintain and optimize our Site’s performance in order to successfully provide and promote our Services
To market or advertise our Services to you Contact Details Internet Usage Data	Legitimate Interests: with your Consent where required by applicable law	We have a legitimate interest to use your personal information for marketing purposes in order to develop and grow our business and Services and promote the reputation of our firm. We will, where required by applicable law, obtain your consent to send such communications.
To respond to your application Contact Details	Contract Performance	Not Applicable
To assess your suitability to work for us and make a decision whether to offer you employment (such as verification of qualifications and employment eligibility; evaluation and selection of candidates; setting up and conducting interviews and tests; conducting evaluations, assessments and otherwise as needed in the recruitment process) Application Data Other Data	Legal Obligation: such as ensuring that we do not unlawfully discriminate in our hiring decisions Contract Performance: where there is no Legal Obligation Legitimate Interests: where there is no Legal Obligation or Contract Performance	We have a legitimate interest in ensuring that we hire the most qualified and appropriate candidate, in order to protect our reputation, assets and stakeholders (employees and shareholders)
To ensure that you are a suitable candidate for a job position Application Data Other Data	Legal Obligation: determining your right to work Contract Performance: where there is no Legal Obligation Legitimate Interests: where there is no Legal Obligation or Contract Performance	We have a legitimate interest in ensuring that we do not make offers to or hire candidates who pose an unacceptable risk to us and/or our customers and their end users, in order to protect our reputation, assets and stakeholders (employees and shareholders)
To offer jobs and provide contracts of employment Contact Details Application Data	Legal Obligations: to issue written particulars or terms of employment and not to unlawfully discriminate in the terms of any offer to you Contract Performance: entering into an employment contract with you where Legal Obligations do not apply	Not Applicable
To include you in our talent pool and contact you should a suitable position be available Contact Details	Consent	Not Applicable
To facilitate visits to our premises and ensure security of our premises Contact Details	Contract Performance: to make a hiring decision Legitimate Interests: where Contract Performance does not apply	We have a legitimate interest in having candidates visit the premises and meet potential future colleagues in person
To safeguard our rights All categories	Legitimate Interests Special category data processing: We process special categories of personal data in this context only to the extent necessary for the purpose of establishment, exercise and defense of legal claims.	We have a legitimate interest in protecting our reputation, our business and our stakeholders (employees, shareholders) by establishing, exercising and defending legal claims.
To comply with legal obligations to which we are subject (e.g., deriving from tax law, sanctions regulations or other applicable law) All categories	Legal Obligations Legitimate Interests: where Legal Obligations do not apply Special category data processing: we process special categories of personal data in this context only to the extent that is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law, or where processing is necessary for the establishment, exercise or defense of legal claims.	We have a legitimate interest in the fulfillment of legal obligations to which we are subject, even if these do not derive from Member State or EU law, as long as the associated processing of personal data would in principle also be regarded as necessary and proportionate in a democratic society and the fundamental rights and legitimate interests of implicated data subjects are taken into account
Business restructuring and corporate transactions (including sale of all or part of Company asset(s) and or activity(ies)) All categories	Legitimate Interests Special category data processing: we process special categories of personal data in this context only to the extent necessary for the purposes of carrying out the obligations and exercising your rights or ours in the field of employment law, social security and social protection law, or where processing is necessary for the establishment, exercise or defense of legal claims.	We have a legitimate interest in planning and implementing changes within the business; regarding corporate transactions, we have a legitimate interest in disclosing information regarding our customers, workforce (including candidates), assets and activities to potential buyers or acquirers, and their external counsel
To manage queries or complaints relating to the recruitment process and carry out compliance investigations All categories	Legitimate Interests Special category data processing: we process special categories of personal data in this context only to the extent that is necessary for the purposes of carrying out the obligations and exercising your rights or ours in the field of employment law, social security and social protection law, or where processing is necessary for the establishment, exercise or defense of legal claims.	We have a legitimate interest in ensuring the recruitment process is fair and transparent, and to carry out compliance investigations to safeguard that we comply with our policies and legal obligations; we also have a legitimate interest in protecting our reputation, our business and our stakeholders (employees, shareholders) by establishing, exercising and defending legal claims
For any of the above listed purposes it might be necessary to transfer data to our affiliates All categories	Consent: where the relevant processing activity listed above relies on your consent Contract Performance: where we do not ask for your consent but take pre-contractual steps Legitimate Interests: where Consent and Contract Performance do not apply Special category data processing: we process special categories of personal data in this context only to the extent that is necessary for the purposes of carrying out the obligations and exercising your rights or ours in the field of employment law, social security and social protection law or where processing is necessary for the establishment, exercise or defense of legal claims.	We, as part of the DerbySoft group of companies, have a legitimate interest in transferring your personal data within the group for internal administrative purposes where this is necessary for the purposes of effective recruitment

Sharing Your Personal Data

As part of a multinational with affiliates in several countries, the Company may use resources and hire for its sites, outside the country where you live. Your personal data may be shared with affiliated companies where it is reasonable and necessary to do so, such as to ensure a consistent application of standards for candidate recruitment. Within the Company, your personal data can be accessed by or may be disclosed internally on a need-to-know basis to persons responsible for managing or making hiring decisions, Human Resources staff, system administrators and other support teams (such as IT and Finance).

We also share your personal data with service providers that process personal data on our behalf and subject to our instructions as data processors, for the purpose of providing their professional services to us:

Business Services Providers. These are those persons or entities with whom we have a relationship to provide business operations services and support to DerbySoft. These providers may include the following:
- IT Operations Providers. These include cloud computing service providers, internet service providers, data backup and security providers, functionality and infrastructure providers, and similar service providers.
- Operations Providers. These include service providers with whom we partner to provide day-to-day business operations, including payment processors, security vendors, business software service providers, hospitality service providers, banks, facilities management providers.
- Professional Advisors. These include lawyers, accountants, consultants, security professionals, and other similar parties when disclosure is reasonably necessary to comply with our legal and contractual obligations, prevent or respond to fraud or abuse, defend ourselves against attacks, or protect the rights, property, and safety of us, our customers, and the public.
- Marketing and Advertising Providers. These include advertising, direct marketing, and lead generation providers, affiliate marketing program providers, retargeting platforms, data brokers, ad networks, marketing consultants, and similar services providers.

DerbySoft Entities. We may share personal data among the Derbysoft group of entities, including DerbySoft, Ltd. (Hong Kong), DerbySoft Technology Spain, S.L. (Spain), DerbySoft (UK) Limited (United Kingdom), Derbysoft, Inc. (Texas), and any subsidiaries, joint venturers, or other companies that we control or that are under common control with us.

Legally Required Parties/Governmental Entities. Persons to whom we are required by law to provide information, such as pursuant to a subpoena or a court order.

Reorganization. Persons involved in the consideration, negotiation, completion of a business transaction, including the sale, merger, consolidation, acquisition, change in control, transfer of substantial assets, bankruptcy, or reorganization, and any subsequent integration.

Authorized Disclosures. To any party when authorized by the individual to whom it pertains to share it.

Social Media. Our Site may contain plug-ins and other features that integrate third-party social media platforms into our Site. You will be able to activate them manually. If you do so, the third-parties who operate these platforms may be able to identify you, they may be able to determine how you use our Site and they may link and store this information with your social media profile. Please consult the data protection policies of these social media platforms to understand what they will be doing with your personal information. If you activate these plug-ins and other features, you will be doing so at your own risk.

Third-Party Websites. Our Site may contain links to other parties’ websites. This Policy, and our responsibility, is limited to our own collection practices. We do not have any control over such third-party websites and are not responsible for their privacy policies or practices. In addition, we cannot ensure the content of the websites maintained by these third-parties, even if accessible using a link from our Site. We urge you to read the privacy and security policies of any external websites before providing any personal information while accessing those websites.

Third parties who provide us with other services relevant to your recruitment, namely: recruiters; immigration and other authorities for the purpose of compliance with laws and regulations applicable to us.

If your application for employment with DerbySoft is successful and you accept a job offer from us, your personal data may also be shared as described in our employee privacy notice, and notably with Human Resources management, payroll and benefits systems, and the personal data contained in such systems may be accessible by providers of those systems, their affiliated companies and sub-contractors; tax authorities; regulatory authorities; courts and other judicial authorities; and our lawyers, auditors, investors, consultants and other professional advisors.

DerbySoft expects all third parties to process any personal data disclosed to them in accordance with applicable law and contract terms, including with respect to personal data confidentiality and security.

The legal bases relevant for the transfer of personal data to third parties can be found in Section 2 above.

Security of Personal Data

We implement what we determine to be reasonable physical, technical and administrative security standards designed to protect your personal data from loss, misuse, alteration, destruction or damage.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our systems; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorized access.

Where We Process and Store your Personal Data

From time to time your personal data will be transferred outside your country for the purposes described in this notice. For example, your personal data may be transferred, among other purposes, to conduct the review of your application, the processing of your details or the provision of support services.

We may share your personal data with colleagues within the Company, or with colleagues at DerbySoft affiliates in the United States or China, neither of which has received a relevant decision of the European Commission or UK government confirming that it provides adequate protection to personal data. These transfers to countries that have not been determined by the European Commission to grant adequate protection to personal data are subject to appropriate safeguards; within the DerbySoft group, we use the standard contractual clauses approved by the European Commission, unless GDPR provides for an exception. In addition, we intend to, where necessary, agree on additional measures with recipients to ensure an adequate level of data protection.

We also share data with third parties as described in this Notice, relying either on an adequacy decision (a list of the European Commission’s adequacy decisions can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) or legally acceptable mechanisms that ensure an adequate level of protection, namely standard contractual clauses approved by the European Commission or binding corporate rules. Those third parties may be located in the United States, which has not been determined by the European Commission or UK government to provide adequate protection to personal data, and Spain and the United Kingdom, which have been determined by the European Commission or UK government to provide adequate protection to personal data.

Where applicable, you are entitled, upon request sent to privacy@derbysoft.net, to receive a copy of the relevant contract (standard contractual clauses or binding corporate rules) showing that appropriate safeguards have been taken to protect your personal data in connection with such transfer. If we use standard contractual clauses of the European Commission, where the transfer is made to a service provider acting as a data processor for us, we rely on Module Two (transfer from data controllers to data processors). If the transfer is made to third parties (acting as controllers), we rely on Module One (transfer from data controllers to data controllers).

Retention of your personal data

Your personal data will generally only be stored until the personal data is no longer necessary in relation to the purposes for which it was collected (or otherwise processed).

If we cannot offer you the job for which you apply, we will delete your personal data in accordance with the requirements of applicable law.

As an exception, personal data may be stored longer where processing is necessary for compliance with a legal obligation – including compliance with statutory retention periods – to which we are subject or for the establishment, exercise or defense of legal claims.

Your Rights

Subject to any specific conditions provided under applicable data protection law, you have the following rights in respect of your personal data:

Right to Access – you have the right to request access to and a copy of any of your personal data that the Company may hold , and to obtain information about the processing of that data, insofar the rights and freedoms of others are not adversely affected.

Right to Rectify – the Company will take steps in accordance with applicable legislation to keep your personal data accurate, complete and up-to-date. You are entitled to have any inadequate, incomplete or incorrect personal data corrected (that is, rectified) or completed.
Right to Erasure – you are entitled to have your personal data erased under specific circumstances, such as where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds (see below), where personal data is unlawfully processed, or for compliance with a legal obligation to which we are subject. The right to deletion, however, does not apply in particular where the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
Right to Restriction of Processing – you have the right to restrict our processing of your personal data (that is, allow only its storage) where:

you contest the accuracy of the personal data, until we have taken sufficient steps to correct or verify its accuracy;
the processing is unlawful but you do not want us to erase the personal data;
we no longer need your personal data for the purposes of the processing, but you require such personal data for the establishment, exercise or defence of legal claims; or
you have objected to processing justified on legitimate interest grounds (see below), pending verification as to whether the Company has compelling legitimate grounds to continue processing.

Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise or defence of legal claims.

Right to Withdraw Consent – in the event your personal data is processed on the basis of your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Data Portability – where we are relying (as the legal basis for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party or to take steps at your request prior to entering a contract, and the personal data is processed by automated means, you have the right to receive all such personal data which you have provided to the Company in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
Right to Object to Processing Based on Legitimate Interest Basis – where we are relying upon our legitimate interests to process personal data, you have the right to object to that processing based on grounds related to your particular situation. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defense of legal claims. Where we rely upon legitimate interest as a legal basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
Right to lodge a complaint – you also have the right to lodge a complaint with the supervisory authority, in particular of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal data infringes applicable law.

How to Contact Us; How to Exercise Your Rights

To obtain further information regarding your rights, to exercise any of your rights (other than to lodge a complaint), or to ask any questions regarding the processing of your personal data, please contact privacy@derbysoft.net. If appropriate, we may ask you for additional information to verify your identity. To lodge a complaint, please contact the relevant Data Protection Supervisory Authority.

Changes to this Notice Any changes or updates we may make to this notice will be posted on this page in advance. If we still have your email on file, as described in Section 6 above, we will notify you in advance by email of any changes to this notice that are material. For other changes, please check back frequently to see any updates or changes to this notice.

Hello world!

Hello world!

DerbySoft Acquires Leading Travel Trade Marketplace, PKFARE