We may make additional features, functionality, offers, activities or events available to you subject to additional or different privacy rules that we disclose in connection with those opportunities.
If you are a California resident, please see “Your California Privacy Rights” below for more information about your privacy rights under California law. If you are a Nevada resident, please see “Your Nevada Privacy Rights” below for more information about your privacy rights under Nevada law.
Cross-Border Data Transmission
DerbySoft is headquartered in Dallas, Texas, and our primary data storage and processing facilities are in the United States of America (“USA”). If you are accessing the Services from another country, please note that all data we collect will be transmitted outside of your country and into the USA, where it will reside and be processed. In addition, we may process or store your data in countries beyond your country and the USA. By continuing to access this Site, or by providing your Personal Information, you explicitly consent to have your data so processed and stored, to the extent this is possible or necessary under the relevant applicable laws.
Personal Information We Collect
When you visit our Site, access or use certain functions, products or services on our Site or otherwise provided as part of our Services, visit us at a convention, visit our offices or request information over the phone, we may collect the following types of Personal Information:
- Identifiers, such as name, date of birth, email address, physical address, telephone number, account number or name and password.
- Internet usage information, such as your browsing history, IP addresses, cookie IDs, search history, and information regarding your interactions with and use of the Websites. For more information, see “Cookies,” below.
- Commercial information, including products purchased, potentially purchased, obtained or considered, or other purchasing or consumer history.
- Professional or employment-related information, including information contained in applications for job positions, such as resumes shared with us.
- Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
- Geolocation data, used to determine which retailer of our products and services is closest to the consumer.
- Inferences drawn from any of the above-referenced information to create a profile about your preferences, characteristics, behavior, and attitudes.
How We Collect Personal Information
Information We May Collect Automatically
Information about your computer. When you visit our Site, we may automatically receive and store certain types of information, such as the name of the domain and host from which you access the Internet; the IP address of the computer you are using and the browser and operating system you are using; the date and time you access our Site; the Internet address of the website from which you linked to our Site; any search terms you used to find our Site; the device identifiers and mobile and network information, and your actions on our Site. We may retain this information to assist us in analyzing the behavior of visitors to our Site, to resolve problems with our network and, in general, to administer our Site.
You always have a choice with regard to cookies. You can modify your browser preferences to allow you to accept or reject all cookies or to notify you when a cookie is set. However, because information we obtain may be combined, we may still be able to identify your web browser, computer or mobile device when you access our Services even if you disable cookies. If you choose to reject all cookies, you may be unable to use certain areas of our Site. Please consult your browser instructions for information on how to modify your choices about cookies. Finally, you may delete any existing cookies manually from the hard drive of your device. For more information about cookies, please visit www.allaboutcookies.org.
Our web servers may also collect “log data.” Log data provides aggregate information about the number of visits to different pages on our Site. We use log data for troubleshooting purposes and to track which pages people visit in order to improve our Site. We do not link log data collected to Personal Information. Third-party vendors may also collect aggregate log data independently from us.
We may use tracking images (such as GIFs), which are small image files that we may embed into our emails and newsletters, to learn whether you opened or forwarded them or clicked on any of the content. This information tells us about the effectiveness of our emails and newsletters and helps us ensure that we’re delivering information that you find interesting.
Information You May Provide to Us
Generally, we may require you to provide certain Personal Information in order to access or use certain functions, products or services on our Site or otherwise provided as part of our Services, such as requesting information about our products or requesting that your event be added to our event calendar. We may collect Personal Information from you offline, such as when you visit us at a convention, visit our offices or request information over the phone. You can choose not to provide such Personal Information, in which case you may not be able to access or use such functions, products or services.
If you choose to email DerbySoft, we may retain your email addresses and copies of your email(s) – including whatever content is in such emails – either separately or in the same database. Also, we (or our third-party providers) may use tools to help prevent and block “spam” email, viruses and other harmful or unwanted communications and programs that may be attached to or in the text of emails. These tools may automatically scan your emails, file attachments and other files and communications to help us protect you and DerbySoft against these harmful or unwanted communications and programs.
How We Use and Share Your Personal Information
We may use financial information or payment method you provide to process payment for any purchases, subscriptions or sales made on our Site or through the Services, to protect against or identify possible fraudulent transactions, and otherwise as needed to manage our business.
We may share your Personal Information with our affiliated entities, e.g. any corporate subsidiaries or affiliates.
Third-Party Service Providers
We may use third-party service providers to perform services on our behalf, including: payment processing, technology services, analytics, marketing, mailing and emailing.
Our Site, and therefore the information we collect in connection with it, is hosted by our technology service provider and stored on a third-party server. Therefore, our technology service provider technically has access to your Personal Information and other information; however, we control their actual access to this information by agreement, and they are not permitted to access it, unless we permit them to do so. We will only permit them to access your Personal Information as necessary to repair, maintain, host or improve our Site, and they will never be permitted to contact you as a result of this access.
We may disclose any information, including Personal Information, about you in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion and in accordance with applicable laws.
Emergencies, Fraud Prevention and Rights Enforcement
We may also use or disclose information, including Personal Information, about you when we believe disclosure is appropriate in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our website terms and conditions or other agreements or policies.
We may disclose your Personal Information to a third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
Otherwise With Your Permission
We may use or disclose your Personal Information as you may otherwise request or agree.
Social Media and Links to Third-Party Websites
Our Site may contain plug-ins and other features that integrate third-party social media platforms into our Site. You will be able to activate them manually. If you do so, the third-parties who operate these platforms may be able to identify you, they may be able to determine how you use this website and they may link and store this information with your social media profile. Please consult the data protection policies of these social media platforms to understand what they will be doing with your Personal Information. If you activate these plug-ins and other features, you will be doing so at your own risk.
Storage of Data
Protection of Your Data
While we cannot guarantee the full security of anyone’s data (including our own), we understand the importance of data security and therefore take reasonable technical and organizational measures to protect your Personal Information – and the information systems on which your Personal Information is stored – in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction and we contractually require our suppliers and service providers to protect your Personal Information.
Commercial Electronic Message Consent
By providing your email address to DerbySoft through our Site or otherwise, you affirmatively and expressly consent to receiving commercial emails from DerbySoft, to the extent this is possible and necessary under the relevant applicable laws. DerbySoft may send you commercial emails in order to deliver a newsletter, to provide you with more information about our Services, and to provide you with updates, special offers, and other information, including but not limited to Site updates. You may unsubscribe from these commercial emails at any time by clicking on the “unsubscribe” link included in any email or by contacting DerbySoft via email at firstname.lastname@example.org.
Our Site is not directed at children. Consistent with the Federal Children’s Online Privacy Protection Act of 1998 (COPPA), DerbySoft will not knowingly request or collect personally identifiable information from any child under age 13 without requiring parental consent. Any person who provides his or her Personal Information to use through our Site or the Services represents that he or she is older than 12 years of age. If we become aware that we have collected children’s Personal Information in a manner not permitted by COPPA, we will remove such data as required by COPPA.
Your California Privacy Rights
California Consumer Privacy Act of 2018 (the “CCPA”)
This section applies to California residents whose Personal Information is subject to the CCPA. If you are not a California resident, the rights described in this section do not apply to you.
Summary of Personal Information Collected, Sources of Personal Information and Uses of Personal Information
Please see “Personal Information We Collect,” above, for a description of each category of Personal Information we have collected from consumers in the previous 12 months. Information about the categories of sources from which we collect Personal Information and the purposes for which we use Personal Information are described above in “How We Collect Personal Information” and “How We Use and Share Your Personal Information,” respectively.
Summary of Personal Information We Have Shared for a Business Purpose
Below is a summary of the categories of Personal Information we shared for a business purposes during the previous 12 months and the categories of third parties with whom we shared such Personal Information.
|Categories of Personal Information Shared for a Business Purpose||Categories of Third Parties With Whom We Shared Personal Information for a Business Purpose|
|Identifiers||First and last name|
|Internet usage information||Browsing history of derbysoft.com|
IP address while browsing derbysoft.com
Cookie ID’s assigned while browsing dersbyoft.com
|Commercial information||Sales enquiries directed to DerbySoft’s sales team|
|Geolocation data||Geolocation data based upon your IP address while browsing derbysoft.com|
|Inferences||Based on the company address provided during a sales enquiry, we infer which sales region your are based in|
Your CCPA Rights
Subject to certain legal limitations and applicable exceptions, California residents may exercise the following rights.
- Right to Know. You have the right to request that we disclose to you the categories of Personal Information we have collected, used, disclosed and sold about you in the preceding 12 months, the categories of sources from which we collected the Personal Information, the purposes for collecting the Personal Information, and the categories of third parties with whom we have shared or sold your Personal Information. You may also request information about the specific pieces of Personal Information we have collected about you.
- Right to Delete. You have the right to request that we delete your Personal Information that we have collected from you, subject to certain exceptions.
- Under the CCPA, you also have the right not to receive discriminatory treatment from us as a result of your exercising these rights.
- How to Exercise Your Rights
- You may exercise your rights under the CCPA by either:
- emailing us at email@example.com;
- submitting a request form found https://www.derbysoft.com/contact/
You may also designate an authorized agent to exercise these rights on your behalf by following the process described in “Authorized Agents,” below.
You may request access to your Personal Information twice in any 12-month period, measured from the date we receive your first request. If you submit a request to obtain your Personal Information more than twice in any 12-month period, we will either: (i) proceed with honoring your request; or (ii) deny your request in writing.
In order for you to exercise your CCPA rights, we will need to obtain certain information from you to verify your identity.
For a report of the specific Personal Information we have collected about you, you must provide us with three of the following pieces of information in order for us to verify your identity:
- Full Name
- Email Address or
- Phone number
You also must provide us with a signed declaration, under penalty of perjury, that you are who you say you are.
For a report of the categories of Personal Information we have collected about you or for a request to delete your Personal Information, you must provide us with two of the above-referenced pieces of information in order for us to verify your identity.
To the extent possible, we will use our existing account authentication practices to verify your identity. Where necessary, we may request additional information about you so that we can verify your identity. Where we did not already hold that information, we will use it only for the purpose of verifying your identity and to process your request. If you are submitting a request on behalf of a household, we will need to verify each member of the household in the manner set forth in this section.
California residents can empower an “authorized agent” to submit CCPA requests on their behalf through the same means outlined above through which a California resident may submit a request. Unless the California resident has provided the authorized agent with a power of attorney under the California Probate Code, we will also require the following before processing a request submitted via an authorized agent:
- proof of the consumer’s identity sufficient to satisfy our verification process that otherwise applies to CCPA requests; and
- signed authorization from the consumer permitting the authorized agent to submit CCPA requests on their behalf.
We may also require the consumer to confirm with us directly that the agent is authorized to act on their behalf.
We will respond to Right to Delete requests and Right to Know requests within 45 calendar days, unless we need more time, in which case we will notify you and may take up to 90 calendar days total to respond to your request.
We may update this Policy from time to time. The current Policy will be effective when posted. Please check this Policy periodically for updates. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will notify you of any changes to this Policy by posting an update on the Site.
If you are having trouble viewing or accessing this Policy or need it made available to you in an alternative format, please contact us at firstname.lastname@example.org.
California “Shine the Light Law”
Under California Civil Code Section 1798.83, if an individual who is a California resident has provided Personal Information to a business in connection with a business relationship that is primarily for personal, family or household purposes, and if that business has within the immediately preceding calendar year disclosed such an individual’s Personal Information to a third-party and knows or should have known that such third-party used the information for its own direct marketing purposes, then that business is obligated to disclose in writing to such individual upon request, what Personal Information was shared and with whom it was shared.
Any request for a disclosure required under this California law should be sent to us via email at email@example.com or via regular mail at:
DerbySoft (Hong Kong) Limited
Attn: Regulatory Department
14800 Landmark Blvd., Suite 640
Dallas, Texas 75254
Please note that under this law, we are neither required to respond to a customer’s request more than once in a calendar year nor are we required to respond to any request that is not sent to the email or mailing address designated above.
Your Nevada Privacy Rights
Corrections and Updates
If you want to view, delete or modify your Personal Information, you may do so by sending an email to firstname.lastname@example.org. Please note that we may be required to keep certain information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives in accordance with applicable laws.
We reserve the right to verify the identity of any person making a request to opt-out, delete or modify Personal Information provided, however, that we will have no liability of any kind resulting from false or erroneous requests or any change or deletion made by us based on such a request.
Contact, Questions or Complaints
DerbySoft (Hong Kong) Limited
Attn: Regulatory Department
14800 Landmark Blvd., Suite 640
Dallas, Texas email@example.com
Terms Applicable to Data from UK/EU Member Countries
If we process Personal Information from UK/EU residents in a manner subject to the General Data Protection Regulation or the UK GDPR (“GDPR) then, in addition to the above, the following information shall also apply to our collection, processing use and retention of that information:
Controller and Data Protection Officer
The relevant controller for your Personal Information is DerbySoft (Hong Kong) Limited
14800 Landmark Blvd., Suite 640, Dallas, Texas 75254 (contact: firstname.lastname@example.org). We have appointed Mara Angenendt with business address at 14800 Landmark Blvd., Suite 640, Dallas, Texas 75254 as data protection officer, which can be reached under email@example.com.
Data Protection Representative
Since DerbySoft as a company is not headquartered in the European Union, it has appointed the following company as its EU representative for data protection according to Art. 27 GDPR:
[DerbySoft Technology Spain S.L. (Spain)
Avinguda Diagonal, 472, 08006 Barcelona, Spain
Source of Data
We will process your Personal Information mainly because you provided it to us, or we collected your Personal Information as described above. In certain cases, we may also receive Personal Information from third parties, such as service providers if permitted.
Basis and Purpose for Processing
As set out above, we collect and process Personal Information for which you have given your express consent at the time of collection. For example, we collect Personal Information when you elect to participate in one of our promotions. In addition we also collect and process Personal Information for the purposes of our legitimate interests, such as to help us better manage your sales enquiry, in order to improve our services, to deliver the services and perform obligations under contracts we have with you or your company, and to comply with our own legal obligations.
Legal Bases for Processing
The legal basis for the processing of Log Data and Tracking Images as described above is Art. 6 para. 1 sentence 1 lit. f GDPR.
The legal basis for the processing of Personal Information based on your communication with us by Email as described above is Art. 6 para. 1 sentence 1 lit. b GDPR, as we process the Personal Information in order to answer your request. Only DerbySoft employees who are working on such contact requests receive access to the Personal Information related to these emails.
In regard to our use of Google Analytics for the Site as described above, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR, as we will ask you for your consent for the processing of your Personal Information in this regard. You can refuse your consent or withdraw your consent at anytime with effect for the future. The related Personal Information may be processed by and to Google in the USA, Google LLC, Alphabet Inc., and Google Ireland Limited.
The legal basis for the processing of Personal Information in regard to the hosting of our site by our technology service provider and the storage on a third party server as described above, is Art. 6 para. 1 sentence 1 lit. b GDPR on the basis of your usage of our Site and Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate interest of improvement of the stability and functionality of our Site.
We do not collect sensitive data, for example, biometric data, health data or data revealing racial or ethnic origin from visitors to our Site.
Recipients/Access to Personal Information
We may transfer Personal Information belonging to you to our affiliated entities, e.g. any corporate subsidiaries or affiliates, in accordance with applicable UK/EU laws. Any such transfer will be subject to intercompany agreements incorporating UK or EU Standard Contractual Clauses including supplementary measures, in case the subsidiary or affiliated company is not located in the UK/EEA. A copy of the EU Standard Contractual Clauses can be obtained by contacting firstname.lastname@example.org.Onward Transfer and Categories of Recipients
Onward Transfer and Categories of Recipients
We also may disclose Personal Information for other purposes or to other third-parties when you have consented to or explicitly requested such disclosure. Please be aware that we will disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, in accordance with applicable UK, EU & Swiss data protection law(s).
We may retain third-parties to process or analyze Personal Information we collect from our Site. For example, our Site may be maintained or hosted by a third-party service provider, a promotion may be administered by a sales promotion agency and/or products may be fulfilled by a wholesaler. These suppliers and other third-parties who provide services for us are contractually obligated not to use Personal Information about you except as we authorize.
Profiling and Automated Decision Making
We may analyze Personal Information we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use Personal Information about you to detect and reduce fraud and credit risk. We do not use your Personal information for any solely-automated-decision making.
You may contact us by e-mail at email@example.com to exercise the following rights:
- access your data to check and review it;
- have a copy of your Personal Information;
request that we supplement, correct or delete your Personal Information; or cease or restrict the collection, processing, use or disclosure of your Personal Information; the right of correction will include the right to have incomplete Personal Information completed, including by means of providing a supplementary statement;
object to the processing of your Personal Information;
receive the Personal Information you have provided to us in a structured, commonly used and machine-readable format and have it transmitted to another controller provided that the processing is based on your respective consent or to execute a contractual relationship or a relationship prior to entering into contract with you.
if we process your Personal Information on the basis of your consent, you can withdraw your consent at any time with effect for the future Please note that a withdrawal does not affect the legality of prior processing.
You also have the right to lodge a complaint with a supervisory (data protection) authority in relation to the processing of your Personal Information. To exercise such right and lodge a complaint, you can contact the supervisory authority competent for your place of residence or the one competent for our place of business. We would appreciate the opportunity to resolve the issue in advance of you making a complaint to the relevant authority.
If you request to have Personal Information removed, we may retain some of your Personal Information as necessary for the purposes of our legitimate business interests or in furtherance of public interests in accordance with applicable law.
Questions and Complaints
Updated: February 2022