Last Updated and Effective Date: June 30, 2023
- Access and use our website (the “Site”)
- Subscribe to our electronic communications
- Communicate with our service representatives or features (including via chat functions, email, text, or phone)
We may make additional features, functionality, offers, activities or events available to you subject to additional or different privacy rules that we disclose in connection with those opportunities.
Residents in some U.S. states may have additional rights under the laws of their state. Please see our U.S. State-Specific Supplemental Notice for more information about the privacy rights applicable to you.
Cross-Border Data Transmission
The DerbySoft Site is maintained by DerbySoft, Inc., which is headquartered in Dallas, Texas. Our primary data storage and processing facilities are in the United States of America (“USA”). If you are accessing the Services from another country, please note that all data we collect will be transmitted outside of your country and into the USA, where it will reside and be processed. In addition, we may process or store your data in countries beyond your country and the USA. By continuing to access this Site, or by providing your Personal Information, you explicitly consent to have your data so processed and stored, to the extent this is possible or necessary under the relevant applicable laws.
Personal Information We Collect
When you use our Services, we may collect the following types of Personal Information:
- Identifiers, such as name, date of birth, email address, physical address, telephone number, account number or name and password.
- Internet usage information, such as your browsing history, IP addresses, cookie IDs, search history, and information regarding your interactions with and use of the Websites. For more information, see “Cookies,” below.
- Commercial information, including products purchased, potentially purchased, obtained or considered, or other purchasing or consumer history.
- Professional or employment-related information, including information contained in applications for job positions, such as resumes shared with us.
- Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
- Geolocation data, used to determine which retailer of our products and services is closest to the consumer.
- Inferences drawn from any of the above-referenced information to create a profile about your preferences, characteristics, behavior, and attitudes.
How We Collect Personal Information
Information We May Collect Automatically
Information about your computer. When you visit our Site, we may automatically receive and store certain types of information, such as the name of the domain and host from which you access the Internet; the IP address of the computer you are using and the browser and operating system you are using; the date and time you access our Site; the Internet address of the website from which you linked to our Site; any search terms you used to find our Site; the device identifiers and mobile and network information, and your actions on our Site. We may retain this information to assist us in analyzing the behavior of visitors to our Site, to resolve problems with our network and, in general, to administer our Site.
You always have a choice about most cookies. You can modify your browser preferences to allow you to accept or reject all non-necessary cookies or to notify you when a cookie is set. However, because information we obtain may be combined, we may still be able to identify your web browser, computer or mobile device when you access our Services even if you disable cookies. If you choose to reject all cookies, you may be unable to use certain areas of our Site. Please consult your browser instructions for information on how to modify your choices about cookies. Finally, you may delete any existing cookies manually from the hard drive of your device. For more information about cookies, please visit www.allaboutcookies.org.
Our web servers may also collect “log data.” Log data provides aggregate information about the number of visits to different pages on our Site. We use log data for troubleshooting purposes and to track which pages people visit in order to improve our Site. We do not link log data collected to Personal Information. Third-party vendors may also collect aggregate log data independently from us.
We may use tracking images (such as GIFs), which are small image files that we may embed into our emails and newsletters, to learn whether you opened or forwarded them or clicked on any of the content. This information tells us about the effectiveness of our emails and newsletters and helps us ensure that we’re delivering information that you find interesting.
Some web browsers may transmit “Do-Not-Track” signals to websites with which the browser communicates. Because there is not yet an accepted standard for how to respond to browser Do-Not-Track signals, we do not currently respond to them.
Information You May Provide to Us
Generally, we may require you to provide certain Personal Information to access or use certain functions, products or services on our Site or otherwise provided as part of our Services, such as requesting information about our products or requesting that your event be added to our event calendar. We may collect Personal Information from you offline, such as when you visit us at a convention, visit our offices or request information over the phone. You can choose not to provide such Personal Information, in which case you may not be able to access or use such functions, products or services. This personal information may include:
- Contact Information. Contact information includes your name, alias, business contact information, postal address, email address, telephone number, account name, social media handle, and similar information. We collect this is various contexts, including when you request information about our Services or otherwise provide it to us.
- Identity Verification Information. In certain contexts, we may be required to verify your identity by collecting information such as your social security number, driver’s license number, state or federal identification number, passport number, and similar identifiers.
- Commercial Transaction Information. We maintain records of commercial information related to our Services, including records of Services obtained or considered, as well as your purchasing or consuming history and tendencies.
- Billing and Payment Information. To process payments, we collect and use your payment information. This can include your Contact Information along with your credit or debit card information and any other relevant information.
- Personal Characteristics. If you or a third-party provides us information about your personal characteristics, such as your race, ethnicity, religion, dietary restrictions, personal preferences, or similar information, we may retain that information in order to comply with a legal obligation or to fulfill a request related to that information.
- Professional Information. We collect information about the customer representatives and other individuals who engage with us regarding our Services. Professional information includes employer, work history, education history, professional certifications, and similar information.
- Feedback data. We may collect personal information in or along with survey responses or in any other feedback or comments you give us.
- Sensitive Personal Information. Depending on the nature of your interaction with Derbysoft, we may collect personal information that is considered sensitive or highly personal under various laws. Sensitive personal information includes social security numbers, government-issued ID numbers, account login credentials, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union memberships, health information, and sex life or sexual orientation information.
How We Use and Share Your Personal Information
We may use your Personal Information for a variety of reasons. Depending on how you interact with our Site and Services, these include using personal information for the following purposes:
- Delivering Our Services, including our business services, to you and to provide the related customer support, communication, and security.
- Policy Enforcement, including enforcing our terms of service, and other policies.
- Advertising & Marketing to send advertisements and marketing material via physical and electronic mail relating to product specials and other promotional events or offers, perform marketing research and data analytics, and perform similar activities.
- Contextual and Behavioral Targeting to provide contextual customization of ads shown as part of an interaction with our website or application, using tracking technologies like cookies and pixels.
- Counting Ad Impressions & Website Interactions to audit interactions with our websites, applications, or advertisements, count ad impressions to unique visitors, verify position and quality of ad impressions, and perform similar activities.
- Fraud Prevention to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to prosecute those responsible for that activity.
- Processing Transactions to process or fulfill orders and transactions, verify customer information, process payments, and perform similar activities.
- Defending Against Claims & Litigation to defend against or respond to potential or actual claims and litigation.
- Claims & Benefits Administration to process claims, administer benefits, and conduct employee drug tests in accordance with applicable laws.
- Employee & Emergency Contact Communications to communicate with our employees or individuals listed as an employee’s emergency contact.
We may share your personal information with the following:
Business Services Providers. These are those persons or entities with whom we have a relationship to provide business operations services and support to DerbySoft. These providers may include the following:
- IT Operations Providers. These include cloud computing service providers, internet service providers, data backup and security providers, functionality and infrastructure providers, and similar service providers.
- Operations Providers. These include service provider with whom we partner to provide day-to-day business operations, including payment processors, security vendors, business software service providers, hospitality service providers, banks, facilities management providers.
- Professional Advisors. These include lawyers, accountants, consultants, security professionals, and other similar parties when disclosure is reasonably necessary to comply with our legal and contractual obligations, prevent or respond to fraud or abuse, defend ourselves against attacks, or protect the rights, property, and safety of us, our customers, and the public.
Marketing and Advertising Providers. These include advertising, direct marketing, and lead generation providers, affiliate marketing program providers, retargeting platforms, data brokers, ad networks, marketing consultants, and similar services providers.
DerbySoft Entities. We may share personal data among the Derbysoft group of entities, including DerbySoft, Ltd. (Hong Kong), Derbysoft, Inc. (Texas), and any subsidiaries, joint venturers, or other companies that we control or that are under common control with us.
Legally Required Parties/Governmental Entities. Persons to whom we are required by law to provide information, such as pursuant to a subpoena or a court order.
Reorganization. Persons involved in the consideration, negotiation, completion of a business transaction, including the sale, merger, consolidation, acquisition, change in control, transfer of substantial assets, bankruptcy, or reorganization, and any subsequent integration.
Authorized Disclosures: To any party when authorized by the individual to whom it pertains to share it.
Our Site may contain plug-ins and other features that integrate third-party social media platforms into our Site. You will be able to activate them manually. If you do so, the third-parties who operate these platforms may be able to identify you, they may be able to determine how you use this website and they may link and store this information with your social media profile. Please consult the data protection policies of these social media platforms to understand what they will be doing with your Personal Information. If you activate these plug-ins and other features, you will be doing so at your own risk.
Storage of Data
Protection of Your Data
While we cannot guarantee the full security of anyone’s data (including our own), we understand the importance of data security and therefore take reasonable technical and organizational measures to protect your Personal Information – and the information systems on which your Personal Information is stored – in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction and we contractually require our suppliers and service providers to protect your Personal Information.
Commercial Electronic Message Consent
By providing your email address to DerbySoft through our Site or otherwise, you affirmatively and expressly consent to receiving commercial emails from DerbySoft, to the extent this is possible and necessary under the relevant applicable laws. DerbySoft may send you commercial emails in order to deliver a newsletter, to provide you with more information about our Services, and to provide you with updates, special offers, and other information, including but not limited to Site updates. You may unsubscribe from these commercial emails at any time by clicking on the “unsubscribe” link included in any email or by contacting DerbySoft via email at firstname.lastname@example.org.
Our Site is not directed at children. Consistent with the Federal Children’s Online Privacy Protection Act of 1998 (COPPA), DerbySoft will not knowingly request or collect personally identifiable information from any child under age 13 without requiring parental consent. Any person who provides his or her Personal Information to use through our Site or the Services represents that he or she is older than 12 years of age. If we become aware that we have collected children’s Personal Information in a manner not permitted by COPPA, we will remove such data as required by COPPA.
U.S. STATE-SPECIFIC PRIVACY RIGHTS AND NOTICES
Individuals who reside in the United States or are in the United States may have additional privacy rights under the law of the state in which they reside and when such laws become effective. Please review this section to determine what rights you may have as a resident of certain U.S. states.
The chart below describes what we collect, how we use it, and additional retention considerations that arise when we apply these criteria to such information. California law requires us to provide this information using the categories enumerated in the law. Some elements of personal information may fall into multiple categories.
|Additional categories of information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))|
|Internet or Electronic Network Activity Information|
|Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information|
|Professional or Employment-Related Information|
|Inferences Drawn About You|
Your U.S. Privacy Rights and How to Exercise Them
U.S. residents may review the following to learn more about the privacy rights afforded to them in certain jurisdictions.
The Rights to Access, Correct, and Delete Personal Information
Available to residents of California, Colorado, Connecticut, Utah, and Virginia.
You have the right to request access to and receive certain details about what personal information we collect, use, and sell, as well as the right to request that we delete certain personal information that we have collected from you. If we hold personal information that is not accurate, you have the right to request that we correct this information.
To exercise these rights, you or your designated agent can exercise these rights by:
- submitting a request form found https://www.derbysoft.com/contact/
- emailing us at email@example.com;
- submitting a request form found https://www.derbysoft.com/contact/
We will honor these requests in accordance with our legal obligations and in the timeframe permitted by the applicable law (generally 30-45 days).
The Right to Limit the Use of Sensitive Personal Information
Available to residents of California.
You have the right to request that we limit our use and disclosure of your “sensitive personal information,” (as that term is defined under the California Consumer Privacy Act (the CCPA)) to certain permissible purposes. However, we process sensitive personal information only as permitted by the CCPA, and we don’t use sensitive personal information to infer characteristics about you. Accordingly, we do not offer an option to limit further processing of Sensitive Personal Information.
The Right to Opt-Out of Sale or Sharing For Targeted Advertising Purposes
Available to residents of California, Colorado, Connecticut, Utah, and Virginia.
You have the right to opt-out of the sale of your personal information to third parties. Under the applicable privacy laws for your state, a “sale” means the exchange of your personal information for money but may include exchanges for other valuable consideration. You also have the right to opt-out of the sharing of your personal information for purposes of targeted advertising (called a “sharing” of personal information under the CCPA).
Opting Out of Online Sale/Sharing
Some of the tracking technologies we use on our online services may be considered a “sale” or “sharing” under applicable law. The categories of personal information we “sell” or “share” include: Identifying Information, Device Information and Other Unique Identifiers, Internet or Other Network Activity, Geolocation Data, and Commercial Data. We may disclose these categories of personal information to advertisers and marketing partners, data analytics providers, and social media networks. You can opt out of the sale or sharing via tracking technologies via the following methods:
- For websites: you can adjust your cookie and other privacy settings in the cookie consent banner provided on our website. To opt-out of the sale/sharing of your personal information, please click on the “Do Not Sell My Personal Information” link in the cookies consent tool. If you do not see the cookie consent tool, please use your browser to clear your cookies and reload the page.
Residents of certain states may utilize a browser or extension that broadcasts an opt-out preference signal recognized as valid under the applicable law, such as the Global Privacy Control (GPC) (learn more here: https://globalprivacycontrol.org/orgs), we will honor such signal as a valid opt-out request for the browser identifier we associate with it.
Opting Out of Offline Selling/Sharing
Requests to opt out of “sale” / “sharing” will be linked to your browser identifier only unless you are logged in to an account with us and we are able to link your browser identifier to your account information. Accordingly, if you are not logged in or we are not otherwise able to associate your browser identifier with your account or other contact information, we are not able to link your request to opt-out of sale/sharing to sale/sharing transactions outside of the online context. Therefore, if you would like to opt-out of the sale/sharing of your personal information in the offline context, we recommend you submit a request vias our Request Form found https://www.derbysoft.com/contact/.
The Right to Opt-Out of Profiling
Available to residents of Colorado, Connecticut, and Virginia.
You have the right to opt-out of the use of your personal information for “profiling” in furtherance of decisions that produce legal or similarly significant effects concerning you. “Profiling” means using automated processing of your personal information to evaluate, analyze, or predict personal aspects concerning your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. DerbySoft does not engage in such practices. Therefore, we do not offer the right to opt-out of this right.
The Right to Appeal Our Decisions Regarding Your Rights Requests
Available to residents of Colorado, Connecticut, and Virginia.
You may appeal our decision to your request regarding your personal information. To do so, please contact us by emailing us a firstname.lastname@example.org. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.
The Right to Non-Discrimination
Available to residents of California, Colorado, Connecticut, Utah, and Virginia.
You have a right not to receive discriminatory treatment for the exercise of your privacy rights. We will not engage in discriminatory actions with respect you exercise of rights available to you under applicable privacy laws.
Responding to Your U.S. Privacy Rights Requests
Receiving and Verifying Your Requests
You can submit your requests regarding your various privacy rights using the mechanisms described above. For some requests, you will be required to submit some personal information necessary for us to verify your identity, and we may contact you to verify the request. The personal information we request as part of the verification process will be used only to verify your request and demonstrate compliance with our obligations under the law.
Residents of California, Colorado, and Connecticut may designate an authorized agent to submit certain requests on your behalf. Authorized agents can submit requests in the same manner as the individuals on whose behalf they act. In accordance with the applicable law, we may require you and your agent to submit additional information to verify your and your agent’s identity, and to confirm the agent’s authorization to act on your behalf. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
GDPR Rights and Notices
If we process Personal Information from UK/EU residents in a manner subject to the General Data Protection Regulation or the UK GDPR (“GDPR) then, in addition to the above, the following information shall also apply to our collection, processing use and retention of that information:
Controller and Data Protection Officer
We have appointed Mara Angenendt with business address at 14800 Landmark Blvd., Suite 640, Dallas, Texas 75254 as data protection officer, which can be reached under email@example.com.
Data Protection Representative
Since DerbySoft as a company is not headquartered in the European Union, it has appointed the following company as its EU representative for data protection according to Art. 27 GDPR:
DerbySoft Technology Spain S.L. (Spain)
Avinguda Diagonal, 472, 08006 Barcelona, Spain
Source of Data
We will process your Personal Information mainly because you provided it to us, or we collected your Personal Information as described above. In certain cases, we may also receive Personal Information from third parties, such as service providers if permitted.
Basis and Purpose for Processing
As set out above, we collect and process Personal Information for which you have given your express consent at the time of collection. For example, we collect Personal Information when you elect to participate in one of our promotions. In addition we also collect and process Personal Information for the purposes of our legitimate interests, such as to help us better manage your sales enquiry, in order to improve our services, to deliver the services and perform obligations under contracts we have with you or your company, and to comply with our own legal obligations.
Legal Bases for Processing
The legal basis for the processing of Log Data and Tracking Images as described above is Art. 6 para. 1 sentence 1 lit. f GDPR.
The legal basis for the processing of Personal Information based on your communication with us by Email as described above is Art. 6 para. 1 sentence 1 lit. b GDPR, as we process the Personal Information in order to answer your request. Only DerbySoft employees who are working on such contact requests receive access to the Personal Information related to these emails.
In regard to our use of Google Analytics for the Site as described above, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR, as we will ask you for your consent for the processing of your Personal Information in this regard. You can refuse your consent or withdraw your consent at anytime with effect for the future. The related Personal Information may be processed by and to Google in the USA, Google LLC, Alphabet Inc., and Google Ireland Limited.
The legal basis for the processing of Personal Information in regard to the hosting of our site by our technology service provider and the storage on a third party server as described above, is Art. 6 para. 1 sentence 1 lit. b GDPR on the basis of your usage of our Site and Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate interest of improvement of the stability and functionality of our Site.
We do not collect sensitive data, for example, biometric data, health data or data revealing racial or ethnic origin from visitors to our Site.
Recipients/Access to Personal Information
We may transfer Personal Information belonging to you to our affiliated entities, e.g. any corporate subsidiaries or affiliates, in accordance with applicable UK/EU laws. Any such transfer will be subject to intercompany agreements incorporating UK or EU Standard Contractual Clauses including supplementary measures, in case the subsidiary or affiliated company is not located in the UK/EEA. A copy of the EU Standard Contractual Clauses can be obtained by contacting firstname.lastname@example.org.Onward Transfer and Categories of Recipients
Onward Transfer and Categories of Recipients
We also may disclose Personal Information for other purposes or to other third-parties when you have consented to or explicitly requested such disclosure. Please be aware that we will disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, in accordance with applicable UK, EU & Swiss data protection law(s).
We may retain third-parties to process or analyze Personal Information we collect from our Site. For example, our Site may be maintained or hosted by a third-party service provider, a promotion may be administered by a sales promotion agency and/or products may be fulfilled by a wholesaler. These suppliers and other third-parties who provide services for us are contractually obligated not to use Personal Information about you except as we authorize.
Profiling and Automated Decision Making
We may analyze Personal Information we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use Personal Information about you to detect and reduce fraud and credit risk. We do not use your Personal information for any solely-automated-decision making.
You may contact us by e-mail at email@example.com to exercise the following rights:
- access your data to check and review it;
- have a copy of your Personal Information;
request that we supplement, correct or delete your Personal Information; or cease or restrict the collection, processing, use or disclosure of your Personal Information; the right of correction will include the right to have incomplete Personal Information completed, including by means of providing a supplementary statement;
object to the processing of your Personal Information;
receive the Personal Information you have provided to us in a structured, commonly used and machine-readable format and have it transmitted to another controller provided that the processing is based on your respective consent or to execute a contractual relationship or a relationship prior to entering into contract with you.
if we process your Personal Information on the basis of your consent, you can withdraw your consent at any time with effect for the future Please note that a withdrawal does not affect the legality of prior processing.
You also have the right to lodge a complaint with a supervisory (data protection) authority in relation to the processing of your Personal Information. To exercise such right and lodge a complaint, you can contact the supervisory authority competent for your place of residence or the one competent for our place of business. We would appreciate the opportunity to resolve the issue in advance of you making a complaint to the relevant authority.
If you request to have Personal Information removed, we may retain some of your Personal Information as necessary for the purposes of our legitimate business interests or in furtherance of public interests in accordance with applicable law.
Corrections and Updates
If you want to view, delete or modify your Personal Information, you may do so by sending an email to firstname.lastname@example.org. Please note that we may be required to keep certain information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives in accordance with applicable laws.
We reserve the right to verify the identity of any person making a request to opt-out, delete or modify Personal Information provided, however, that we will have no liability of any kind resulting from false or erroneous requests or any change or deletion made by us based on such a request.
Contact, Questions or Complaints
DerbySoft, Inc. Attn: Legal Department
14800 Landmark Blvd., Suite 640
Dallas, Texas 75254