- Information and How We Use It
The App and Website may collect, process and use the data which includes PII, the legal basis of which is your consent, which you give when you use the Services. Types of PII that may be used include the following, without limitation;
- When ordering or registering on our App and/or Website you may be asked to enter your name, company name, email address, mailing address, telephone number, or other details (“Entered Data“). You are the source of such account data, and such data may be processed for the purposes of operating the App, Website, providing the Services, ensuring the security of the App, Website and Services, maintaining back-ups of our databases and communicating with you.
- We may process information that you provide to us for the purpose of subscribing to our email notifications (“Notification Data“) provided that you have specifically consented to receive the same. The Notification Data may be processed for the purposes of sending you relevant Notification Data.
- We may process information contained in or relating to any communication that you send to us (“Correspondence Data“), for example, when sign up for our newsletter or respond to a survey or marketing communication. The Correspondence Data may include communication content and/or metadata associated such communication. The Correspondence Data may be processed for communicating with you and record-keeping.
- We may process any of the types of data described in this Section 1 if we are required to do so by court-order, any legal obligation to which we are subject, or when necessary, for the establishment, exercise or defense of legal claims. The legal basis for this processing is our legitimate interests, namely of FireFly’s legal rights, your legal rights and the legal rights of others.
- Please do not supply any other person’s PII (including End Users’) to us without the specific and explicit consent of all parties, including the owner of such PII.
- Providing Your PII to Others
- We may disclose your PII to professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
- We may disclose your PII to third-party service providers, vendors and subcontractors reasonably necessary to provide the Services. Such third-party provider’s vendors and subcontractors will only use the PII to the extent necessary to allow them to perform the Services they provide to FireFly.
- We will only disclose your PII to third parties who provide sufficient guarantees that they implement appropriate technical and organizational measures in such a manner that their processing of your PII will meet the requirements of Data Protection Regulation (as defined below) and ensure the protection of your rights and with whom we have written contracts that conform to our legal obligations under Data Protection Regulation.
- International Transfers of Your PII
- In this Section 3, we provide information about the circumstances in which your PII may be transferred to countries worldwide including inside and outside the European Economic Area (“EEA“).
- We and our other group companies have facilities in Israel, USA, and Germany. “Adequacy decisions” of the European Commission have been made with respect to the data protection laws of Israel, and in the US, the “Adequacy decision” is limited to the Privacy Shield.
- Transfers to countries inside and outside the EEA will be protected by appropriate safeguards, namely the provisions of applicable law which relate to the protection of individuals with regards to the Processing of Personal Data to which a party may be subject including, without limitation, the General Data Protection Regulation (EU) 2016/679, the Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulation 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and, where applicable, the guidance and code of practice issued by the Information Commissioner’s Office from time to time, directions of any competent regulatory authority, relevant regulatory guidance and codes of practice (collectively “Data Protection Regulation”) or to the extent transfers will cross borders to outside the EEA, such transfer shall be carried out in accordance with standard contractual clauses annexed to the EU Commission Decision 2010/87/EU of 5 February 2010 for the Transfer of Personal Data to Processors established in Third Countries under the Directive (the “Model Clauses”).
- The hosting facilities for our App and Website are situated in within the region of service, in the USA, Israel, or Germany.
- Retaining and Deleting PII
- This Section 4 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of PII.
- We will retain and delete your PII as follows:
- PII will be retained for up to a period of one year following the end of the Services after which period it will be deleted from our systems, unless otherwise required under applicable law.
- Your Rights
- In this Section 5, we have done our best to summarize the rights that you may have under applicable data protection law. These are complex, and not all of the details have been included herein. In light of this, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
- End Users principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
You have the right to confirmation as to whether or not we process your PII and, where we do, access to the PII, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of PII concerned and the recipients of the PII. Providing the rights and freedoms of others are not affected, and as requested or approved by you, we will supply to you a copy of your PII. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can request to access your PII by requesting an e-mail summary from: email@example.com
- You have the right to have any inaccurate PII about you rectified and, taking into account the purposes of the processing, to have any incomplete PII about you completed.
- In some circumstances you have the right to the erasure of your PII, by providing adequate evidence attesting to your identity, without undue delay. Those circumstances include: the PII is no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; and the PII have been unlawfully processed. There are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
- In some circumstances you have the right to restrict the processing of your PII. Those circumstances are: you contest the accuracy of the PII; processing is unlawful but you oppose erasure; we no longer need the PII for the purposes of our processing, but you require PII for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your PII. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
- You have the right to object to our processing of your PII on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the PII unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
- To the extent that the legal basis for our processing of your PII is consent, and such processing is carried out by automated means, you have the right to receive your PII from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
- If you consider that our processing of your PII infringes Data Protection Regulations, you have a legal right to file a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
- To the extent that the legal basis for our processing of your PII is consent you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
- You may exercise any of your rights in relation to your PII by written notice to us in addition to the other methods specified in this Section 5.
When you provide us with PII for a secondary reason, like marketing or other secondary reasons which we will convey to you from time to time if applicable, we will ask for your consent. After you opt-in, you may withdraw your consent at anytime, by contacting us at firstname.lastname@example.org
- Information Security
- We follow generally accepted industry standards to protect against unauthorized access to or unauthorized use, alteration, disclosure or destruction of PII. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect PII, we cannot guarantee its absolute security.
- The PII is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required by contract to keep the information confidential.
- We implement a variety of security measures when a user places an order, enters, submits, or accesses their information to maintain the safety of the PII.
- You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
- If you turn cookies off, some of the features that make your site experience more efficient may not function properly.
- We use the following types of cookies: Session cookies, permanent cookies and thir party cookies.
- California Online Privacy Protection Act
- According to CalOPPA, we agree to the following:
- Users can visit the Company’s Website anonymously.
- Do Not Track Signals
- We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
- To the extent legally permitted we may allow third-party behavioral tracking.
- COPPA (Children Online Privacy Protection Act)
- When it comes to the collection of PII from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
- We do not market to children under the age of 13 years old, and 13 year olds are prohibited from using this App and/or Website without proper consents from guardians as detailed hereunder.
- Fair Information Practices
- The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect PII.
- In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- We will notify you within the time required by applicable law, but no later than three business days from becoming aware of any such breach.
- We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only those individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
- CAN SPAM Act
- The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
- We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions
- Process orders and to send information and updates pertaining to orders.
- Send you additional information related to the Services.
- Market to our mailing list or continue to send emails to our customers after the original transaction has occurred.
- To be in accordance with CANSPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
- Third-party Direct Collectors
- In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the Services they provide to us. However, certain third-party service providers, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
- For these providers, we recommend that you read their privacy policies so you can understand the manner in which your PII will be handled by these providers. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
- Third-party Links
Occasionally, at our discretion, we may include or offer third-party products or services on our App and/or Website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
- Age of Consent
By using our App and/or Website, you represent that you are at least the age of majority in your state, province or country of residence, or that you are the age of majority in your state, province or country of residence and you have given us your consent to allow any of your minor dependents to use this site.
- Law and Jurisdiction
- If we are acquired or merged with another company, your information may be transferred to the new owners so that we may continue to provide our Services to you.
- Contacting Us
- Last updated: October 17, 2018