Consent and Information Collection and Use
We may use your personal or account information for the following purposes:
- To provide the Services to you and to improve the quality of the Sites and Services,
- To provide information to you so that you may use the Sites and Services more effectively,
- To create, manage and control your account information, and to verify access rights to services and software,
- To bill your account,
- To communicate with you for the purpose of informing you of changes or additions to the Services, or of the availability of any service we provide,
- To assess service levels, monitor traffic patterns and gauge popularity of different service options,
- To carry out our marketing activities;
- To respond to claims of any violation of our rights or those of any third parties;
- To respond to your requests for customer service;
- To protect the rights, property or personal safety of you, us, our users and the public; and as required or authorized by law.
- We may occasionally communicate with you regarding our products, services, news and events. You have the option to not receive this information. We provide an opt-out function within all email communications of this nature, or will cease to communicate with you for this purpose if you contact us and tell us not to communicate this information to you. The only kind of these communications that you may not “opt-out” of are those required to communicate announcements related to the Services, including information specific to your account, planned Services suspensions and outages. We will attempt to minimize this type of communication to you.
Age of Consent
We do not knowingly provide the Services to, and will not knowingly collect the personal information from anyone under the age of consent.
Rights to Your Information
You have the right to access and edit your information at any time through the web interface provided as part of the Services.
We may also use your personal information to generate Aggregated Data for internal use and for sharing with others on a selective basis. “Aggregated Data” means records which have been stripped of information potentially identifying customers or end-users, and which have been manipulated or combined to provide generalized, anonymous information. Your identity and personal information will be kept anonymous in Aggregated Data.
Cookies and Log Files
Change of Ownership or Business Transition
In the event of a change of ownership or other business transition, such as a merger, acquisition or sale of our assets, your information may be transferred in accordance with applicable privacy laws.
We will strive to prevent unauthorized access to your personal information, however, no data transmission over the Internet, by wireless device or over the air is guaranteed to be 100% secure. We will continue to enhance security procedures as new technologies and procedures become available.
We strongly recommend that you do not disclose your password to anyone. If you forget your password, we will ask you for your ID and send you an email containing a link that will allow you to reset your password.
Please remember that you control what personal information you provide while using the Services. Ultimately, you are responsible for maintaining the secrecy of your identification, passwords and/or any personal information in your possession for the use of the Services. Always be careful and responsible regarding your personal information. We are not responsible for, and cannot control, the use by others of any information which you provide to them and you should use caution in selecting the personal information you provide to others through the Services. Similarly, we cannot assume any responsibility for the content of any personal information or other information which you receive from other users through the Services, and you release us from any and all liability in connection with the contents of any personal information or other information which you may receive using the Services. We cannot guarantee, or assume any responsibility for verifying, the accuracy of the personal information or other information provided by any third party. You release us from any and all liability in connection with the use of such personal information or other information of others.
GDPR (General Data Protection Regulation)
The General Data Protection Regulation (GDPR), which goes into effect May 25, 2018, creates consistent data protection rules across Europe. It applies to all companies that process personal data about individuals in the EU, regardless of where the company is based. Processing is defined broadly and refers to anything related to personal data, including how a company handles and manages data, such as collecting, storing, using and destroying data.
We’ve updated any related terms of service to align with the GDPR.
Our Data Policy defines how we process people’s personal data.
We’ll continue to provide people with control over how their data is used.
We have a team of people who help ensure we are documenting our compliance.
Under the GDPR, there are a number of approved reasons (or “legal bases”) a company might legitimately process a person’s data. Below, we’ve outlined the most relevant legal bases, as we understand them, under the GDPR.
- Data processed must be necessary for the service provided by GWDB accepted by the individual
- Requires a freely given, specific, informed and unambiguous consent by clear affirmative action
- People have a right to withdraw consent, which must be brought to their attention
- Must be from a person over the age of consent specified in that region/country, otherwise given by or authorised by a parent / guardian
- Explicit consent is required for some processing
- If a business or a third party has legitimate interests which are not overridden by individuals’ rights or interests.
- Processing must be paused if a user objects to it
GWDB as the Data Controller vs. GWDB as the Data Processor
“Data controller” and “data processor” are important concepts in understanding a company’s responsibilities under the GDPR. Depending on the scenario, a company may be a data controller, data processor or both — and will have specific responsibilities as a result:
A company is a data controller when it has the responsibility of deciding why and how (the ‘purposes’ and ‘means’) the personal data is processed.
- Under the GDPR, data controllers will have to adopt compliance measures to cover how data is collected, what it’s used for and how long it’s retained. They will also need to make sure people can access the data about them.
- Data controllers must ensure data processors meet their contractual commitments to process data safely and legally.
A company is a data processor when it processes personal data on behalf of a data controller. Under the GDPR, data processors have obligations to process data safely and legally.
Data Breach Notification
Under the guidance of the Data Control Officer and in compliance with the GDPR, GWDB will notify a user in writing of any Personal Data Breach of which GWDB is aware in accordance with the use of GWDB’s technology.
The notice will include all available information regarding personal data.