Effective Date: December 1, 2020

At DPOBOARD, privacy is a priority. This Privacy Statement sets out how DPOBOARD, LLC and its group of companies (“us,” “our,” or “we”) collect and use personal information from customers and other individuals (collectively "you") who access or use our websites, including DPOBOARD.com, our mobile applications, our web client or professional client, and/or any of our other sites, products, or services that link to this Privacy Statement (the “Services”). By using our Services, you understand that we will collect and use your personal information as described in this Privacy Statement.

If you or your organization has an individual agreement with us, that agreement may have privacy terms that also apply to the personal information you provide to us under that agreement. Please review the terms in that agreement as they may be different or more restrictive than the terms in this Privacy Statement.

This Privacy Statement does not apply to any third-party websites and apps that you may use, including any linked to in our Services. You should review the terms and policies for third-party websites and apps before clicking on any links.

DPOBOARD’s core product and Services help users create, complete, and show the state of privacy and data protection compliance within their organization. This may include but not limited to risk assessment, incident response, training, contract negotiation, program implementation and many more. This information we collect and use may include data.

1. How We Collect Personal Information

You have choices about whether you visit our sites, install our apps, or provide personal information to us. However, if you do not provide us with certain personal information, you may not be able to use some parts of our Services. For example, if you do not provide us with an email, we may not be able to provide you with electronic correspondence. For choices you may have, please see Section 5 of this Privacy Statement.

 Personal Information We Collect from You.  You provide us with personal information about yourself when you:

·  Register or log in to your account

·  Create or edit your user profile

·  Contact customer support

·  Comment on our blogs or in community forums

You also provide us with personal information about others when you use parts of our Services, such as when you:

·  Start or participate in an electronic transaction, such as contract negotiation or compliance assessment;

·  Share information with us in any agreed platform;

·  Add others as a member to an existing account

For these types of information, you may choose not to provide them to us.

For other choices you may have, please see Section 5 of this Privacy Statement.  

Examples of the categories of personal information you provide are:

·  Identifiers: name, email address, mailing address, phone number, or electronic signature.

·  Commercial information: billing information, products or services purchased.

·  Geolocation: physical location

Personal Information We Collect Automatically. We automatically collect personal information from you and your devices when you use our Services, even when you visit our sites or apps without logging in. For choices you may have on what information we automatically collect, please see Section ­­5 of this Privacy Statement.  

The categories of personal information we automatically collect includes:

·  Device, Usage Information, and Transactional Data. We collect personal information about how you use our Services and the computers or other devices, such as mobile phones or tablets, you use to access our Services. Some examples include:

·  IP address

·  Precise geolocation information that you allow our apps to access

·  Unique device identifiers and device attributes, like operating system and browser type

·  Usage data, such as: web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our Services, the frequency of your use of our Services, error logs, and other similar information

·  Transactional data, such as: names and email addresses of parties to a transaction, subject line, history of actions that individuals take on a transaction (e.g. review, sign, enable features) and personal information about those individuals or their devices, such as name, email address, IP address, and authentication methods

Cookies and Related Technologies. We may use cookies, which are text files containing small amounts of information that are downloaded on your device (“Cookies”), or related technologies, such as web beacons, local shared objects and tracking pixels to store or collect information. We also allow others to use Cookies within the Services as described below. Cookies can store your preferences, your username, and help tailor advertisements. 

Analytics. We use services like Google Analytics. Cookies are used to gather usage data and help us learn how people use our Services, such as the pages they visit and for how long and the website or page they were on before coming to a DPOBOARD website. 

Tailored Advertising. 

Ads for Other Products & Services. Third parties whose products or services are marketed on our Services may place or read from Cookies on your computer or other device to collect information. They do this to (i) tailor and serve advertising based on information like past visits to our Services and other sites; and (ii) report the number of ads served and the responses to those ads;

Ads for our Products and Services. We may also use services, like Google, AdRoll, and Appnexus, to serve tailored ads about our products and Services to you on our Services and elsewhere. We allow these third parties to use and access their own cookies on your computer or other device(s) you use to access our Services. We do not have access to these cookies or related technologies, and this Privacy Statement does not govern the use of those cookies and related technologies.

For choices you have on Cookies and related technologies, please see Section 5 of this Statement.

Information We Collect from Other Sources. We may collect personal information about you from others, such as: 

Third-Party Sources. Examples of third-party sources include marketers, partners, researchers, social media, service providers, and others where they are legally allowed to share your personal information with us. For example, if you register for our Services on another website, the website may provide your personal information to us.

Other Customers. Other customers may give us your personal information. For example, if a customer wants you to sign an electronic document in our Services, he or she will give us your email address and name.

Combining Personal Information from Different Sources. We may combine the personal information we receive from other sources with personal information we collect from you (or your device) and use it as described in this Privacy Statement.

Personal Information We Collect & Process on Behalf of Customers. When our customers use our Services, we process and store certain personal information on their behalf as a data processor. For example, in DPOBOARD portal, when a customer (or the customer’s Authorized Users) uploads project requests or other documents for review, we act as a data processor and process the documents on the customer's behalf and in accordance with their instructions. In those instances, the customer is the data controller and is responsible for most aspects of the processing of the personal information.

We collect your personal information to provide and improve our Services and to support prospecting activities. See Section 2 Use of Personal Information for additional information.

We may share your personal information with third parties as provided in Section 3 Personal Information Sharing.

2. Use of Personal Information

In general, we collect, use, store, and process your personal information to provide our Services, to fix and improve them, to develop new Services, and to market our companies and their products and Services. Here are some examples of how we use the personal information we process:

·  Provide you with the Services and products you request and collect payments

·  Send you records of our relationship, including for purchases or other events

·  Market features, products, or special events using email or phone or send you marketing communications about third party products and services we think may be of interest to you

·  Run sweepstakes, contests, and refer-a-friend programs

·  Choose and deliver content and tailored advertising, and support the marketing and advertising of our Services

·  Create and review data about our users and how they use our Services

·  Test changes in our Services and develop new features and products

·  Fix problems you may have with our Services, including answering support questions and resolving disputes

·  Manage the Services platform including support systems and security

·  Prevent, investigate and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior

·  Comply with legal obligations

·  Meet legal retention periods

Other Uses. We may combine the personal information we collect (“aggregate”) or remove pieces of personal information (“de-identify”) to limit or prevent identification of any particular user or device to help with goals like research and marketing. This Privacy Statement does not apply to our use of such aggregated or de-identified information.

Lawful Basis for Processing Your Personal Information. If European data protection law applies and DPOBOARD acts as a controller, our lawful basis for collecting and using the personal information described in this Privacy Statement will depend on the personal information concerned and the specific context in which we collect or use it.

We normally collect or use personal information from you or others only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:

·  Use personal information to create and manage an account, we need it in order to provide relevant Services.

·  Use names and email addresses for email correspondence purposes, we do so with your consent (which you can withdraw at any time) or through a legitimate interest.

·  Gather usage data and analyze it to improve our Services, we do so based on our legitimate interest in safeguarding and improving our Services.

·  If you have questions about or need further information concerning the lawful basis on which we collect and use your personal information, please contact us at info@dpoboard.com.

3. Personal Information Sharing

We do not disclose your personal information to any third party in a manner that would be considered a sale under applicable laws. 

We share personal information as follows:

·  Service Providers. We share your personal information with other companies we use to support our Services. These companies provide services like intelligent search technology, intelligent analytics, advertising, cloud infrastructure, authentication systems, bill collection, fraud detection, and customer support. We have contracts with our service providers that address the safeguarding and proper use of your personal information.

·  Affiliates. We may share your personal information with other companies under common ownership or control with DPOBOARD. These companies use your personal information as described in this Privacy Statement. 

·  Marketing Partners. We may share your personal information with sponsors of events, webinars or sweepstakes for which you register, or other parties with whom we may engage in joint marketing activities.

·  Public or Government Authorities. We may share your personal information to follow applicable law or to respond to legal process (like a subpoena). We also may share your personal information when there are threats to the physical safety of any person, violations of this Privacy Statement or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public.

·  Business Transactions. We may share your personal information during a corporate transaction like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification of any changes to control of your personal information, as well as choices you may have.

·  Consent. We may share your personal information in other ways if you have asked us to do so or have given consent. For example, with your consent, we post user testimonials that may identify you.

·  Your personal information may also be shared as described below:

·  Other users. When you allow others to access, use, or edit content in your account, we share that content with them. For example, if you send an envelope to others for review or signature, we make the contents of the envelope available to them.

·  Third Parties. When you make a payment to another user within our Services, we share your payment method details with the third-party payment processor selected by you or the other user.

·  Public Information.

·  User-Generated Content. When you comment on our blogs or in our community forums, this information may also be read, collected, and used by others.

·  Profile Information. When you create a DPOBOARD profile, other DPOBOARD users can view your profile information. If you would like to make this information private, please visit your account settings.

·  Your Employer or Organization. When you create an account or user role with an email address assigned to you as an employee, contractor or member of an organization.

4. Retention of Personal Information

We keep your personal information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain personal information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. Where there are technical limitations that prevent deletion or anonymization, we safeguard personal information and limit active use of it.

5. Your Choices

This section describes many of the actions you can take to change or limit the collection or use of your personal information. 

Profile. You are not required to fill out a profile. If you do, you can access and review this personal information. If any personal information is inaccurate or incomplete, you can make changes in your account settings.

Marketing Messages. You can opt out of email marketing messages we send. You can opt out of these messages by clicking on the “unsubscribe” link in the email message.

Cookies and Other Related Technology. You can decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our Services.

To change how Google Analytics collects and uses your personal information, you may install the Google Analytics Opt-Out Browser Add-On by clicking here (https://tools.google.com/dlpage/gaoptout).

To exercise choices for tailored advertising, please visit the following sites (please note that you may still receive advertising content, but it will not be tailored to you, and that DPOBOARD does not control these services which are offered by third parties):

Network Advertising Initiative’s Consumer Opt-Out Link (http://optout.networkadvertising.org/?c=1#!/)

Digital Advertising Alliance’s Consumer Opt-Out Link (http://optout.aboutads.info/?c=2#!/)

Google Ad Settings (https://adssettings.google.com/authenticated)

For your mobile devices, please read your operating system’s instructions.

Device and Usage Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.

Closing Your Account. If you wish to close your account, please log in to your account and edit your plan. 

Complaints. We are committed to resolving valid complaints about your privacy and our collection or use of your personal information. For questions or complaints regarding our data use practices or Privacy Statement, please contact us at info@DPOBOARD.com. 

6. Children's Privacy

Our Services are not designed for and are not marketed to people under the age of 16 (“minors”) or as defined by local laws. We do not knowingly collect or ask for personal information from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your personal information. We delete personal information that we learn is collected from a minor without verified parental consent. Please contact us at info@dpoboard.com if you believe we might have personal information from or about a minor.

7. Your Privacy Rights

You may have certain rights related to your personal information, subject to local data protection laws. In general, your rights include the following:  

·  You can access and review personal information associated with your account at any time by contacting us at info@dpoboard.com or if you have an account, logging into your account.

·  You have a right to correct your personal information.

·  In certain situations, you can ask that we delete/erase or stop using your personal information (and object to use of your personal information) or export your personal information. 

·  Where we rely on your consent to process your personal information, you have the right to decline consent and/or if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. At any time, you can request that we stop using your personal information for direct marketing purposes. See Section 5 of our Privacy Statement for more information on your choices.

·  You have a right to provide us with guidance on the use, storage, and deletion of your personal information after your death.

·  You have a right to raise questions or complaints with your local data protection authority at any time.

We will take reasonable steps to verify your identity. If you have an account with us, we may verify you through your login of your account. If you do not have an account with us, we may seek a confirmation by email or seek other identification information, including government-issued identification, to verify your identity.

You may authorize an agent to make a request to us on your behalf and we will verify the identity of your agent or authorized legal representative by either seeking confirmation from you or documents that establish the agent’s authorization to act on your behalf.

·  Please note your rights and choices vary depending upon your location. Certain personal information may be exempt from such requests under applicable law. We need certain types of personal information so that we can provide the product and Services to you. If you ask us to delete it, you may no longer be able to access or use our product and Services.

If you wish to exercise these rights, please contact us at info@dpoboard.com.

Transfers to the U.S. and Third Countries. We may transfer your personal information outside of your jurisdiction for further processing. DPOBOARD relies on contractual provisions include Standard Contractual Clauses to facilitate the transfer of personal information from the EEA to DPOBOARD outside of the EEA.

California. California residents may ask for a list of third parties that have received your personal information for direct marketing purposes during the previous calendar year. This list also contains the types of personal information shared. We provide this list at no cost. If you are a California resident and would like to request this information, please write us at info@dpoboard.com.

8. How We Protect Your Personal Information

To keep your personal information safe, we use physical, electronic, and managerial tools. We apply these tools based on the sensitivity of the personal information we collect, use, and store, and the current state of technology. We protect your personal information through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access, and unauthorize disclosure and alteration.

9. Changes to This Statement

We may amend this Privacy Statement to reflect changes in the law, our companies, our Services, our data collection use and practices, or advances in technology. Our use of the personal information we collect is subject to the Privacy Statement in effect at the time such personal information is used. Depending on the type of change, we may notify you of the change by posting on this page or by email. Please periodically review this Privacy Statement and carefully review any changes made to this Privacy Statement. 

10. How to Contact Us

For questions or complaints regarding our use of your personal information or Privacy Statement, please contact us at info@pdoboard.com, attention, Privacy Officer.