ADDITIONAL PRIVACY DISCLOSURES FOR EEA, UK AND SWISS USERS

These Privacy Disclosures set out information about how we use your personal data when you access our Services from the European Economic Area ("EEA"), United Kingdom ("UK"), and Switzerland. Please ensure that you have read and understood these Privacy Disclosures alongside our Terms of Service ("TOS") before you access or use the Services.

Personal Data: When we use the term "personal data" in these Privacy Disclosures, we mean information relating to an identified or identifiable natural person.

Controller: Grailed, LLC, a company duly incorporated and organized under the laws of the United States, having its address at P.O. Box 91258, Los Angeles, CA 90009-1258, is the "controller" responsible for the processing of personal data in connection with our Services. This means that we determine and are responsible for how your personal data is used.

PERSONAL DATA WE COLLECT FROM YOU WHEN YOU USE THE SERVICES

We collect the categories of personal data set forth in the Information You Provide to Us section of our Privacy Notice that you voluntarily submit directly to us when you use the Services.

The table at Annex 1 sets out further detail about the categories of personal data we collect about you and how we use that information when you use the Services, as well as the legal bases on which we rely to process the personal data and the recipients of that personal data.

We will indicate to you, at the point that we collect personal data from you, if the provision of certain personal data is mandatory or optional. Some information, such as your name, address, payment transaction information, and information on your requested services, may be necessary for your use of certain features and functionalities of the Services. If you choose not to provide mandatory personal data, we may not be able to provide those aspects of the Services to you or to respond to your queries and other requests.

PERSONAL DATA WE COLLECT FROM OTHER SOURCES

We also collect personal data about you from other sources, as described in the Personal Information from Third Parties section of our Privacy Notice.

The table at Annex 1 sets out further detail about the categories of personal data we collect about you and how we use that information when you use the Services, as well as the legal bases on which we rely to process the personal data and the recipients of that personal data.

PERSONAL DATA WE COLLECT ABOUT YOU AUTOMATICALLY

We also automatically collect personal data indirectly about how you access and use the Services, and information about the device you use to access the Services.

The table at Annex 1 sets out further detail about the categories of personal data we collect about you automatically and how we use that information, as well as the legal bases on which we rely on to process the personal data and the recipients of that personal data.

We may link or combine the personal data we collect about you and the information we collect automatically.

We may anonymize and aggregate any of the personal data we collect (so that it is no longer linked to you and does not identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, and improving the Services. We may also share such anonymized and aggregated information with others.

RECIPIENTS OF PERSONAL DATA

We may share your personal data with the categories of third parties described in the How Do We Share Information? section of our Privacy Notice (as required in accordance with the uses set out in Annex 1).

LEGAL BASES FOR PROCESSING

We process and retain your personal data as permitted under applicable law. For example, we will only process your information where we have established a lawful basis to do, as follows:

  • When it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to agreeing to a contract. This applies to any processing where you sign a contract with us, for example when you become our customer, participate in our affiliate or premium partner program, or deliver services to us as a vendor or contractor. This may also include our Terms of Service.

  • We have a legitimate interest which we believe outweighs your interests or fundamental rights and freedoms. This applies to the following processing activities:

    • When we communicate: To respond to your inquiries and, on some occasions, keep records in case of complaints or legal claims.
    • When you use our Services: When you access and use our Services, we process technical and analytics data to see if and how our Services can be improved, so that we can offer you a better user experience in the future.
    • When you unsubscribe from marketing emails: To avoid contacting you again if you have withdrawn your consent to marketing-related activities.
    • Marketing to existing customers (unless you have consented to such marketing): To find, customize and offer products and services we hope you find useful and relevant (i.e., to provide you with excellent customer service).
    • Sharing personal data with other parties: To run our business efficiently and securely.
  • Your consent: Wherever you clearly consent to the processing, for example when you sign up for our newsletters or promotions, or submit a survey. Here, your consent is implied, meaning that you consent by submitting a particular form. We also rely on your consent for using cookies and other technologies on our website and app and to publicize certain information or activity connected to your user account profile (e.g., your purchase history, including prices of the purchased items). Note that your default setting depends on your location (i.e., country), as the rules for using such technologies vary across jurisdictions.
  • We are subject to a legal obligation: For any processing where we need to comply with laws and regulations (e.g., INFORM Act or DAC7), such as keeping records.

STORING AND TRANSFERRING YOUR PERSONAL DATA

Security. We seek to use appropriate security measures to protect against the loss, misuse, or alteration of your information. However, it is important to note that no data transmission over the Internet or information storage technology can be guaranteed to be 100% secure. To make sure your Internet browser is using the latest security features, you may want to download the most recent version of it, which should have full Secure Socket Layer (SSL) and Transport Layer Security (TLS) support.

International Transfers of Your Personal Data. The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including in the United States. If you are accessing the Services from the EEA, UK or Switzerland, your personal data will be processed outside of the EEA, UK or Switzerland. In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. Annex 2 sets out in detail the provisions for international transfers of your personal data to the United States if you are accessing the Services from the EEA, UK or Switzerland.

MARKETING AND ADVERTISING

From time to time, we may contact you with information about our Services, including sending you marketing messages and asking for your feedback on our Services. Most marketing messages we send will be by email. For some marketing messages, we may use personal data we collect about you to help us determine the most relevant marketing information to share with you.

We will only send you such messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails or by contacting us at help@grailed.com.

PROFILING AND FRAUD PREVENTION

We may analyze personal data we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively and send product updates. We may also use personal data about you to detect and reduce fraud. The entering of personal data in our systems is generally optional and occurs only if you provide information pursuant to one of the purposes detailed in the How Do We Use Information About You? section of the Privacy Notice; it automatically implies thatGrailed employees across the world, tasked with data processing, will be able to view the data, as well as to change and to update it as set forth in the How Do We Use Information About You? section of the Privacy Notice.

Your Rights in Respect of Your Personal Data. In accordance with applicable privacy law, you have the following rights in respect of your personal data that we hold:

  • Right of access. You have the right to obtain:
    • confirmation of whether, and where, we are processing your personal data;
    • information about the categories of personal data we are processing, the purposes for which we process your personal data, and information as to how we determine applicable retention periods;
    • information about the categories of recipients with whom we may share your personal data; and
    • a copy of the personal data we hold about you.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports reuse, or to request the transfer of your personal data to another authorized person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay.
  • Right to erasure. You have the right, in certain circumstances, to require us to erase your personal data without undue delay if the continued processing of that personal data is not justified.
  • Right to restriction. You have the right, in certain circumstances, to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where you contest the accuracy of the personal data.
  • Right to withdraw consent. If you have provided consent for the processing of your personal data, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.

You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

If you are based in the EEA, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html), respectively.

If you wish to exercise one of these rights, please contact us using the contact details set forth in the Privacy Notice.

Due to the confidential nature of data processing, we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.

Cookies and Similar Technologies Used on Our Services

Our Services use cookies and similar technologies such as pixels and Local Storage Objects (LSOs) like HTML5 (together, "cookies") to distinguish you from other users of our Services. This helps us to provide you with a good experience when you browse our Services and also allows us to monitor and analyse how you use and interact with our Services so that we can continue to improve our Services. It also helps us and our partners to determine products and services that may be of interest to you. Please see our Cookie Policy for more information about these practices and your choices regarding cookies. If available to you, you may also view the Cookie Library by clicking on "Your Privacy Choices" at the footer of this page for more information about the cookies we use on the Services. For mobile app users, if available, you may be able to see the SDK (Software Development Kit) Library by going to your Account > Settings > Privacy Settings > Your Privacy Choices in the app for more information about the technologies we use on the app.

Tracking Technologies Used in Our Emails

Our emails may contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. This helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and to understand if you have opened and read any important administrative emails we might send you.

Most popular email clients will allow you to block these pixels by disabling certain external images in emails. You can do this through the settings on your email client – these generally give you the option of choosing whether emails will display "remote images", "remote content" or "images" by default.

Some browsers also give you the option of downloading and installing extensions that block pixels and other tracking technologies.

Processing Method

Personal data will be processed with IT-based tools and/or processed manually for the length of time needed to achieve the purpose for which it was collected. In particular, personal data collected for the purposes outlined in the How Do We Use Information About You? section of the Privacy Notice will also be processed via automated mechanisms based on procedures and logics that are related to the purposes specified.

ANNEX 1

We use the personal data we and our vendors collect about you in the following ways and rely on the following legal bases to process personal data about you, whether it is obtained from you or a third party:

Categories of Information We or Our Vendors CollectHow We Use the InformationLegal Bases We Rely on to Process the InformationRecipients of the Information
Account and Profile Information. Such as first and last name, email address, address, country of residence, tax identification number, bank account, business registration information, phone number, username and password, bio, profile information, profile picture, preferences, clothing size, and any other information you provide to us.We may use this information:
  • to set up and authenticate your account (e.g., sending you an SMS text code for multifactor authentication), including populating your account with relevant information;
  • to provide to you the features and functionality of the Services;
  • to communicate with you;
  • to resolve questions and complaints (whether from you or a third party), and to prevent fraud; and
  • to send you marketing communications in accordance with your preferences.
  • For our performance under the Terms of Service.
  • Legitimate business interests, including administering the Services and communicating with you regarding questions and complaints, as well as to develop and improve our Services, with respect to information you share when you communicate with us.
  • In connection with marketing communications, we will only send those to the extent you have given us consent to do so.
  • Compliance with applicable laws.
We may share this information with:
  • Payment processors and financial institutions so you can make and receive payments;
  • Marketing service providers;
  • Customer support platforms;
  • Fraud prevention vendors;
  • Shipping carriers or logistics providers that facilitate the delivery of items purchased;
  • Cloud storage providers;
  • Analytics providers;
  • Vendors that support our legal compliance efforts (including authentication or verification of user information);
  • Government authorities/ law enforcement (when requested or needed for fraud prevention, security, or to comply with applicable laws);
  • Other Services users (the information displayed on your user profile such as your username, bio, country of residence, profile picture, and other profile information may be made public to other users);
  • Consulting and advisory firms; and
  • Affiliates.
Information about how you access and use the Services. Such as search terms you enter, which user profiles you view, articles you read, users you follow and users that follow you, the listings and designers you favorite, products you list for sale or draft listings, and what products you interact with.We may use this information:
  • to verify your identity;
  • in connection with detection and prevention of fraud or other illegal activity;
  • to provide to you the features and functionality of the Services;
  • to improve our Services and your user experience; and
  • to determine products that may be of interest to you for marketing purposes.
  • For our performance under and enforcement of the Terms of Service.
  • Legitimate business interests, including administering and improving the Services, as well as informing our marketing efforts.
We may share this information with:
  • Marketing service providers;
  • Cloud storage providers;
  • Analytics providers;
  • Social media platforms and search engines;
  • Other Services users (specifically, the listings and designers you favorite, the products you list for sale, users you follow and users that follow you may be made public to other users);
  • Consulting and advisory firms; and
  • Affiliates;
Transactional Information. If you complete a purchase through our Services, we collect information provided in connection with the transaction. This may include your name, email address, and shipping address, in addition to product details and purchase price.We may use this information:
  • to verify your identity;
  • in connection with detection and prevention of fraud or other illegal activity;
  • to provide to you the features and functionality of the Services;
  • to tailor how the Services are displayed to you; and
  • to improve our Services and your user experience.
  • For our performance under and enforcement of the Terms of Service.
  • Legitimate business interests, including administering and improving the Services and communicating with you regarding questions and complaints, as well as fraud detection and prevention.
  • In connection with publicly visible user profiles, we will make purchase history information public to the extent you have given us consent to do so.
  • Compliance with applicable laws.
We may share this information with:
  • Payment processors and financial institutions so you can make and receive payments;
  • Customer support platforms;
  • Fraud prevention vendors;
  • Shipping carriers or logistics providers that facilitate the delivery of items purchased;
  • Cloud storage providers;
  • Analytics providers;
  • Vendors that support our legal compliance efforts;
  • Government authorities/ law enforcement (when requested or needed for fraud prevention and security);
  • Other Services users, (specifically, your purchase history may be made public to other users, to the extent you have given us consent to do so);
  • Consulting and advisory firms; and
  • Affiliates.
Log files and information about your device. We collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity on our Services, such as access times, pages viewed, links and push notifications clicked, and the page you visited before navigating to our Services.We may use this information:
  • to verify your identity;
  • in connection with detection and prevention of fraud or other illegal activity;
  • to tailor how the Services are displayed to you; and
  • to improve our Services and your user experience.
  • Legitimate business interests, including administering and improving the Services, and tailoring the Services to the user, as well as fraud detection and prevention.
  • Compliance with applicable laws.
We may share this information with:
  • Payment processors and financial institutions so you can make and receive payments;
  • Email marketing providers;
  • Customer support platforms;
  • Cloud storage providers;
  • Analytics providers;
  • Social media platforms and search engines;
  • Government authorities/ law enforcement (when requested or needed for fraud prevention and security);
  • Consulting and advisory firms; and
  • Affiliates.
Inquiry and Communications Information. Such as information provided in custom messages sent through the forms, in chat messages, to one of our email addresses, or via phone. This also includes contact information provided on our Services.We may use this information:
  • to investigate and respond to your inquiries, and to communicate with you; and
  • to enhance the Services.
  • Legitimate business interests, including administering and improving the Services.
  • For our performance under and enforcement of the Terms of Service.
We may share this information with:
  • Email marketing providers;
  • Customer support platforms;
  • Cloud storage providers;
  • Government authorities/law enforcement (when requested or needed for fraud prevention and security);
  • Analytics providers; and
  • Affiliates.
Newsletter and Promotional Emails. Such as email address and communication preferences.We may use this information:
  • to manage our communications with you; and
  • to send you information about products and services we think may be of interest to you.
  • Legitimate business interests, including administering and improving the Services.
  • In connection with marketing communications, we will send those to the extent you have given us consent to do so.
We may share this information with:
  • Email marketing providers;
  • Customer support platforms;
  • Cloud storage providers;
  • Analytics providers; and
  • Affiliates.
Contests, Sweepstakes, and Promotions. If you participate in any contests or other promotional events that we host, we may collect your contact information (such as your name, email, phone number, and postal code) and any other information requested at sign up, or as part of your entry, including photos/videos (each, as applicable). On occasion, we may also collect your shipping information, such as if you are a winner or purchase our products or services (where available). If you are part of our event or promotion partner, we may also collect information such as your name, company email, and company address. We may use this information:
  • to provide to you the features and functionality of the Services;
  • to communicate with you; and
  • to tailor how the Services are displayed to you.
  • Legitimate business interests, including administering and improving the Services.
  • For our performance under and enforcement of our contract with you, including the Terms of Service, or any other applicable promotional event, sweepstakes, or contest rules.
We may share this information with:
  • Email marketing providers;
  • Customer support platforms;
  • Cloud storage providers;
  • Business partners and affiliates;
  • Promotions service providers; and
  • Affiliates.
Feedback Information. We may also collect feedback and ratings you provide relating to our services or products.We may use this information:
  • to communicate with you;
  • to conduct market research;
  • to inform our marketing and advertising activities; and
  • to improve and grow our business.
  • Legitimate business interests, including administering and improving the Services.
  • For our performance under and enforcement of the Terms of Service.
We may share this information with:
  • Analytics providers;
  • Cloud storage providers;
  • Consulting and advisory firms;
  • Customer support platforms; and
  • Affiliates.
Approximate location information. Other than information you choose to provide to us, we do not collect information about your precise location. Your device's IP address may, however, help us determine an approximate location.We may use this information:
  • to monitor and detect fraud or suspicious activity in relation to your account; and
  • to tailor how the Services are displayed to you (e.g., language, currency, etc.).
  • Legitimate business interests, including administering and improving the Services, and tailoring the Services to the user as well as fraud detection and prevention.
We may share this information with:
  • Cloud storage providers;
  • Analytics providers; and
  • Affiliates.
Information received from social media platforms, such as Instagram and Facebook. If you interact with the Services through a social media platform or link your Grailed account with certain social media platforms such as Facebook, Instagram or Twitter, we may receive information from the social media platform, such as your name, age, photos, email address, phone number, location, workplace, friends list, and any other information you permit the social media platform to share with third parties. The data we receive is dependent on your privacy settings with the social media platform.We may use this information:
  • to provide to you the features and functionality of the Services;
  • to communicate with you; and
  • to tailor how the Services are displayed to you.
  • Legitimate business interests, including administering and improving the Services, and tailoring the Services to the user.
We may share this information with:
  • Customer support platforms;
  • Cloud storage providers;
  • Analytics providers; and
  • Affiliates.
Identity and Compliance Information. Such as name, birthdate, address, phone number, email address, bank account information, government ID number and copies of government ID or tax documents, along with a selfie image. We may use data collection and verification services provided by a third-party provider, Persona, to collect and verify such information. Persona may use a combination of machine-learning tools and optical scans to authenticate your identity document, and may use facial recognition technology to produce a unique biometric identifier based on facial geometry.We may use this information:
  • to verify your identity; and
  • in connection with detection and prevention of fraud or other illegal activity.

Our third-party provider, Persona, may use a combination of machine- learning tools and optical scans to authenticate your identity document, and may use facial recognition technology to produce a unique biometric identifier based on facial geometry that can be used to compare your selfie to the image on the identity document you provided to determine the likelihood that the images are a "match."

  • Legitimate business interests, namely the detection and prevention of fraud and financial crime and compliance with applicable laws and regulations.
  • For our performance under and enforcement of the Terms of Service.
We may share this information with:
  • Government authorities/law enforcement (when requested or needed for fraud prevention and security, or to fulfill our legal obligations);
  • The buyer you are dealing with, if we are required to do so by applicable laws and regulations; and
  • Affiliates.

ANNEX 2 - PROVISIONS FOR INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA TO THE UNITED STATES

We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Our parent company (1661, Inc. dba GOAT) has certified to the U.S. Department of Commerce that it and its U.S. subsidiaries adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. GOAT has certified to the U.S. Department of Commerce that it and its U.S. subsidiaries adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the DPF Principles), the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view GOAT's certification, please visit https://www.dataprivacyframework.gov/.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

Complaints per the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact us by using the contact details set forth in the Privacy Notice. EU, UK and Swiss individuals may, under certain circumstances, invoke binding arbitration with respect to complaints about our collection and use of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. See DPF Annex 1 here.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Judicial Arbitration and Mediation Services, Inc. (JAMS), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Onward transfers to third parties

In the event that we disclose your personal data to third parties to perform certain business-related services on our behalf as "agents" (as such term is utilized under the DPF), we will do so only for limited and specified purposes consistent with any notice provided to you or your choices regarding processing and disclosure. These companies perform services at our instruction and pursuant to contracts which require they provide at least the same level of privacy protection as is required under the DPF and notify us if they are no longer able to provide such protections, at which point we will take reasonable remedial steps. We may also disclose personal data to our affiliates in order to support marketing, sale, and delivery of any services, or other business operations as disclosed in the How Do We Share Information? section of the Privacy Notice and Annex 1 to the Additional Privacy Disclosures for EEA, UK and Swiss Users.

Our accountability for personal data that we receive under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, we remain responsible and liable under the DPF Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Option to limit certain onward transfers to third parties

You have the opportunity to opt-out of sharing of your personal data with third parties other than our agents or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal data under the DPF, please submit a written request using the contact details set forth in the Privacy Notice, indicating as such.

We will not disclose your sensitive personal data to any third party without first obtaining your opt-in consent.

In each instance, please allow us a reasonable amount of time to process your response.

Your DPF rights

Upon request to us, we will confirm whether we are processing your personal data pursuant to the DPF and provide you with the data in a reasonable amount of time. You also have the right to correct, amend, or delete the personal data processed pursuant to the DPF where it is inaccurate or has been processed in violation of our privacy disclosures to you, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable amount of time to respond to your inquiries and requests.

Personal data retention

We will retain the personal data processed pursuant to the DPF in a form that identifies you pursuant to the retention policy described above. We may continue processing such personal data for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of our privacy disclosures. After such time periods have expired, we may either delete your personal data or retain it in a form such that it does not identify you personally.

How we protect your data

We will implement reasonable and appropriate security measures to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data.

If you wish to enquire further about these safeguards used, please contact us using the contact details set forth in the Privacy Notice.