October Three Website Privacy Policy
Last updated: October 5, 2018
October Three Consulting LLC (“we”, “us”, “our”) is committed to protecting the privacy of visitors to its website (“Website”). When you access or browse the Website, certain information will be collected, transferred, processed, stored, and disclosed in accordance with this privacy policy (“Policy”). This Policy governs the information collection and disclosure practices for the Website. By accessing or browsing the Website, you expressly consent to the collection, transfer, use, processing and storage of your information (including personal information) as described in this Policy. IF AT ANY TIME YOU DO NOT AGREE WITH THIS POLICY OR THE INFORMATION COLLECTION, USE, AND, DISCLOSURE PRACTICES DESCRIBED IN THIS POLICY, DO NOT USE THE WEBSITE.
IMPORTANT: THIS POLICY REQUIRES YOU TO RESOLVE DISPUTES WITH US THROUGH FINAL AND BINDING ARBITRATION ON AN INDIVIDUAL BASIS, RATHER THAN THROUGH JURY TRIALS OR CLASS ACTIONS, AND ALSO LIMITS THE REMEDIES AVAILABLE TO YOU IN THE EVENT OF A DISPUTE. YOU EXPRESSLY ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND ALL THE TERMS OF THIS POLICY.
1. INFORMATION COLLECTION PRACTICES
1.1 General
When you visit the Website, you can browse without submitting personal information about yourself. If you subscribe for news alerts or register for access to white papers, we will collect some personally identifiable information from you, including your email address. This Section of the Policy outlines the various ways that information is collected from the Website. Please fully review this Policy before you use the Website or submit information to us. We are responsible for the collection and use of your personal information and act as controller under the European Union’s General Data Protection Regulation (“GDPR”).
1.2. Information that You Provide
If you send us personal correspondence through the Website, such as emails or letters, we may save the information in a profile specific to you.
1.3. Automatically Collected Information
We will collect some information about you and the computer or device you use to access or use the Website automatically using a variety of technologies. In general, automatically collected information about use of the Website does not directly identify you and the information may include your diagnostic log information, IP address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, cookie information, the pages you requested and viewed, the amount of time spent on particular pages, and the date and time. We collect this information for the purposes described in this Policy, including to better understand our customer base and to improve the quality of our Website and the services we provide. This information does not allow personal identification and is not connected with your personal information. It is only used to facilitate and improve your access to and the usage of the Website, which is our legitimate interest pursuant to Sec. 6 para. 1 lit. f) GDPR. The practices we use to automatically collect some information about you are described below:
a. Cookies. A cookie is a small text file that is stored on a user’s computer or device. We use cookies to record information about your activities on the Website to “remember” you when you return to the Website. Some cookies remain on your computer or device until you delete them. Others, like session ID cookies, expire when you close your browser. You may set your browser setting to attempt to reject cookies and you may still use the Website. See Section 5 (Online Tracking and Your Choices) below for more information on how the Website may respond to your browser settings. We do not control the use of cookies by third parties. See Section 4 (Third-Party Providers) for more information and review the privacy policies of all third-party providers for more information on third-party cookies.
b. Pixels (aka web beacons/web bugs/java script). Pixels are tiny graphics with a unique identifier that are used to track the online movements of web users. Unlike cookies, which are stored on a user’s computer hard drive, pixels are small graphics that are about the size of the period at the end of the sentence and are embedded invisibly on web pages or in HTML-based emails. Our third-party analytics provider may place pixels on our Website that track what other websites you visit (both before and after visiting the Website). Our third-party analytics provider uses information obtained from pixels to help us improve our business and the Website. We do not control the use of pixels by third parties. See Section 4 (Third-Party Providers) for more information and review the privacy policies of each of the third-party providers for more information on third-party pixels.
2. USE OF INFORMATION
2.1. General
We may use your personally identifiable information (including tracking information) to: (a) operate, maintain, and improve the Website and services that we provide (including providing you a more personal experience); (b) communicate with you; (c) provide you information about products and services (including products and services of third parties); (d) market; (e) conduct research; (f) resolve disputes; (g) detect and protect against errors, fraud, and criminal activity; (h) assist law enforcement; (i) enforce this Policy and any of the terms related to the Website or our services; and (j) fulfill any other purpose described in this Policy or that we describe to you at the time of collection. This information processing serves our legitimate interest of enhancing the performance of the Website and the services, eliminating errors, and being able to offer you a better customer experience, pursuant to Art. 6 para. 1 lit. f) GDPR.
2.2. Email Communications
We may use your personally identifiable information to send you emails or other communications related to the Website or other services we provide to you, or in response to your inquiries or requests. You may not opt out of receiving Website- or service-related messages that are not promotional in nature. We may also send you marketing emails, surveys, or newsletters to notify you about products or services that may be of interest to you. If you would like to stop receiving marketing emails from us, please click on the unsubscribe link at the bottom of any marketing email you receive. If you opt out, you will continue to receive Website- and service-related emails.
2.3. Non-identifying Information
We may use non-identifying information for any lawful purpose, including analyzing trends, research, services administration, tracking users’ movements around the Website, and to improve our business, the Website, and our services.
2.4. Retaining Your Information
In general, we will retain your information indefinitely, or as long as legally required or allowed. If you cancel your Account or your Account is otherwise terminated, we may, but are not obligated to, delete information we have collected or obtained from third parties and we may continue to use and disclose it in accordance with this Policy. If we no longer need your information for any of the purposes described in this Policy, and if we are required to do so pursuant to GDPR or any other applicable law, we will delete that information once it is no longer needed.
3. INFORMATION SHARING
3.1. Generally
We will not sell or rent any of your personal information to third parties for marketing purposes. However, we may disclose your information to any affiliated entity or organization and to agents and service providers. We may share non-identifying information with third parties for any lawful purpose, including analyzing trends, research, services administration, tracking users’ movements around the Website, and to improve our business, products, services, and the Website. Use of information by affiliated entities and organizations will be subject to this Policy or an agreement that is at least as restrictive as this Policy. For information on use of information by agents and service providers, see Section 4 (Third-Party Providers).
3.2. Legal Requirements
In some cases, we may disclose your personally identifiable information as required by law; if we believe that disclosure is needed to protect our rights; to government regulators; to law enforcement authorities; in connection with any judicial proceeding, court order, subpoena, or legal process served on us; or to respond to a physical threat to you or another person (pursuant to Art. 6 para. 1 lit. c) GDPR).
3.3. Insolvency and Business Transitions
If we ever file for bankruptcy or engage in a business transition such as a merger with another company or if we purchase, sell, or reorganize all or a part of our services or our business or assets, we may disclose your personal information, including to prospective or actual purchasers in connection with one of these transactions (pursuant to Art. 6 para. 1 lit. f) GDPR).
3.4. Disclaimer
We cannot ensure that all of your personal information will never be disclosed in ways not otherwise described in this Policy. For example, we may be required to disclose personal information to the government or third parties under certain circumstances, third parties may unlawfully intercept or access transmissions or private communications, or users may abuse or misuse your personal information that they collect from the Website. No transmission of data over the Internet can be 100% secure, although we will take appropriate technical and organizational measures consistent with industry standards to safeguard your personal information against loss, theft, and unauthorized use, access, or modification.
4. THIRD PARTY PROVIDERS
4.1. General
We use third parties to help us operate and improve the Website and our services. We may provide these third parties with information we collect from you. If we do provide to third parties information that we collect about you, that information will, unless specifically noted otherwise in this Policy, be governed by this Policy and may only be used by those third parties to help us operate or improve our business or the Website or to provide services to us. These third parties may themselves also collect information from you and/or about your use of the Website. We do not control information collected by those third parties and are not responsible for their use of that information. Please review their privacy policies for more information on their information collection, use, and sharing practices.
4.2. Google Analytics
We use Google, a third-party analytics provider, to collect information about the users of the Website, including demographic and interest-level information. Google uses cookies and pixels in order to collect demographic, interest-level, and other usage information from users that visit the Website, including information about the pages where users enter and exit the Website and what pages users view on the Website, as well as time spent, browser, operating system, and IP address. Cookies and pixels allow Google to recognize a user when a user visits the Website and when the user visits other websites. Google uses the information it collects from the Website and other websites to share with us and other website operators information about users, including age range, gender, geographic regions, general interests, and details about the devices used to visit websites and purchase items. We do not link information we receive from Google with any of your personally identifiable information. For more information regarding Google’s use of cookies, pixels, and collection and use of information, see the Google Privacy Policy. If you would like to opt out of Google Analytics tracking, please visit the following link: Google Analytics Opt-out Browser Add-on.
5. ONLINE TRACKING AND YOUR CHOICES
As discussed above, because we and our third-party service providers automatically collect Website usage information through the use of cookies, pixels, and other tracking technologies (including as described in Section 1.3 (Automatically Collected Information) above, and otherwise in this Policy), your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of automatically collected information. One way to attempt to “opt out” of the collection of any information through cookies and some (but not all) other tracking technology is to actively manage the settings on your browser to delete and disable cookies and other tracking or recording tools. However, getting a “Do Not Track” signal to work as you might want is difficult and may not be possible. Using browsers as an example, not all tracking technologies can be controlled by browsers; unique aspects of your browser might be recognizable even if you disable a tracking technology; not all settings will necessarily last or be effective; even if a setting is effective for one purpose data still may be collected for another; and even if one website observes a “Do Not Track” signal, that website usually will not be able to control other websites.
6. INFORMATION SECURITY MEASURES
Keeping secure personal information that we collect is of great concern to us. While we have mechanisms in place to safeguard your personal information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. When you provide information to the Website, you do so at your own risk.
7. CHILDREN
7.1. The Website is not for or Directed toward Children
Our primary audience is adults. We do not intend to and will not knowingly collect any personal information from children under the age of 13. Children under the age of 13 are prohibited from using the Website without their parent’s or guardian’s supervision and consent. If we learn that we have collected information from a child under the age of 13, we will remove that information immediately and delete it from our servers (subject to applicable law and this Policy). If you believe content from a child under the age of 13 has been posted to the Website, please contact us using the contact information in the Privacy Questions section at the bottom of this Policy. We also recommend that children over the age of 13 ask their parents or guardians for permission before sending any information about themselves to anyone over the Internet.
7.2. California Minors
If you are a California resident who is under age 18 and you are unable to remove publicly available content that you have submitted to us, you may request removal by contacting us using the contact information in Section 14 (Privacy Questions) below. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information is located, so that we can find it. We are not required to remove any content or information that: (a) federal or state law requires us or a third party to maintain; (b) was not posted by you; (c) is anonymized so that you cannot be identified; (d) you don’t follow our instructions for removing or requesting removal; or (e) you received compensation or other consideration for providing the content or information. REMOVAL OF YOUR CONTENT OR INFORMATION FROM THE WEBSITE DOES NOT ENSURE COMPLETE OR COMPREHENSIVE REMOVAL OF THAT CONTENT OR INFORMATION FROM OUR SYSTEMS OR THE SYSTEMS OF OUR SERVICE PROVIDERS. We are not required to delete the content or information you posted. Our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
8. CALIFORNIA SHINE THE LIGHT LAW
California Civil Code Section 1798.83 permits California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed personal information (as defined under that statute) of that California resident, for direct marketing purposes in the preceding calendar year and the categories of that kind of personal information that was disclosed to them. If you are a California resident and you wish to make such a request, you may contact us by using the contact information in the Privacy Questions section at the bottom of this Policy.
9. ACCESSING AND UPDATING YOUR PERSONAL INFORMATION
If you do not want your information accessed or stored as described in this Policy, you should not access or use the Website.
10. MODIFICATION OF THIS POLICY
The Effective Date of this Policy is set forth at the top of this webpage. We reserve the right to change this Policy as business needs require. If we make material changes to the way we use personal information, we will provide advance notice to you by email or by posting a message on the Website. Your continued use of the Website after the Effective Date constitutes your acceptance of the amended Policy. The amended Policy supersedes all previous versions.
11. EUROPEAN PRIVACY LAW
11.1 Data Subject Rights.
You may be entitled to a number of other rights under the GDPR. These rights are summarized below. We may require you to verify your identity before we respond to your requests to exercise your rights. If you are entitled to these rights, you may exercise any of these rights with respect to your personal information that we collect and store. You have the right to:
-
Withdraw consent at any time where we are relying on your consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent;
-
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully, or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request;
-
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
-
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
-
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us;
-
Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
-
Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the information’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it;
You may exercise these rights free of charge. These rights will be exercisable subject to limitations as provided for by GDPR. Any requests to exercise the above-listed rights may be made to: support@octoberthree.com.
11.2 European Data Retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
12. NOTICE TO USERS OUTSIDE OF THE UNITED STATES
We are headquartered in the United States. Your use of the Website and any services provided to you though the Website are governed by United States law. If you are using the Website from outside of the United States, your information may be transferred to, stored, and processed in the United States where our servers are located. In accordance with and as permitted by applicable law and regulations, we reserve the right to transfer your information, process, and store it outside your country of residence to wherever we or our third-party service providers operate.
13. DISPUTE RESOLUTION
This Policy, and any dispute, claim, or cause of action (whether in contract, tort, or statute) that may be based upon, arise out of, or relate to this Policy or the execution or performance of either party pursuant to this Policy (including any cause of action based upon, arising out of, or related to any representation or warranty made in connection with this Policy or as an inducement to agree to this Policy), will be governed by, and enforced in accordance with, the internal laws of the State of New York, including its statutes of limitations. You agree that all such disputes must be settled only through binding arbitration that will be subject to the Federal Arbitration Act and not any state arbitration law. Arbitration shall be conducted by one commercial arbitrator with substantial experience in resolving commercial contract disputes from the American Arbitration Association (“AAA”) and will be governed by the AAA’s Commercial Arbitration Rules. YOU UNDERSTAND THAT BY AGREEING TO THIS POLICY, YOU ARE AGREEING TO GIVE UP YOUR RIGHT TO GO TO COURT OR HAVE A JUDGE OR JURY HEAR ANY DISPUTE THAT MAY ARISE BETWEEN YOU AND US. YOU ALSO HEREBY WAIVE ANY RIGHT YOU MIGHT HAVE TO RESOLVE ANY DISPUTE ON ANY BASIS (INCLUDING, BUT NOT LIMITED TO A CLASS ACTION BASIS) INVOLVING CLAIMS BROUGHT IN A PURPORTED REPRESENTATIVE CAPACITY ON BEHALF OF THE GENERAL PUBLIC OR OTHER PERSONS SIMILARLY SITUATED. YOU AGREE THAT THIS ALSO MEANS THAT THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON’S CLAIMS. All arbitrations shall be conducted solely based on written submissions or, if the damages you claim exceed the amounts that could otherwise be brought in small claims court, a telephonic hearing, unless the arbitrator deems a face-to-face hearing is appropriate, in which case one will be held in Chicago, Illinois. The arbitrator’s ruling is binding and confidential. You shall be responsible for your attorneys’ fees and other costs in bringing any claim against us, including all costs associated with the arbitration, and we shall be responsible for our own such costs. Notwithstanding the preceding, you agree that claims of defamation, violation of the Computer Fraud and Abuse Act, and infringement or misappropriation of intellectual property rights are not required to be arbitrated, but such claims must be brought exclusively in the state or federal courts located in Chicago, Illinois, and each of you and us hereby consents to the jurisdiction of those courts. Actions seeking equitable relief (including injunctive relief) are also not required to be arbitrated, and each of you and us may enforce any provision of this Policy by seeking equitable relief (in addition to all other remedies available to it) without the need to prove the inadequacy of monetary damages or to post bond or other security.
14. PRIVACY QUESTIONS
If you have any concerns or questions about these policies, please contact us at: info@octoberthree.com.