Effective January 1, 2020
What is MemberLeap's Commitment To Privacy?
Your privacy is important to us (Vieth Consulting). We understand that you are aware of and care about your own privacy interests, and we take that seriously. To better protect your privacy, we provide this privacy notice (the Policy) explaining our online information practices and the choices you can make about the way your personal information (Personal Data) is collected and used. Your Personal Data is kept private and is never shared for a commercial reason with third parties.
What Is Covered By This Policy?
This Policy addresses individuals or households whose Personal Data we may receive from our customers (Customer(s)) in our web-based membership management application MemberLeap (collectively, the Services). In these cases, we do not decide why or how that Personal Data will be processed. Our Customers use our platform to store and process their own customers Personal Data. In these cases, we act only as a storage and service provider. We do not decide what Personal Data is being stored, and in general we will only access such Personal Data at our Customers request in connection with Customer support or account administration matters. We will only access your Personal Data to provide the services that our Customer has directed us to provide, or if we are required by law.
What Is Our Role With Respect To Your Personal Data?
Vieth Consulting acts as an agent, also known as a data processor or service provider, for the Personal Data we process for our Customers when providing our Services. This means that our Customers determine the type of Personal Data they provide for us to process on their behalf. We typically have no direct relationship with the individuals whose Personal Data we receive from our Customers.
What Is The Lawful Basis For Processing?
What Personal Data We Process and How We Obtain It?
The categories Personal Data we collect are:
Identifiers, such as:
Other Categories of Personal Data, such as:
Commercial Information, such as:
How Do We Obtain Your Personal Data?
We receive your Personal Data when you sign-up or provide it directly to one of our Customers (including our Customers employees, contractors, and other representatives of their companies) and they in turn provide the information to us, or when you provide it directly to us as part of using our Services.
How Do We Use Your Personal Data?
We use your Personal Data in the following ways:
Do We Disclose Your Personal Data To Third Parties?
We use Personal Data solely and exclusively for the purposes for which the Personal Data, or access to it is provided pursuant to (1) the Online Service Agreement, (2) as our Customers direct and pursuant to our contracts with those Customers, or (3) as required by law. We do not provide any of your information to third party advertisers. MemberLeap is free of advertising.
We use third parties service providers, and we may disclose Personal Data to those service providers only for business purposes. We do not share your Personal Data with third parties for commercial purposes. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties. We never use or share the Personal Data provided to us online in ways unrelated to the functioning of the MemberLeap for your organizations use and benefit.
Some of these third parties may be located outside of the European Union or the European Economic Area. In some cases, the European Commission may have determined that in some countries, their data protection laws provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission as recognized as providing an adequate level of protection to personal data. We will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These may include the European-Commission-approved standard contractual data protection clauses under Article 46.2 of the GDPR, or transfers on the basis of the Privacy Shield Framework.
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
We may also disclose your Personal Data if we sell or transfer all or some of our company's business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary, for business purposes.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.
What Is Our Data Retention Policy?
We retain Personal Data for as long as instructed by the respective Customer (who typically acts as a data controller or business under the Applicable Laws). We delete the Personal Data submitted to us by our Customers within six months of the end of the Online Service Agreement with the Customer, unless applicable laws require otherwise
Our Commitment to Data Integrity and Security
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of Personal Data, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure your Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction. For more details, please see our Data Security Policy.
What Privacy Rights Do You Have?
You can nevertheless view and edit your Personal Data in the Members Area. To better protect your security, we will also take reasonable steps to verify your identity before granting access or making corrections. However please note that with respect to all of the rights below, if we are merely processing your information on behalf of a Customer, we may re-direct your request or ask you to re-direct your request to the Customer.
Your Right To Know What Happens To Your Personal Data
This is called the right to be informed. It means that you have the right to obtain from us all information regarding our data processing activities that concern you (or your child), such as how we collect and use your Personal Data, how long we will keep it and who it will be shared with, among other things.
We are informing you of how we process your Personal Data with this Policy.
We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, as is usually the case, the GDPR exempts us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations.
Your Right to Know What Personal Data We Have About You
This is called the right of access. This right allows you to ask for full details of the Personal Data we hold on you.
You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you (or your child), and, where that is the case, a copy or access to the Personal Data and certain related information.
Once we receive and confirm that it was effectively you or your authorized agent who made the request, we will disclose to you:
Please take into account that the GDPR allows us not to satisfy your access request when:
Please know that the CCPA does not allow us to disclose Social Security numbers, drivers license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific numbers, passwords etc. to you for security and legal reasons.
Your Right to Change Your Personal Data
This is called the right to rectification. It gives you the right to ask us to correct without undue delay anything that you think is wrong with the Personal Data we have on file about you (or your child), and to complete any incomplete Personal Data.
If your account settings do not allow you to change it, please contact us and we will do our best to change the Personal Data for you.
Your Right To Erasure/Deletion
This is called the right to erasure, right to deletion or the "right to be forgotten". This right means you can ask for your Personal Data to be deleted. Please contact us if you want your Personal Data to be deleted. Again, and as with all of these rights, if we are merely processing your information on behalf of a Customer, we may re-direct your request or ask you to re-direct your request to the Customer.
Sometimes we can delete your Personal Data, but other times it is just not possible, like when the law tells us we cannot. If that's the case, we will consider if we can limit how we use it.
Occasions Where We Cannot Fulfill a Deletion Request Under the GDPR or the CCPA:
The GDPR and the CCPA allow us to deny erase of your Personal Data if we or our service providers need to retain the Personal Data to:
Your Right To Request Change In How We Process Your Personal Data
This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain occasions, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
Your Right to Ask Us To Stop Using Your Personal Data
This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). Also, you have the right to object at any time to the processing of your Personal Data for direct marketing purposes.
We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.
Your Right to Port or Move Your Personal Data
This is called the right to data portability. It's the right to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our services, so that you can:
We will provide your Personal Data in a structured, commonly used and machine-readable format. When you request electronically to know which Personal Data, we have about you, we will provide you a copy in electronic format.
Your Right Related To Automated Decision Making
Our Customers could use computers to study your Personal Data, and might use this Personal Data to know how you use their or our services. For decisions that may seriously impact you, you have "the right not to be subject to automatic decision-making, including profiling". But in those cases, our Customers should always explain to you when they might do this, why it is happening and the effect. MemberLeap does not use computers for this purpose.
Your Right Not To Be Discriminated Against For Exercising Your Privacy Rights
We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:
Your Right To Lodge a Complaint With a Supervisory Authority
If the GDPR applies to the processing of your Personal Data with us, the GDPR grants data subjects to lodge a complaint with a supervisory authority if youre not satisfied with how we process your Personal Data.
In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work or of an alleged violation of the GDPR.
Your Right To Opt-Out of The Sale of Personal Data
MemberLeap does not sell your Personal Information. If you are a California resident, you have the right to ask our Customers to not sell your Personal Data at any time. This is called the right to opt out. To exercise the right to opt-out, you (or your authorized agent) should contact our Customers directly.
What Should You Know About The Privacy of Children?
Our Services are not directed at, or intended for use by, children under the age of 13.
We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies, since they are placed directly by us. Other parties, such as Google, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.
If you would prefer not to accept cookies, you can change the setup of your browser to reject all or some cookies. Note, if you reject certain cookies, you may not be able to use all of our Services features. For more information, please visit https://www.aboutcookies.org/.
You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/. Please note that our Services do not have the capability to respond to Do Not Track signals received from web browsers.
What Is an Authorized Agent?
You may appoint an authorized agent to exercise your rights on your behalf. You should appoint such agent via written permission or a power of attorney pursuant to Probate Code sections 4000 to 4465 (if you reside in the State of California) or the applicable rules for authorizing somebody else to exercise your rights in your country of residence.
To verify that your authorized agent acts on your behalf, we will ask for this written permission from your agent or for the power of attorney. In case you provided your authorized agent with a written permission, we will require that you also verify your identity.
Why And How Do We Verify Your Identity?
Bear in mind that to evaluate your privacy rights requests (except the requests to stop the sale of your Personal Data), we need to be sure it was you who made the request. Consequently, we might need some identification to check that you are who you say you are. We will only use the Personal Data you provide us in a request to verify the requestor's identity or authority to make the request. Please note that you may only make a consumer request to know or data portability twice within a 12-month period.
What Is Our Response Timing And Format of Our Responses?
As mentioned above, it is likely that requests should be made to one of our Customers, because we are only processing your Personal Data at their direction. If we receive a Request that should be handled by one of our Customers, we will communicate this to you within ten (10) days of receiving your request.
For the rare cases when we are the correct party to make a request to, we will follow the procedure below.
We will confirm the receipt of your request in ten (10) days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, except when we have already granted or denied the request.
Please allow us up to 30 days to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option.
Consider that we will only cover the twelve-month period preceding the moment we receive the request in any disclosures we provide you with.
If we cannot satisfy a request, we will also explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the Personal Data from one entity to another entity without difficulty.
We promise we will not charge a fee for processing or responding to your requests. Exceptionally, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
What Else Should You Know About Your Privacy?
Please keep in mind that whenever you voluntarily disclose Personal Data online that Personal Data can be collected and used by others. In short, by posting Personal Data online that is publicly accessible, you may receive unsolicited messages from other parties in return. Furthermore, while we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us over the Internet, and you do so at your own risk. You are solely responsible for maintaining the secrecy of your passwords and/or any account information. Please be careful and responsible whenever you are online.
What Happens If Changes Are Made to The Policy?
We reserve the right to change this Policy, but will notify you of such changes through email and/or by posting a notice on the site. In the event of any material change, this notification will be prior to that change becoming effective.
How To Contact Us?
Should you have other questions or concerns about this Policy, please call us at 800.336.3008 or send us an email at email@example.com.
European Union - General Data Protection Regulation
VeraSafe has been appointed as Vieth Consulting's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to Vieth Consulting, only on matters related to the processing of Personal Data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Alternatively, VeraSafe can be contacted at:
VeraSafe Czech Republic s.r.o
Prague 1, 11002
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road