Effective Date: March 8, 2021
Thanks for using Attribytes! Our mission is to connect food service manufacturers and distributors through a revolutionary platform. In this Privacy Notice (the “Notice”) we describe how we collect, use, and handle your personal information (“Personal Data”) when you use our software and services (“Services”).
Under this Notice, we operate as a data processor for the Personal Data processed through our Services. This means that our customers determine the type of Personal Data they provide us to process on their behalf. We collect and use the following categories of Personal Data for the purposes of processing the Personal Data in order to provide our Services, as requested and instructed by our customers:
1.1 Account Personal Data: We collect, and associate with your account, the Personal Data you provide to us when you do things such as sign up for your account, upgrade to a paid plan, and connect your product data to trading partners. Some of our Services let you access your accounts and your Personal Data via other service providers. Personal Data we may collect here includes your username, account settings, contact information, profile picture, and payment information.
1.2 Your Content: Our Services are designed to make it simple for you to access your product data, documents, contracts, and so on (“Your Content”), collaborate with others, and work across multiple devices. To make that possible, we store, process, and transmit Your Content as well as Personal Data related to it. This related Personal Dataincludes your profile Personal Data that makes it easier to collaborate and share Your Content with others. Our Services provide you with different options for sharing Your Content.
1.3 Contacts: You may choose to give us access to your contacts to make it easy for you to do things like share and collaborate on Your Content, send messages, and invite others to use the Services. If you do, we’ll store those contacts on our servers for you to use.
1.4 Usage Information: We collect Personal Data related to how you use the Services, including actions you take in your account (like updating a product record). We use this Personal Data to improve our Services, develop new services and features, and protect Attribytes users.
1.5 Device Information: We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.
1.6 Cookies and Other Technologies: We use technologies like cookies and pixel tags to provide, improve, protect, and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving the Services based on that information. You can adjustyour browser settings to not accept cookies, but this may limit your ability to use the Services.
1.7 Marketing: We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our free Services, we will, from time to time, send you information about upgrades when permissible. Users who receive these marketing materials can opt out at any time. If you do not want to receive marketing materials from us, simply click the ‘unsubscribe’ link in any email or update your preferences in the Notifications section of your personal account.
We sometimes contact people who do not have an Attribytes account for marketing purposes or to respond to a communication received. For recipients in the EU, we or a third party will obtain consent before contacting you. If you receive an email and no longer wish to be contacted by Attribytes, you can unsubscribe and remove yourself from our contact list via the message itself.
1.8 Bases for Processing Your Personal Data: We must have a valid reason to use your Personal Data. This is called the lawful basis for processing. Attribytes acts as a data processor, meaning we process your Personal Data based on your instructions.
We may share Personal Data as discussed below, but we won’t sell it to advertisers or other third parties.
2.1 Others Working For and With Attribytes: Attribytes uses certain trusted third parties (for example, providers of customer support and IT services) to help us provide, improve, protect, and promote our Services. These third parties will access your Personal Data solely to perform tasks on our behalf in compliance with this Notice, and we’ll remain responsible for their handling of your Personal Data. However, these third parties are required to enter into strict data processing agreements to ensure that they keep your Personal Data confidential, only use it for the services they provide to Attribytes, and treat your Personal Data with the same level of protection that we do. The categories of third parties to which we may disclose your Personal Data include:
Note if you are located in the EU: some of these third parties may be located outside of the European Union or the European Economic Area. In some cases, the European Commission may have determined that the data protection laws of the third party countries provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission has recognized as providing an adequate level of protection to personal data. We will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These may include the European Commission-approved standard contractual data protection clauses under Article 46.2 of the GDPR.
2.2 Other Users: Our Services display Personal Data like your name, profile picture, and email address to other users (notably, partners you trade with) in places like your user profile and sharing notifications. You can also share Your Content with other users if you choose. When you register your Attribytes account with an email address on a domain owned by your employer or organization, we may help collaborators and administrators find you and your team by making some of your basic Personal Data—like your name, team name, profile picture, and email address—visible to other users on the same domain. This helps you sync up with teams you can join and helps other users share files and folders with you. Certain features let you make additional Personal Data available to others.
2.3 Other Applications: You can also give third-party providers access to your Personal Data and account — for example, via Attribytes’ API. Just remember that their use of your Personal Data will be governed by their privacy policies and terms.
2.4 Law & Order and the Public Interest: We may disclose your Personal Data to third parties if we determine that such disclosure is reasonably necessary to:
Stewardship of your Personal Data is critical to us and a responsibility that we embrace. We’ll abide by the following Government Request Principles when receiving, scrutinizing, and responding to government requests (including national security requests) for your data:
We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.
3.1 Security: We have a team dedicated to keeping your Personal Data secure and testing for vulnerabilities. We also continue to work on features to keep your Personal Data safe, such as two-factor authentication, encryption of files at rest, and alerts when new devices and apps are linked to your account. We deploy automated technologies to detect abusive behavior and content that may harm our Services, you, or other users.
3.2 User Controls: You can access, amend, download, and delete your Personal Data directly through your account on our Services or by reaching out to us using our contact information below.
3.3 Retention: When you sign up for an account with us, we’ll retain Personal Data you store on our Services for as long as your account is in existence or as long as we need it to provide you the Services. If you delete your account, we will initiate deletion of this Personal Data after thirty (30) days. Please note: (1) there might be some latency in deleting this Personal Data from our servers and back-up storage; and (2) we may retain this Personal Data if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
You have specific rights regarding your Personal Data collected and processed by us. In this section, we describe those rights. If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data.
You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.
Please note that requests to exercise these rights should generally be sent directly to the party who provided your Personal Data to us. Attribytes has limited rights to access Personal Data submitted to us by customers. If you choose to contact us with your request, please provide the name of the Attribytes customer who submitted your Personal Data, if you did not do so directly. We will forward your request to that customer and provide any necessary assistance in responding to the request.
Right to Know What Happens to Your Personal Data
This is called the “right to be informed”. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.
We are informing you of how we process your Personal Data with this Notice.
Right to Know What Personal Data Attribytes Has About You
This is called the right of access. This right allows you to ask for full details of the Personal Data we hold about you.
You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you, and, where that is the case, a copy of or access to the Personal Data and certain related information. Once we receive and confirm that the request comes from you or your authorized agent, we will disclose to you:
Please take into account that the GDPR allows us not to satisfy your access request when:
The CCPA does not allow us to disclose account passwords or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific items to you for security and legal reasons.
Right to Correct Your Personal Data
This is called the right to rectification. It gives you the right to ask us to correct anything that you think is wrong with the Personal Data we have on file about you and to complete any incomplete Personal Data.
Right to Delete Your Personal Data
This is called the right to erasure, right to deletion, or the “right to be forgotten”. This right means you can ask for your Personal Data to be deleted.
You may be able to remove information from your account after logging in or even to entirely delete your account on our Services. If there is any other Personal Data you would like deleted, you can ask us to do so using the contact information listed in this Notice.
Sometimes we can delete your information, but other times it may not be possible, such as when the law tells us we cannot do so. If that is the case, we will consider if we can limit how we use it. There may also be circumstances where we deny your request to delete your information under applicable law, such as if we or our service providers need to retain the Personal Data to:
Right to Ask us to Change How We Process Your Personal Data
This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain circumstances, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
Right to Ask Us to Stop Using Your Personal Data
This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). Also, you have the right to object at any time to the processing of your Personal Data for direct marketing purposes.
We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.
Right to Port or Move Your Personal Data
This is called the right to data portability. It is the right to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our Services, so that you can:
We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you make a data portability request electronically, we will provide you a copy in electronic format.
Right to Withdraw Your Consent
Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.
If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.
Right Not to be Discriminated Against for Exercising your Privacy Rights
We will not discriminate against you for exercising any of your privacy rights, meaning we will not:
Right to Lodge a Complaint with a Supervisory Authority
If the GDPR applies to the processing of your Personal Data with us, the GDPR grants you the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data.
In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or of the alleged violation of the GDPR.
Bear in mind that to evaluate your privacy rights requests, we need to be sure it was you who made the request. Consequently, we may need some information to confirm that you are who you say you are. For requests submitted via password-protected accounts, your identity is already verified. For requests sent by other means, you will need to provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data. Generally, we will request only information that we already have about you to confirm your identity, but under some circumstances we may require additional information or documentation to complete your request. We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request. Making a request does not require you to create an account with us.
We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.
Please note that you may only make a consumer request to know or for data portability twice within a 12-month period under the CCPA.
We will confirm the receipt of your request within ten (10) days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.
Please allow us up to thirty (30) days to reply to you from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why, and the extension period, in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option.
If we cannot satisfy a request from you, we will also explain why in our response.
We will not charge a fee for processing or responding to your requests unless we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
The Services are not directed at, or intended for use by, children under the age of 13.
If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use our Services after we post any of these changes, you accept the modified Notice.
If you have any questions about this Notice or our processing of your Personal Data, or want to submit a verifiable consumer request, please write to the Syndigo privacy team by email at privacy@syndigo.com or call at 1-877-847-5467 or by postal mail at:
Syndigo LLC
Attn: Debra Osborn, Senior Counsel
141 W. Jackson Blvd., Ste 1220
Chicago, IL 60604
United States
Please allow up to four weeks for us to reply.
Data Protection Officer: We have appointed VeraSafe as our Data Protection Officer (“DPO”). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:
VeraSafe
22 Essex Way #8203
Essex, VT 05451 USA
Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/