close
close

Attribytes Privacy Policy

Effective Date: March 8, 2021

Thanks for using Attribytes! Our mission is to connect food service manufacturers and distributors through a revolutionary platform. In this Privacy Notice (the “Notice”) we describe how we collect, use, and handle your personal information (“Personal Data”) when you use our software and services (“Services”).

1. What & Why

Under this Notice, we operate as a data processor for the Personal Data processed through our Services. This means that our customers determine the type of Personal Data they provide us to process on their behalf. We collect and use the following categories of Personal Data for the purposes of processing the Personal Data in order to provide our Services, as requested and instructed by our customers:

1.1 Account Personal Data: We collect, and associate with your account, the Personal Data you provide to us when you do things such as sign up for your account, upgrade to a paid plan, and connect your product data to trading partners. Some of our Services let you access your accounts and your Personal Data via other service providers. Personal Data we may collect here includes your username, account settings, contact information, profile picture, and payment information.

1.2 Your Content: Our Services are designed to make it simple for you to access your product data, documents, contracts, and so on (“Your Content”), collaborate with others, and work across multiple devices. To make that possible, we store, process, and transmit Your Content as well as Personal Data related to it. This related Personal Dataincludes your profile Personal Data that makes it easier to collaborate and share Your Content with others. Our Services provide you with different options for sharing Your Content.

1.3 Contacts: You may choose to give us access to your contacts to make it easy for you to do things like share and collaborate on Your Content, send messages, and invite others to use the Services. If you do, we’ll store those contacts on our servers for you to use.

1.4 Usage Information: We collect Personal Data related to how you use the Services, including actions you take in your account (like updating a product record). We use this Personal Data to improve our Services, develop new services and features, and protect Attribytes users.

1.5 Device Information: We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.

1.6 Cookies and Other Technologies: We use technologies like cookies and pixel tags to provide, improve, protect, and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving the Services based on that information. You can adjustyour browser settings to not accept cookies, but this may limit your ability to use the Services.

1.7 Marketing: We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our free Services, we will, from time to time, send you information about upgrades when permissible. Users who receive these marketing materials can opt out at any time. If you do not want to receive marketing materials from us, simply click the ‘unsubscribe’ link in any email or update your preferences in the Notifications section of your personal account.

We sometimes contact people who do not have an Attribytes account for marketing purposes or to respond to a communication received.  For recipients in the EU, we or a third party will obtain consent before contacting you. If you receive an email and no longer wish to be contacted by Attribytes, you can unsubscribe and remove yourself from our contact list via the message itself.

1.8 Bases for Processing Your Personal Data: We must have a valid reason to use your Personal Data. This is called the lawful basis for processing. Attribytes acts as a data processor, meaning we process your Personal Data based on your instructions.

2. With Whom

We may share Personal Data as discussed below, but we won’t sell it to advertisers or other third parties.

2.1 Others Working For and With Attribytes: Attribytes uses certain trusted third parties (for example, providers of customer support and IT services) to help us provide, improve, protect, and promote our Services. These third parties will access your Personal Data solely to perform tasks on our behalf in compliance with this Notice, and we’ll remain responsible for their handling of your Personal Data. However, these third parties are required to enter into strict data processing agreements to ensure that they keep your Personal Data confidential, only use it for the services they provide to Attribytes, and treat your Personal Data with the same level of protection that we do. The categories of third parties to which we may disclose your Personal Data include:

  • Infrastructure services providers
  • Customer service providers
  • Internet service providers
  • Cloud service providers
  • Office tools providers
  • Email service providers
  • Web analytics providers
  • Enterprise open source solutions providers
  • Project management tool providers
  • Application hosting service providers

Note if you are located in the EU: some of these third parties may be located outside of the European Union or the European Economic Area. In some cases, the European Commission may have determined that the data protection laws of the third party countries provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission has recognized as providing an adequate level of protection to personal data. We will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These may include the European Commission-approved standard contractual data protection clauses under Article 46.2 of the GDPR.

2.2 Other Users: Our Services display Personal Data like your name, profile picture, and email address to other users (notably, partners you trade with) in places like your user profile and sharing notifications. You can also share Your Content with other users if you choose. When you register your Attribytes account with an email address on a domain owned by your employer or organization, we may help collaborators and administrators find you and your team by making some of your basic Personal Data—like your name, team name, profile picture, and email address—visible to other users on the same domain. This helps you sync up with teams you can join and helps other users share files and folders with you. Certain features let you make additional Personal Data available to others.

2.3 Other Applications: You can also give third-party providers access to your Personal Data and account — for example, via Attribytes’ API. Just remember that their use of your Personal Data will be governed by their privacy policies and terms.

2.4 Law & Order and the Public Interest: We may disclose your Personal Data to third parties if we determine that such disclosure is reasonably necessary to:

  • comply with any applicable law, regulation, legal process, or appropriate government request;
  • protect any person from death or serious bodily injury;
  • prevent fraud or abuse of Attribytes or our users;
  • protect Attribytes’s and partner’s rights, property, safety, or interest;
  • perform a task carried out in the public interest; or
  • sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring.

Stewardship of your Personal Data is critical to us and a responsibility that we embrace. We’ll abide by the following Government Request Principles when receiving, scrutinizing, and responding to government requests (including national security requests) for your data:

  • Be transparent,
  • Fight blanket requests,
  • Protect all users, and
  • Provide trusted services.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

3. How

3.1 Security: We have a team dedicated to keeping your Personal Data secure and testing for vulnerabilities. We also continue to work on features to keep your Personal Data safe, such as two-factor authentication, encryption of files at rest, and alerts when new devices and apps are linked to your account. We deploy automated technologies to detect abusive behavior and content that may harm our Services, you, or other users.

3.2 User Controls: You can access, amend, download, and delete your Personal Data directly through your account on our Services or by reaching out to us using our contact information below.

3.3 Retention: When you sign up for an account with us, we’ll retain Personal Data you store on our Services for as long as your account is in existence or as long as we need it to provide you the Services. If you delete your account, we will initiate deletion of this Personal Data after thirty (30) days. Please note: (1) there might be some latency in deleting this Personal Data from our servers and back-up storage; and (2) we may retain this Personal Data if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.

4. What Privacy Rights Do You Have

You have specific rights regarding your Personal Data collected and processed by us. In this section, we describe those rights. If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data.

You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.

Please note that requests to exercise these rights should generally be sent directly to the party who provided your Personal Data to us. Attribytes has limited rights to access Personal Data submitted to us by customers. If you choose to contact us with your request, please provide the name of the Attribytes customer who submitted your Personal Data, if you did not do so directly. We will forward your request to that customer and provide any necessary assistance in responding to the request.

Right to Know What Happens to Your Personal Data

This is called the “right to be informed”. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.

We are informing you of how we process your Personal Data with this Notice.

Right to Know What Personal Data Attribytes Has About You

This is called the right of access. This right allows you to ask for full details of the Personal Data we hold about you.

You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you, and, where that is the case, a copy of or access to the Personal Data and certain related information. Once we receive and confirm that the request comes from you or your authorized agent, we will disclose to you:

  • The categories of Personal Data we collected about you;
  • The categories of sources for the Personal Data we collected about you;
  • Our purposes for processing that Personal Data;
  • Where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
  • The categories of third parties with whom we share that Personal Data;
  • The specific pieces of Personal Data we collected about you;
  • If we sold or disclosed your Personal Data for a business purpose, two separate lists laying out the:
  • categories of Personal Data sold, and the categories of recipients who purchased the Personal Data; and
  • categories of Personal Data disclosed for a business purpose, identifying the categories of recipients who obtained the Personal Data;
  • If we rely on legitimate interests as a lawful basis to process your Personal Data, the legitimate interests pursued by us or by a third party; and
  • The appropriate safeguards for transferring data from the EU to a third country, if applicable.

Please take into account that the GDPR allows us not to satisfy your access request when:

  • you already have the information;
  • providing such information proves impossible or would involve a disproportionate effort, or where providing such information is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • that Personal Data must remain confidential subject to an obligation of professional secrecy regulated by Union or Member State law, including a statutory obligation of secrecy.

The CCPA does not allow us to disclose account passwords or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific items to you for security and legal reasons.

Right to Correct Your Personal Data

This is called the right to rectification. It gives you the right to ask us to correct anything that you think is wrong with the Personal Data we have on file about you and to complete any incomplete Personal Data.

Right to Delete Your Personal Data

This is called the right to erasure, right to deletion, or the “right to be forgotten”. This right means you can ask for your Personal Data to be deleted.

You may be able to remove information from your account after logging in or even to entirely delete your account on our Services. If there is any other Personal Data you would like deleted, you can ask us to do so using the contact information listed in this Notice.

Sometimes we can delete your information, but other times it may not be possible, such as when the law tells us we cannot do so. If that is the case, we will consider if we can limit how we use it. There may also be circumstances where we deny your request to delete your information under applicable law, such as if we or our service providers need to retain the Personal Data to:

  • Complete the transaction for which we collected the Personal Data;
  • Provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Enable solely internal uses reasonably aligned with your expectations based on your relationship with us;
  • Comply with a legal obligation, including (but not limited to) obligations from the California Electronic Communications Privacy Act; or
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Ask us to Change How We Process Your Personal Data

This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain circumstances, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.

Right to Ask Us to Stop Using Your Personal Data

This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). Also, you have the right to object at any time to the processing of your Personal Data for direct marketing purposes.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

Right to Port or Move Your Personal Data

This is called the right to data portability. It is the right to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our Services, so that you can:

  • move it;
  • copy it;
  • keep it for yourself; or
  • transfer it to another organization.

We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you make a data portability request electronically, we will provide you a copy in electronic format.

Right to Withdraw Your Consent

Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.

If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

Right Not to be Discriminated Against for Exercising your Privacy Rights

We will not discriminate against you for exercising any of your privacy rights, meaning we will not:

  • deny you goods or services;
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; or
  • provide you a different level or quality of goods or services.

Right to Lodge a Complaint with a Supervisory Authority

If the GDPR applies to the processing of your Personal Data with us, the GDPR grants you the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data.

In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or of the alleged violation of the GDPR.

5. Verification of Your Identity

Bear in mind that to evaluate your privacy rights requests, we need to be sure it was you who made the request. Consequently, we may need some information to confirm that you are who you say you are.  For requests submitted via password-protected accounts, your identity is already verified. For requests sent by other means, you will need to provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data. Generally, we will request only information that we already have about you to confirm your identity, but under some circumstances we may require additional information or documentation to complete your request. We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request. Making a request does not require you to create an account with us.

We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.

Please note that you may only make a consumer request to know or for data portability twice within a 12-month period under the CCPA.

6. Response Timing and Format of Our Responses

We will confirm the receipt of your request within ten (10) days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.

Please allow us up to thirty (30) days to reply to you from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why, and the extension period, in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option.

If we cannot satisfy a request from you, we will also explain why in our response.

We will not charge a fee for processing or responding to your requests unless we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

7. Privacy of Children

The Services are not directed at, or intended for use by, children under the age of 13.

8. Changes to this Notice

If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use our Services after we post any of these changes, you accept the modified Notice.

9. Contact

If you have any questions about this Notice or our processing of your Personal Data, or want to submit a verifiable consumer request, please write to the Syndigo privacy team by email at privacy@syndigo.com or call at 1-877-847-5467 or by postal mail at:

Syndigo LLC
Attn: Debra Osborn, Senior Counsel
141 W. Jackson Blvd., Ste 1220
Chicago, IL 60604
United States

Please allow up to four weeks for us to reply.

Data Protection Officer: We have appointed VeraSafe as our Data Protection Officer (“DPO”). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

VeraSafe
22 Essex Way #8203
Essex, VT 05451 USA
Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/