In connection with Subvia’s business, we collect and process, or may collect and process, the following Personal Data of Users:
· Contact information, which may include your name, physical and mailing address, telephone number and email address.
· Individual identifiers, including your date of birth, SSN or other national identification number, insurance information, driver’s license, photographs and employer.
· Payment information, including your payment instrument number and type (such as a credit card, debit card, and bank account), expiration date and security code.
· Financial information, including credit card number, bank routing numbers, tax information, taxpayer identification number, and other payment information, as applicable. To keep your financial data secure, we have contracted with a third party to maintain and process your payment card information.
· Payment history, such as historical payment records and identification of Services purchased through the Platform.
· Information regarding your electronic device(s) and IP address.
· Location information, such as geolocation data.
· Information regarding your use of the Platform or other services.
· Internet use information.
· Regulatory information (to satisfy tax and other regulatory or reporting obligations).
· Any other content you include in communications with other Users or communications with us through the Platform.
General. We collect Personal Data when you register an Account with us, when you visit our Sites, access or use the Platform, participate in a feature of the Platform that requests or requires your Personal Data and/or otherwise transact business with or communicate with Company.
Data Obtained for Marketing Purposes for Potential Customers or Others. We obtain marketing data from third parties that we use to inform Users and others of the Services offered by Users. The Personal Data collected generally includes the email address of Users and potential customers and may include their names and phone numbers. We use the contact information provided to communicate information regarding and to coordinate User Services.
Information collected may include and/or relate to your browser type, your mobile devices (i.e., including type, systems, networks, etc.), your desktop, your laptop, your tablet, your wearable devices, your operating system, your language preference, any referring web page you were visiting before you came to the Platform, the date and time of each visitor request and information you search for on the Platform. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on the Platform.
You can change your web browser settings at any time to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, the Platform may not function properly for you, and you may not be able to use some sections or functions of the Platform. To learn more about cookies and how to manage and delete them, visit http://www.allaboutcookies.org.
Data Obtained from Electronic Devices. Subvia may collect information related to your computers, phones, connected TVs, cable, internet, and other web-connected electronic devices you use that integrate with our Platform, and we may combine this information across different devices you use.
Information from Third Party Platforms. If you access the Platform or communicate with us using your Account or Account credentials from a third-party owned or operated platform/service (e.g., Amazon, Apple, AWS, Facebook, Google, Shopify, Twitter, etc.), post content from the Platform to a social network or use various social media features (e.g.,”Like” button), we may process certain information from the third parties, such as your username, “likes”, location, birthday, comments and reviews, preferences, network reach and influence, and any other information you provided to the third parties in connection with your Account. Depending on your Account and privacy settings, we may also be able to see information that you post when using these third parties whether or not you are an active customer. We may also collect Personal Data about you from our third party service providers who provide us with e-commerce and/or technical related support, including associated with functionality and the purposes of the Platform. The information you post or provide to third parties, as well as the controls surrounding these disclosures are governed by the policies of these third parties.
Special categories of data not collected. We do not actively collect or otherwise process Personal Data from minors. The age of a minor varies by jurisdiction. We also do not actively collect or otherwise process special categories of Personal Data, as identified in the European Union’s (“EU”) General Data Protection Regulation (“GDPR”), including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
These purposes include:
· The purposes for which you provided the Personal Data;
· To enable you to use the Services available through the Platform, including registering you for Services and verifying your identity and authority to use of Services;
· For customer support and to respond to your inquiries;
· For internal record-keeping purposes;
· To administer surveys, sweepstakes, promotions or contests;
· To track fees and process billing and payment including sharing with third-party payment gateways and payment service providers in connection with the Platform;
· To improve and maintain the Platform and for development of new products and services;
· To address fraud or safety concerns, or to investigate complaints or suspected fraud or wrongdoing;
· To periodically send promotional emails regarding new products from Subvia, special offers from Subvia or other information that may interest you;
· With your consent, to contact you by text message regarding certain Services or information you have requested;
· With your consent, to contact you by telephone or text message regarding Platform features, improvements, or other products and services that may interest you;
· For Subvia’s market research purposes, including the customization of the Platform according to your interests;
· To contact you about goods and services that may interest you or with information about your use of the Platform;
· For other research and analytical purposes; and
· To resolve disputes, to protect ourselves and other Users of the Platform, and to enforce any legal terms that govern your use of the Platform.
We may display information related to you or your business, including your name or your business’s name on your profile. If the information you provide us upon signing up for an Account differs from the information you provide us as part of the verification data we collect, we have sole discretion in determining which information will be displayed publicly on your profile. We may combine information that we collect from you through the Platform with information that we obtain from affiliated and nonaffiliated third parties, and information derived from any Services Users may provide. We may aggregate and/or de-identify information collected through the Platform. We may use de-identified or aggregated data for any purpose, including for research and marketing purposes and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters and/or others.
We may, either directly or through third parties we engage to provide services to us, review, scan or analyze your communications with other Users exchanged via the Platform or as otherwise described in this Policy for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research and customer support purposes. For example, as part of our fraud prevention efforts, we may scan and analyze messages to prevent fraud or improper actions. We may also scan, review or analyze messages for research and product development purposes, as well as to debug, improve and expand Services offerings of Users. By using the Platform or engaging in off-Platform communications tracked by Subvia, you consent that Subvia, in its sole discretion, may, either directly or through third parties we engage to provide services to us, review, scan, analyze and store your communications, whether done manually or through automated means.
We base our processing of Personal Data on the need to perform our contractual obligations under our license agreements and our legitimate activities as a Platform host and coordinator of Services. We also process Personal Data to comply with applicable law and to exercise our legal rights. We may also use your Personal Data for internal purposes, including auditing, data analysis, system troubleshooting and research. In these cases, we base our processing on legitimate interests in performing the activities of Subvia.
Disclosures of Personal Data. We may disclose or share your Personal Data with other parties in the following circumstances:
· Third-Party Service Providers. We use third-party service providers (or sub processors) to process Personal Data to facilitate your use of the Platform and in the operation of Subvia’s business. This includes providing Personal Data to third parties for their processing in performing functions on our behalf, particularly the functions listed above in the “HOW WE USE YOUR DATA” section. These functions include billing, sales, marketing, advertising, market research, fulfillment, data storage, analysis, processing, identity verification, fraud and safety protection, performing surveys, administering our Platform and providing technical support services. These third party providers will be contractually and/or legally required to protect Personal Data from additional processing (including for marketing purposes) and transfer in accordance with applicable laws.
· Affiliates. We may share your Personal Data with any Subvia Affiliate.
· Compliance with Law and Protecting our Legal Rights. We may disclose your Personal Data to regulatory bodies if we have a good-faith belief that doing so is required under applicable laws or regulations. This may include submitting Personal Data required by tax or other governmental authorities, or lawfully requested by governmental agencies, including law enforcement and judicial authorities. We may also disclose your Personal Data in order to exercise or defend our legal rights; to take precautions against liability; to protect the rights, property or safety of Subvia or any individual or third party; to maintain and protect the security and integrity of our information system; to protect Subvia against fraudulent, abusive, or unlawful acts; or to investigate and defend against third-party claims or allegations.
· Corporate Transactions. If a third party acquires all or substantially all of the assets of, or ownership interests in Subvia, whether by merger, acquisition, reorganization or otherwise, we may transfer Subvia’s database, including all Personal Data contained therein, to the acquiring entity.
· Aggregated and De-Identified Data. We reserve the right to disclose anonymized aggregated user statistics as well as non-personally identifiable information (such as anonymous usage data), to prospective partners, licensees, advertisers and other third parties.
We may store Personal Data that we have collected (through the means described herein) on our premises and in our information system at our facilities, in third party data centers, in the systems of third party service providers and/or in cloud storage solutions. Company stores all information in state of the art physical storage facilities and cloud storage. In doing so, Company uses appropriate physical, organizational and technological measures to protect the Personal Data you provide to us against loss or theft, and unauthorized access, disclosure, copying, use, or modification. This includes our limiting access to a “need-to-know” basis.
However, NO ELECTRONIC DATA TRANSMISSION CAN BE GUARANTEED TO BE SECURE FROM ACCESS BY UNINTENDED RECIPIENTS AND COMPANY WILL NOT BE RESPONSIBLE FOR ANY BREACH OF SECURITY UNLESS THIS BREACH IS DUE TO ITS GROSS NEGLIGENCE. Although we are committed to employing reasonable technology in order to protect the security of the Platform, even with the best technology, no website is 100% secure. In transacting business with us through the Platform, you assume the risk inherent in transacting business online.
To offer our Platform and facilitate the delivery of Services to you, Company relies on plugins and services from third parties such as internet service providers, email service providers and plugins, calendar plugins, Customer Relationship Management (CRM) systems, credit card processors and third party data storage. To the extent these providers have access to your Personal Data, we will attempt to require that they are legally and/or contractually committed to comply with applicable privacy laws. In the case of credit card processors, we require that they be PCI DSS-compliant. However, WE CANNOT GUARANTEE WITH CERTAINTY THAT THE COMPUTER SYSTEMS AND STORAGE SYSTEMS WHEREON THESE SERVICES ARE OFFERED WILL NOT BE ACCESSED BY UNAUTHORIZED PARTIES. This is a risk inherent in providing any information or, or conducting any business, online. In transacting business with us through the Platform, you assume the risk inherent in transacting business online.
If we receive any Personal Data that is transferred from the EEA (“European Economic Area”), we may implement standard data protection clauses with our third party service providers to reasonably address protection of such data.
Company uses technical and organizational measures to protect the Personal Data that we store, transmit or otherwise process, against accidental or unlawful destruction or disclosure, loss, alteration or unauthorized access. Our security controls and risk management program and processes are designed to implement appropriate technological and organizational measures to ensure a level of security appropriate to the risks. We employ physical, procedural and/or technological security measures to help protect your Personal Data from unauthorized access or disclosure. Company may use encryption, passwords and physical security measures to help protect your Personal Data against unauthorized access and disclosure. We regularly consider appropriate new security technology and methods. Security measures implemented may include:
· Web and database servers are protected using firewalls;
· Passwords used for Account registration require minimum password strength attributes;
· User access is tracked;
· Role-based security is applied to system access;
· Use of data encryption;
· Use of RC4 256-bit Transport Layer Security (TLS) technology where customer data traverses public networks;
· Vendor-supplied patches are reviewed and tested for compatibility before installation;
· Regular system backups are made;
· Regular maintenance is performed on systems;
· Systems are monitored for security;
· Data requiring a higher level of protection, such as payment card account numbers, are processed via a third-party vendor that specializes in the payment processing and is PCI DSS-compliant;
· Security assessments are performed on third-party vendors with access to Personal Data;
· All Company employees are contractually obligated to maintain the confidentiality of Personal Data accessible through their employment; and
· All Company employees are required to attend regular security and awareness training.
No security measures, however, are 100% failsafe. Therefore, WE DO NOT PROMISE AND CANNOT GUARANTEE, AND THUS YOU SHOULD NOT EXPECT, THAT YOUR PERSONAL DATA OR COMMUNICATIONS WILL NOT BE COLLECTED, DISCLOSED AND/OR USED BY OTHERS. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, keeping your log-in and password private and not recycling passwords from other websites or accounts. SUBVIA IS NOT RESPONSIBLE FOR THE UNAUTHORIZED USE OF YOUR INFORMATION, NOR FOR ANY LOST, STOLEN OR COMPROMISED PASSWORDS, OR FOR ANY ACTIVITY ON YOUR ACCOUNT VIA UNAUTHORIZED PASSWORD ACTIVITY.
Company processes Personal Data for a reasonable period of time to fulfill the processing purposes mentioned above. Personal Data is then archived for time periods as required or necessitated by law or legal considerations. Company reserves the right to delete a User’s data, including Personal Data provided by that User, from its system after 30 days from the date of termination of its agreement with the applicable User. Company also deletes Personal Data in response to a User’s request, as set forth in the “YOUR RIGHTS RELATING TO YOUR DATA” section below.
Company reserves the right to retain usage data relating to the Services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws. With respect to any Personal Data collected by us for marketing or for our own internal purposes, we will retain that data for a reasonable time in order to fulfill those purposes.
We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Data is only stored and archived in alignment with our retention policy.
Company does not discriminate against those who opt-out. However, opting out may prevent us from conveniently and efficiently providing further, product support services and information to you.
Unsubscribing to Marketing Communications. In particular, if we are sending you email communications of a marketing nature, an ‘unsubscribe’ option is provided in the footer of every email. You may also contact us directly to unsubscribe to marketing emails or other marketing communications, at the contact information set forth in the “COMPANY’S CONTACT INFORMATION” section below. If you have agreed to receive marketing communications, you may always opt out at a later date.
The Platform is not intended or designed to be used by anyone under the age of 18. It is not meant to be attractive to anyone under the age of 18, or to have any value or use by anyone under the age of 18. Company does not collect Personal Data from any person it knows to be under the age of 18. If you are under 18, DO NOT TRANSACT WITH US OR ANY MEMBER THROUGH THE PLATFORM OR OTHERWISE, AND DO NOT SEND ANY PERSONAL DATA.
This section applies to California residents only.
*Please note that the CCPA does not apply to Company as of the date first written above. However, if it is determined that the CCPA does apply, Company will apply this section to California residents.
· California Consumer Privacy Act Notice. These additional disclosures for California residents apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires business collecting or disclosing Personal Data to provide notice of rights California residents have and can exercise.
· California Notice of Collection. Pursuant to Section 1798.110 of the CCPA, the categories of Personal Data that we have collected about individual consumers in the preceding twelve months are:
o Identifiers, including name, address, email address, account name, Social Security Number, IP address and an ID number assigned to your Account.
o The categories of Personal Data listed in the California Customer Records Statute, including name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
o Customer records, including phone number, billing address, credit or debit card information, employment and education information.
o Demographic information, such as your age or gender. This category includes pieces of Personal Data that also qualify as protected classification characteristics under other pre-existing California or federal laws.
o Commercial information, such as transaction data.
o Financial data, such as payment information.
o Internet and other network and device activity, such as IP address, unique device, advertising, and app identifiers, browsing history and other usage data.
o Geolocation data, including location enabled services such as WiFi and GPS.
o Sensory information, such as audio recordings if you call our customer service.
o Inferences about personal preferences and attributes drawn from profiling (e.g., using cookies).
o Information that identifies or can be reasonably associated with you, such as user generated content (e.g. reviews).
· Shine the Light law. Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Data the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. Company does not presently share any information with third parties for direct marketing purposes. However, to submit such a request, you can contact us as set forth in the “COMPANY’S CONTACT INFORMATION” section below.
· Right of Access. As a California resident, you have a right to access your Personal Data, up to twice a year at no charge, including:
o The categories of Personal Data Company collects about you,
o The categories of sources of your Personal Data,
o The business or commercial purpose for collecting or selling your Personal Data,
o The categories of any third parties with whom the business shares your Personal Data, and
o The specific pieces of Personal Data collected about you.
We do not currently sell your Personal Data, but if decide to do so, you may begin the data request process by clicking HERE.
· Right to Request Deletion of Data. As a California resident, you have the right to request deletion of your Personal Data, subject to certain exceptions, such as where the information is needed to provide services to you, or for security or legal reasons. We do not currently sell your Personal Data, but if decide to do so, you may begin the data deletion process by clicking HERE.
· Right to Non-Discrimination. As a California resident, you have the right to not be discriminated against for exercising your rights under the CCPA, such as denial of services or higher pricing.
· Right to Opt Out. As a California resident, you have the right to opt out of having your Personal Data sold. We do not currently sell your Personal Data, but if decide to do so, you may begin the opt out process by clicking HERE.
You can exercise your rights under the CCPA by contacting us at the contact information set forth in the “COMPANY’S CONTACT INFORMATION” section below.
Company may require you to provide sufficient information to permit us to provide an account of the existence, use and disclosure of Personal Data. The information provided shall only be used for this purpose.
This section applies only to residents of the European Economic Area.
*Please note that the Platform is currently not available in the EEA, and therefore, the GDPR does not apply. However, if it is determined that the GDPR does apply, Company will apply this section to EEA residents.
Under the EU’s General Data Protection Regulation (GDPR), individuals who are residents of the EEA have certain data subject rights regarding their Personal Data. These rights may include:
If you wish to exercise any of these rights, please send your request to the contact person set forth in the “COMPANY’S CONTACT INFORMATION” section below.
Company may require you to provide sufficient information to permit us to provide an account of the existence, use, and disclosure of Personal Data. The information provided shall only be used for this purpose.
Company Name: Subvia, Inc.
Address: 1557 W Innovation Way, 5th Floor, Lehi, UT 84043
Phone: 1-855-202-5214 (toll-free)
If you wish to report a complaint or if you feel that Subvia has not addressed your concerns in a satisfactory manner, you may also contact your state or local data protection authority.