Privacy Shield Statement
Effective from 30 September, 2016.
Yapstone Holdings, Inc. (USA) and our subsidiaries and affiliates that are incorporated in any state or territory of the United States (“Yapstone” or “we”, “us” or “our”) (“Yapstone”) participates in the EU-U.S. Privacy Shield Framework https://www.privacyshield.gov and complies with the EU-US Privacy Shield Principles regarding the collection, storage, use, processing and transfer of certain Personal Information from the European Union.
Further information regarding the Privacy Shield Framework and certification process can be found at https://www.commerce.gov/page/eu-us-privacy-shield. The U.S. Department of Commerce maintains lists of all U.S.-EU Privacy Shield compliant organizations, which can be accessed at https://www.privacyshield.gov/list.
Yapstone’s participation in the Privacy Shield applies to all Personal Information received from the European Union. This may include:
- Information that you provide by filling in forms, applications, or as part of our customer due diligence procedures. This includes information provided at the time of registering to use our website, subscribing to the Service, posting material or requesting further services. We may also ask you for information when you report a problem with our website.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out through our services and of the fulfilment of your transactions.
- Details of your visits to our websites including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- When you initiate a payment transaction, we also collect financial information such as credit card, debit card, or bank account details, which we may provide to marketplace partners that are providing products or services to you.
- For transaction volumes over a certain limit, we are legally required to report some personal data to the authorities.
- For verification purposes we reserve the right to request proof of identification in an offline format. This may include passport, drivers license, utility bill, company information, or other items we deem necessary to establish identity, residence, or place of business. Such proofs of identification may be stored electronically on our servers in order to comply with our legal and regulatory obligations.
- Your IP address, computer information, and access times may be tracked against your records with us for purposes of preventing fraud, establishing your identity, and creating an audit trail when using the services of YapStone.
- Competitions may be made available on our website from time to time. You do not have to participate in these, however if you choose to you may be asked to disclose some personal information. At the time of entering the competition it will be made clear to you who will have access to your personal information and why. You are not obliged to continue with your competition entry, however if you do so you accept that you may receive a prize.
- Information about your computer, including where available your IP address, operating system and browser type.
- As well as any other Personal Information that we may notify you about.
We also collect Personal Information from our EEA employee(s) (and any and all dependents thereof), including, but not limited to, temporary, permanent, and former employees, directors, contractors, workers and retirees. For purposes of this Statement only, the term EEA employee(s) shall also include any of our EEA independent contractors and job applicants.
To the extent that there is any conflict between this Privacy Shield Statement and any of our Privacy Policies, this Privacy Shield Statement shall prevail. Nothing in any of our Privacy Policies nor this Privacy Shield Statement shall diminish or limit any rights that you may have under the Privacy Shield Principles.
Collection and use of Personal Information
Yapstone will only collect and use Personal Information for credit and identity checks, the provision of products and services which will be notified to you from time to time, the provision of support and dealing with customer queries, direct marketing, for purposes later authorized by you and for each case compatible purposes only. If Yapstone uses your Personal Information for a purpose that is materially different than the purposes described in this section or in any of the Privacy Policies Yapstone will provide you with the opportunity to opt out of this use. Please see the section on Individual’s Rights below. If Yapstone uses your Personal Information for a purpose that is materially different than the purposes described in this section or in any of the Privacy Policies Yapstone will provide you with the opportunity to opt out of this use. Please see the section on Individual’s Rights below.
Yapstone does not collect sensitive information (as defined in the Privacy Shield Principles) and will not otherwise share your sensitive information with anyone unless you give your explicit consent to share your sensitive information.
With respect to personal information received from our EEA employee(s), Yapstone commits to comply with the Supplemental Principles on Human Resources Data, including the application of the Notice and Choice Principles, the Access Principle and the Accountability for Onward Transfer Principle and will cooperate and will comply with any advice given by with the EU Data Protection Authorities in conformity with the Enforcement Principle.
Personal Information will only be kept in a form identifying, or making identifiable, you for so long as the Personal Information serves the purposes described above.
Data Transfers to Service Providers and Third Parties
Yapstone may share Personal Information with a limited number of our related entities and third-party service providers or agents who process Personal Information on our behalf (“Service Providers”), for limited and specified purposes in relation to the Services. Yapstone shall ascertain that the Service Providers are obligated to provide the same level of privacy protection as required by the Privacy Principles; will take reasonable and appropriate steps, including entering into written contracts, to ensure that the Service Providers process your Personal Information in accordance with this Privacy Shield Statement and the Privacy Principles; will require the Service Providers to notify Yapstone if the Service Provider cannot do so; and on notice, will take reasonable and appropriate steps to stop and remediate any unauthorized processing by any Service Provider.
Yapstone will remain liable under the Privacy Shield if the Service Providers process your Personal Information in a way that is inconsistent with the Privacy Shield Principles, except where Yapstone is not responsible for the event giving rise to the loss, damage or expense.
Yapstone may share Personal Information with third parties or data controllers not acting on its behalf (“Third Parties”), for the purposes described in the Privacy Policies. We will only share your Personal Information with Third Parties if you have not opted-out of such disclosures, or in the case of sensitive information, where you have provided affirmative express consent, if the Privacy Shield requires consent, to such disclosure. Yapstone shall ensure that there is a contract with the Third Party that provides that your Personal Information may only be processed for limited and specified purposes consistent with those in the Privacy Policies and this Privacy Statement; that the Third Parties are required to provide the same level of privacy protection as required by the Privacy Principles and to notify Yapstone if they determine that they cannot do so. Where such a determination is made the Third Party will be required to cease processing or take such other reasonable and appropriate steps to remediate. This sets out the entire liability of Yapstone under the Privacy Shield if the Third Parties process your Personal Information in a way that is inconsistent with the Privacy Shield Principles or this Privacy Shield Statement
Yapstone may be required to disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Yapstone maintains reasonable and appropriate security measures to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction taking into due account the risks involved in the processing and the nature of the personal data.
EU individuals have the right to access their Personal Information and to correct, amend or delete it where it is inaccurate or has been processed in violation of this Privacy Statement, as set out in the Privacy Shield. If you wish to exercise these rights please contact the Yapstone Privacy Officer at firstname.lastname@example.org or using the details below.
Questions and Complaints
If you have any questions, concerns, or complaints regarding Yapstone’s collection, storage, use, or transfer of your Personal Information or compliance with the Privacy Shield, Privacy Statement or any Privacy Notice, please contact the Yapstone Privacy Officer at email@example.com or using the details below. The Yapstone Privacy Officer will endeavor to investigate and attempt to resolve any complaints within 45 days.
Yapstone has also appointed the American Arbitration Association https://www.adr.org, an independent resolution body, to resolve your complaints in relation to our compliance with the Privacy Shield Principles that are not resolved by the Yapstone Privacy Officer. The services of the American Arbitration Association are free of charge, and details of how your complaint will be handled may be found at https://info.adr.org/safeharbor/.
If your complaint has not been resolved by the Yapstone Privacy Officer, or by the American Arbitration Association or the US Department of Commerce, having given each of them an opportunity to do so, you may apply for binding arbitration as set out in the Privacy Shield: Annex I (Binding Arbitration).
For purposes of enforcing compliance with the Privacy Shield, Yapstone is subject to the investigatory and enforcement powers of the Federal Trade Commission and other U.S. authorized statutory bodies.
Yapstone Privacy Officer
Yapstone Holdings, Inc.
2121 N. California Boulevard, Suite 400
Walnut Creek, CA 94596