Privacy and Compliance
Effective Date: March 11, 2022
Last Updated: January 26, 2023
Your continued use of the Sites signifies consent to this Policy as may be amended from time to time.
This Policy complies with the European Union’s General Data Protection Regulation and the European Union (Withdrawal) Act 2018 (“UK GDPR” and collectively, (“GDPR”) and the California Privacy Rights Act (“CPRA”), and describes how we collect, use, share and secure the personal information that may be used to identify you as a visitor to the Site or that you provide as our customer.
Please read this Policy before using the Site or submitting any personal information. By using the Site, you are accepting the practices described in this Policy. The use of information collected through our services shall be limited to the purpose of providing the services that our clients (“Client”) have engaged Suddath to provide. Note: the privacy practices set forth in this Policy is for our Site only. If you link to other websites, please review the privacy policies posted on those web sites.
Legal Basis of Processing
The legal bases for collecting and processing your personal information are: a) your consent for the purposes listed in this Policy; b) you may be a potential customer who contracts with Suddath to perform various services; and c) Suddath may be required to comply with certain legal or governmental obligations.
Suddath collects and processes your personal information in accordance with applicable data protection and privacy laws and will only share your personal information with third parties if there is a legitimate and lawful reason to do so.
Suddath is responsible for the processing of personal data it receives, and subsequently transfers to a third party acting as an agent on its behalf. Suddath is committed to protecting your personal information by (i) performing due diligence on such third parties processing your personal information; and (ii) by ensuring the appropriate standard contractual clauses are in place with such third parties.
Suddath complies with the applicable standard contractual clauses for all onward transfers of personal data from the EEA, the United Kingdom and Switzerland, including the onward transfer liability provisions. Personal data received by Suddath from the European Economic Area (EEA), the United Kingdom and Switzerland, respectively, will be collected and processed in accordance with the appropriate data protection and privacy laws and standard contractual clauses.
Collection and Use of Information
Collection of Information – We may collect the categories of personal data listed below when voluntarily submitted by our visitors to the Site:
- Name and Role details: name; work/company information (job title/level);
- Contact details: email; mailing/work address; tel./fax number; device ID; IP address; as well as imported contacts when done with notice and affirmative permission of the user;
- Financial information: Financial account number; credit/debit card number; EIN
- Transactional and purchase/payment details: billing address; payment method; account holder information; and credit or debit card numbers;
- Employer/employee information: company name, and titles;
- Customer service information: for newsletters or marketing efforts;
- Usage data: relating to visits, clicks, downloads, messages sent/received, and other usage of sites, mobile apps, platforms, and services offered by the customer.
- Server log file info: automatically gathered server log file information when user visit websites, including IP address, time/date stamp, browser type, referring and exit web pages, the files viewed on our sites and services (e.g., HTML pages, graphics, etc.), and your operating system;
- CRM information: customer relationship data and business account/sales information; influence ranking; product utilization ranking; and purchase amount ranking.
We may also combine the information we collect about you with demographic, geolocation, and interest-based segment data, along with event-based data from third-party providers.
Use of Information – The information you provide is used:
- To provide services you have requested or purchased.
- To communicate with you about our current offerings and services.
- To authenticate users, and to prevent and detect fraud and misuse of our Site and services.
- To evaluate the performance of our sites and services.
- To comply with legal requirements.
- To measure performance.
- To provide customer service support or to respond to your inquiries;
- For marketing purposes, and to inform you on global mobility trends or industry insights.
- In other ways, in accordance with your consent.
We do not share, sell, rent or trade personal with third parties for their promotional purposes. We will share your personal information with third parties only in the ways that are described in this Policy (see the section entitled “Service Providers” below).
Technologies such as cookies, beacons, tags, scripts, chatbots, replay software, or similar technologies are used by Suddath and our marketing partners, affiliates, and customer support. These technologies are used to maintain, track, or analyze the functioning of the Sites or online service, serve contextual advertising on the Sites or online service, authenticate users of, or personalize the content on the Sites or online service (e.g. language preferences), or contact the individual. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
As is true of most web sites, we gather certain information automatically and store it in log files. This information includes, but may not be limited to, Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, to improve marketing, analytics, or site functionality.
Interest-Based Advertising – We may partner with a third party to either display advertising on our Site or to manage our advertising on other sites. Our third-party partners may use technologies such as cookies to gather information about your activities on this Site and other sites in order to provide you advertising based upon your browsing activities and interests.
To opt-out of interest-based advertising by participating companies in the following consumer choice mechanisms, please visit:
- Digital Advertising Alliance (DAA)’s self-regulatory opt-out page (http://optout.aboutads.info/)
- European Interactive Digital Advertising Alliance (EDAA)’s consumer opt-out page (http://youronlinechoices.eu)
- Network Advertising Initiative (NAI)’s self-regulatory opt-out page (http://optout.networkadvertising.org/)
Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Sharing of Information
We do not share, sell, rent or trade personal data with third parties for their promotional purposes. We will share your personal information with third parties only in the ways that are described in this Policy (see the section entitled “Service Providers” below).
We may use third parties to facilitate and provide our services. We will share only that personal data which is relevant to the services being provided by the third party. These third parties are authorized to use your personally identifiable information only as necessary to provide these services to us and for no other purpose.
Distribution of Information
We will share your personal data with third parties only in the ways that are described in this Policy. We do not sell your personal information to third parties. We reserve the right to disclose your personal data (i) to governmental agencies, public authorities, or other companies assisting us in fraud prevention or investigation; (ii) as required by law; and (iii) when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our Site. We will only disclose personal data to governmental agencies or other companies when trying to protect against or prevent actual or potential fraud or unauthorized transactions or investigating fraud which has already taken place. Personal data is never provided to these governmental agencies or companies for marketing purposes. We may also disclose your personal information to any other third party with your prior consent.
Social Media Widgets
Our Site offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them indefinitely. To request removal of your personal data from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. We encourage all users to exercise caution when providing personal information in the blogs or community forums.
Commitment to Data Security
We use reasonable measures to safeguard the security and integrity of your PII. Only authorized employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information.
The security of your PII is important to us. When you enter sensitive information, we encrypt that information using transport layer security technology (“TLS”) and Secure HTTP. To learn more about TLS, follow this link: http://www.webopedia.com/TERM/T/TLS.html
We follow generally accepted industry standards to protect PII submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your PII, we cannot guarantee its absolute security. If you have any questions about security on our Site, you can email us at email@example.com.
Accessing, Updating, Deleting and Transferring Your Personal Data
Suddath acknowledges that you have the right to access your personal data. Upon request, Suddath will provide you with information about whether we hold any of your personal data. You also have the right to request a copy of all PII that you have provided to us, as well as, have Suddath transmit such personal data directly to another controller.
When the legal basis for processing your personal data is based on consent, you have the right to withdraw consent at any time. In certain circumstances, however, we may be required by law to retain your personal information or may need to retain your personal information in order to continue providing a service, resolve disputes or enforce our agreements. When the purpose for processing your personal data is based on contract, we may not be able to continue providing services to you without such personal information and we may have to terminate our relationship.
Please note that for personal information about you that we have obtained or received for processing on behalf of Client (controllers who determined the means and purposes of processing) all such requests should be made to Client directly. We will honor and support any instructions they provide us with respect to your personal information.
We will retain your information for only as long as necessary for legitimate business purposes, or as necessary to comply with our legal obligations, resolve disputes or enforce our agreements. If you wish to cancel your account or request that we no longer use your information to provide you services, please contact us at firstname.lastname@example.org.
You may sign-up to receive emails, newsletters or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or at your member profile on the Site or by contacting us at email@example.com.
Emails generated by the Site are for the sole purpose of facilitating your requested services. An opt-out option is available to you.
Children’s Online Privacy
The Site is not directed at or intended for children under the age of 13. We do not knowingly collect personal data on the Site directly from children and will destroy such information if we become aware that a child has disclosed such information to us without consent from a parent or guardian.
California Privacy Rights
California Civil Code Section § 1798.83 permits users of our sites or services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org or contact us as described in this Privacy Notice.
Currently, various browsers offer a “do not track” or “DNT” option which sends a signal to websites visited by the user about the user’s browser DNT preference setting. We do not currently commit to responding to browsers’ DNT signals with respect to the Sites, in part, because no common industry standard for DNT has been adopted, including no consistent standard of interpreting user intent.
We reserve the right to modify this Policy at any time, so please review it frequently. If we make material changes to this Policy, we will notify you here, by email, or by means of a notice on our home page. Any changes to the Policy will only apply to activities and information on a going forward, not retroactive, basis.
- By e-mail: email@example.com
- By Phone: (888) 799-5033 or (904) 390-7100 ext. 1254
- By Mail: The Suddath Companies, 815 South Main Street, Jacksonville, Florida 32207
If you would like to act on your Individual Rights (modify, access, or portability) please click here and fill out the form. Once we receive the completed form your request will be processed within 30 days (for small changes) or 90 days (for more complex requests).
Should you wish to take any complaints or questions further, you have the right to contact your local data protection regulator (which, in the UK, is the Information Commissioner’s Office) regarding such issues.