Eleven Systems, LLC
Privacy Policy

Last Updated Date: July 21, 2023

 

This “Privacy Policy” describes the privacy practices of Eleven Systems, LLC and our subsidiaries and affiliates (collectively, “Eleven Systems”, “we”, “us”, or “our”) in connection with the www.elevensystems.com website, the application, platform (e.g., 11 Financial, 11 Property, and 11 Messages), and any other website, application or platform that we own or control and which posts or links to this Privacy Policy (collectively, the “Services”), and the rights and choices available to individuals with respect to their information.

Eleven Systems may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information. These supplemental privacy policies will govern how we may process the information in the context of the specific product or service.

You can download a printable copy of this Privacy Policy here.

California Notice at Collection/State Law Privacy Rights: See the State Law Privacy Rights section below for important information about your rights under applicable state privacy laws.

Table of Contents

Personal Information We Collect

Information you provide to us. We may collect the following personal information from you (e.g., customers of our Services) through or in connection with the Services. The information collected will vary based on which Services are used.

  • Contact information, such as your and your authorized users’ first and last name, email addresses, mailing addresses, phone numbers, photo, and social media usernames. We require that you provide an email address and either your first or last name to create an account on the Services. Other contact data is optional.
  • Demographic information, such as your city, state, country of residence, postal code, and age.
  • Content you choose to upload to the Services, such as documents (e.g., financial statements, investment related documents, property related documents), text, images, audio files, and videos, along with the metadata associated with the files you upload.
  • Profile information, such as your and your authorized users’ username and password that you may set to establish an online account with us, your interests and preferences, gender, and any other information that you add to your account profile. Please note that your username will be the email address you supplied.
  • Property information, such as property descriptions, files, images, parameters for security cameras, door access logs, notifications and issues created by you and your staff, inventory information, contacts, precise geolocation of your property, budgeting and operations data, and checklists. If you enter a secured door that has an associated security camera, your entry will be recorded as part of the door access log.
  • Travel information, such as, for each traveler, the name of airline or carrier, hotel accommodation and/or vessel, port of destination, port of arrival, date and time of departure and/or check-in, date and time of arrival and/or check-out, dietary preferences, and luggage information.
  • Medical information, such as information about your height and weight, medical conditions, current or prior injuries, physical condition, and allergies.
  • Financial information, such as financial account information (e.g., account name, account number, transactions, and balances), operational data, financial statements, analytics derived from the operational and account data, and notifications.
  • Investment information, such as data on specific investments, notes that describe specific investments, analytics based on defined investments, names of investors, and notifications.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
  • Usage information, such as information about how you use the Services and interact with us, including information associated with any content you upload to the Services or otherwise submit to us, any changes you make to the database, activity logs for the applications, and information you provide when you use any interactive features of the Services.
  • Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
  • Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Information we obtain from authorized family office users. We may receive personal information about you from authorized family office users. For example, an authorized family office user may share your financial information or investment information through or in connection with the Services.

Automatic data collection. If you use our Services or communicate with us, we, our service providers, and ourbusiness partners may automatically log the following types of information about you, your computer or mobile device, and your interactions over time with us:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area. If you opt to have full geolocation enabled to assist with creating messages or tracking travel (typically only needed for Property services users), then geolocation data is also collected.
  • Service activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, changes you make to the database, activity logs for the applications, information you provide when you use any interactive features of the Services, information about your activity on a page or screen, access times and duration of access.
  • Precise geolocation data when you authorize our mobile application to access your device’s location.
  • Data about others. We may offer features that enable users to complete forms and provide information about their family members or other guests to use the Service, and we may collect the above information about these guests so we can deliver the Services to them. Please do not share information about others with us unless you have their permission or are otherwise authorized to do so.

How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

Service delivery. We use your personal information to:

  • Provide and operate the Services;
  • facilitate your travel arrangements and holiday bookings;
  • establish and maintain your account or profile;
  • enable security features of the Services, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
  • communicate with you, including by sending you announcements, updates, security alerts, and support and administrative messages; and
  • understand your needs and interests, and personalize your experience with the Services and our communications;
  • provide support and maintenance for the Services, and respond to your requests, questions and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Services. As part of these activities, we may create aggregated, de-identified or anonymous data from personal information we collect. We may use this aggregated, de-identified or anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our Services.

Compliance and protection.We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • enforce the terms and conditions that govern the website or otherwise; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent. In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

Retention

We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

How We Share Your Personal Information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:

Affiliates. Our corporate parent and affiliates, for purposes consistent with this Privacy Policy.

Service providers. Third parties that provide services on our behalf or help us operate the Service (such as customer support, hosting, analytics, information technology, and email delivery)

Travel partners. Our travel partners who provide the Services (such as to book a tour or other travel service, and sharing personal details, contact information, preferences, requests, accommodations, and other information with suppliers of tours).

Business partners. Third parties with whom we collaborate on joint activities, with whom we have entered into joint ventures.

Professional advisors. Professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transfers. Acquirers and other relevant participants in business transactions (or negotiations and diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Eleven Systems or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Other Users Your profile and other user-generated content data (except for messages) may be visible to other users of the Service. For example, other users of the Service may have access to your information if you chose to make your profile or other personal information available to them through the Service. This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information.”

Your Choices

You have the following choices with respect to your personal information.

Access, Update, or Delete Your Information. If you have established an account with us, you may review, update, or delete certain account information by logging into the account.

Cookies. Please see our Cookie Notice.

Mobile Location Data. You can disable our access to your device’s precise geolocation in your mobile device settings.

Privacy settings. We make available certain privacy settings on the Service, including options to control whether certain information is displayed to other users, such as when investment owners allow investors to view certain information regarding an investment. Users of our mobile application also have the choice whether to allow us to access your precise location data. Your device settings may provide the ability for you to revoke our ability to access location data.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Delete your content or close your account. You can choose to delete certain content through your account. If you wish to request to close your account, please contact us.

Other Sites, Mobile Applications, and Services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Security practices

We employ organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfers

We have offices in the United States and have service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country.

Children

Our website is not intended for use by children under 18 years of age. If we learn that we have collected personal information through our website or mobile applications from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it. We encourage parents or guardians with concerns to contact us.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our website. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you.

Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the website or mobile applications, or submission of personal information to us after the effective date of any modified Privacy Policy, indicates your acceptance of the modified Privacy Policy.

How to Contact Us

Please direct any questions or comments about this Policy or privacy practices to privacy@elevensystems.com. You may also write to us via postal mail at:

Eleven Systems, LLC

Attn: Information Security Manager

221 North Hogan Street, Suite 403

Jacksonville, FL 32202

State Law Privacy Rights

Scope.  Except as otherwise provided, this section applies to residents of California, Virginia, and other states where privacy laws applicable to us grant their residents the rights described below, including the California Consumer Privacy Act (“ CCPA ”).  

For purposes of this section, “personal information” has the meaning given to “personal data”, “personal information” or similar terms under the applicable privacy laws of the state in which you reside.  Please note that not all rights listed below may be afforded to all users and that if you are not a resident of the relevant states, you may not be able to exercise these rights.

In some cases, we may provide a different privacy notice to certain categories of residents of these states in which case that notice will apply with respect to the activities it describes instead of this section.  

Your Privacy Rights.  You may have the rights listed below. However, these rights are not absolute and in certain cases, we may decline your request as permitted by law.  

  • Information/know. You can request whether we have collected your personal information, and in certain cases, information about how we used and shared it during the past 12 months. For example, if you are a California resident, you can request information about the categories of personal information that we have collected; the categories of sources from which we collected personal information; the business or commercial purpose for collecting, sharing and/or selling personal information; the categories of any personal information that we sold or disclosed for a business purpose; and the categories of any third parties with whom personal information was sold, shared or disclosed for a business purpose.
  • Access. You can request a copy of the personal information that we have collected about you.
  • Correction. You can request that we correct inaccurate personal information that we have collected about you.
  • Deletion. You can request that we delete the personal information we collected from you. Please note that once we process a deletion request, we will be unable to provide any online or digital services to you or support for past products or services that you may have purchased.
  • Opt-out.
    • Opt-out of sales of personal information. You can opt-out of the “sale” of your personal information, as such term is defined under applicable state laws. We do not “sell” your personal information for monetary or other consideration in a manner restricted by applicable state laws, and have not done so in the preceding 12 months.
    • Opt-out of profiling. You can request to opt-out of certain “profiling” as defined in applicable privacy laws, which may include automated processing to analyze or predict your interests or other behavior.
  • Nondiscrimination.  You are entitled to exercise the rights described above free from discrimination as prohibited by applicable privacy laws.

How to Exercise Your Rights.

  • Information/know, access, correction, and deletion.  You may submit requests to exercise these by calling us toll free at +1 (866) 714-7144, or via email to privacy@elevensystems.com.  We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.  In certain states, you may have the right to ask to appeal any denial of your request, which you may exercise in the same manner through which you may submit a request.  
  • Verification of Identity.  We may need to verify your identity in order to process your information/know, access, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require authentication into your Service account, government identification, a declaration under penalty of perjury, personal identifiers we can match against information we may have collected from you previously, confirmation of your request using the email address or telephone number associated with your account, or a declaration under penalty of perjury, where permitted by law.

Authorized Agents. Your authorized agent may be able to make a request on your behalf.  However, we may need to verify your authorized agent’s identity and authority to act on your behalf.  We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request.

Additional information for California residents. The following describes our practices currently and during the past 12 months:

  • Sales/sharing. We do not “sell” personal information as defined by the CCPA. We do not have actual knowledge that we have sold or shared the personal information of California residents under 16 years of age.
  • Sensitive personal information. We do not use or disclose sensitive personal information for purposes that California residents have a right to limit under the California Consumer Privacy Act.
  • Retention. We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention).  Whether the retention period is sufficient to fulfill such purposes is the primary criteria for determining the duration of the retention period.  
  • Deidentification. We do not to attempt to reidentify deidentified information derived from personal information, except that we may do so to test whether our deidentification processes comply with applicable law.
  • Personal Information that we Collect, Use and Disclose. In the list below, we describe our personal information practices by reference to the categories in the “Personal Information we Collect” section above and the categories described in the CCPA (Cal. Civ. Code Section 1798.140(v)). Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below. We may also disclose personal information to business transferees, authorities and others, and professional advisors as described above in the How we share your personal information  section of this Privacy Policy.  For information about the categories of sources of this information, see the section above entitled Personal Information We Collect .  For information about the purposes for collecting, using, and disclosing personal information, see the section above entitled How We Use Your Personal Information.
  • Contact Information
    • CCPA statutory categories: Identifiers, California customer records
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates, and Business partners
    • Categories of third parties to whom we share for interest-based advertising: None
  • Demographic Information>
    • CCPA statutory categories: Identifiers, California customer records, Commercial information
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates, and Business partners
    • Categories of third parties to whom we share for interest-based advertising: None
  • Content you choose to upload to the Services
    • CCPA statutory categories: Identifiers, California customer records, Commercial information, Financial information
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates
    • Categories of third parties to whom we share for interest-based advertising: None
  • Property Information
    • CCPA statutory categories: Identifiers, California customer records, Commercial information
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates  
    • Categories of third parties to whom we share for interest-based advertising: None
  • Travel Itinerary Information
    • CCPA statutory categories: Identifiers, California customer records, Commercial information
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Travel partners, Affiliates
    • Categories of third parties to whom we share for interest-based advertising: None
  • Medical Information
    • CCPA statutory categories: Identifiers, California customer records, Medical information
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates
    • Categories of third parties to whom we share for interest-based advertising: None
  • Financial Information
    • CCPA statutory categories: Identifiers, California customer records, Commercial information, Financial information
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates
    • Categories of third parties to whom we share for interest-based advertising: None
  • Investment Information
    • CCPA statutory categories: Identifiers, California customer records, Commercial information, Financial information
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates
    • Categories of third parties to whom we share for interest-based advertising: None
  • Profile Information
    • CCPA statutory categories: Identifiers, Commercial information, California customer records
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates, and Business partners
    • Categories of third parties to whom we share for interest-based advertising: None
  • Feedback or correspondence data
    • CCPA statutory categories: Identifiers, Commercial information, California customer records, Internet or network information, Sensitive personal information
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates, and Business partners
    • Categories of third parties to whom we share for interest-based advertising: None
  • Device data
    • CCPA statutory categories: Identifiers, Internet or network information  
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates
    • Categories of third parties to whom we share for interest-based advertising: None
  • Online activity data
    • CCPA statutory categories: Identifiers, Commercial information, Internet work network information
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates
    • Categories of third parties to whom we share for interest-based advertising: None
  • Data derived from the above
    • CCPA statutory categories: Inferences
    • Categories of third parties to whom we disclose PI for a business purpose: Service providers, Affiliates, and Business partners
    • Categories of third parties to whom we share for interest-based advertising: None

Notice to European Users

The information provided in this “Notice to European users” section applies only to individuals in the United Kingdom, Switzerland, and the European Economic Area (collectively referred to as “Europe”).

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection laws, regulation, and legislation. Essentially, it boils down to information about an individual, from which that individual is either directly identified or can be identified. It does not include ‘anonymous data’ (i.e., information where the identity of individual has been permanently removed). The personal data that we collect from you is identified and described in greater detail in the section Personal Information We Collect.

Controller. Eleven Systems is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation. See the How to Contact Us section above for contact details.

Legal bases for processing. We use your personal information only as permitted by law for the purposes listed below. The European data protection legislation requires us to ensure we have a “legal basis” for each purpose for which we collect personal information. Our legal bases for processing your personal information described in this Privacy Policy are listed below:

  • Where we need to perform a contract that we are about to enter into, or have entered into, with you (“Contractual Necessity”).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each purpose we use your personal information for is set out in the table below
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”)).
  • Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”). Generally, we do not rely on your Consent as a legal basis for using your personal information

We set out below, in a table format, the legal bases we rely on in respect of the relevant purposes for which we use your personal information. The purposes identified are explained in greater detail in the section How We Use Your Personal Information.

 

Purpose Category(ies) of Personal Information involved Our Legal Basis for This Use of Personal Information
Service Delivery
  • Contact information
  • Demographic information
  • Content you choose to upload to the Services
  • Profile information
  • Property information
  • Travel itinerary information
  • Medical Information
  • Financial information
  • Investment information
  • Feedback or correspondence
  • Usage information
  • Device data
  • Online activity data
  • Location data
  • Other information
  • Contractual necessity
  • Legitimate Interests

We have a legitimate interest in providing you a good Service, communicate with you, including by sending you updates on our Services, websites and related offers where you have shown interest in similar services from us

  • Consent

We will rely on your consent to process your medical information

Research and Development
  • Any and all data types relevant in the circumstances
  • Legitimate Interests

We have legitimate interest in understanding what may be of interest to our customers, improving customer relationships and experience, delivering relevant content to our customers, measuring and understanding the effectiveness of the content we serve to customers.

Compliance and Protection
  • Any and all data types relevant in the circumstances
  • Compliance with Law
  • Legitimate Interests

Where Compliance with Law is not applicable, we and any relevant third parties have a legitimate interest in participating in, supporting, and following legal process and requests, including through co-operation with authorities. We and any relevant third parties may also have a legitimate interest of ensuring the protection, maintenance, and enforcement of our and their rights, property, and/or safety.

Further Uses
  • Any and all data types relevant in the circumstances

The original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which the Personal Information was collected. Consent, if the relevant further use is not compatible with the initial purpose for which the personal information was collected.

 

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Security. We have put in place procedures designed to deal with breaches of personal information. In the event of such breaches, we have procedures in place to work with applicable regulators. In addition, in certain circumstances (including where we are legally required to do so), we may notify you of breaches affecting your personal information.

Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. If you request that your personal information be removed/deleted, we will either delete or anonymize it, subject to any laws requiring otherwise, and subject to it being available to delete (see below).

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Your rights. European data protection legislation gives you certain rights regarding your personal information. If you are located within Europe, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Data portability. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
  • Withdraw Consent. When we use your personal information based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

You may submit these requests by email to privacy@elevensystems.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. Typically, you will not have to pay a fee to exercise your rights; however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We try to respond to all legitimate requests within a month. It may take us longer than a month if your request is particularly complex or if you have made a number of requests; in this case, we will notify you and keep you updated. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here. If you are based in Europe, you can find your data protection regulator here. f you are based in the UK, you can make a complaint directly to the Information Commissioner’s Office (Water Lane, Wycliffe House; Wilmslow - Cheshire SK9 5AF; Tel. +44 303 123 1113; Website: https://ico.org.uk/make-a-complaint/).

Cross-Border Data Transfer. We are a US-based company and many of our service providers, advisers, partners or other recipients of data are also based in the US. This means that, if you use the Services, your personal information will necessarily be accessed and processed in the US. It may also be provided to recipients in other countries outside Europe. It is important to note that that the US is not the subject of an ‘adequacy decision’ under the GDPR – basically, this means that the US legal regime is not considered by relevant European bodies to provide an adequate level of protection for personal information, which is equivalent to that provided by relevant European laws. Where we share your personal information with third parties who are based outside Europe, we try to ensure a similar degree of protection is afforded to it in accordance with applicable privacy laws by making sure one of the following mechanisms is implemented:

  • Transfers to territories with an adequacy decision. We may transfer your personal information to countries or territories whose laws have been deemed to provide an adequate level of protection for personal information  by the European Commission or UK Government (as and where applicable) (from time to time).
  • Transfers to territories without an adequacy decision. We may transfer your personal information to countries or territories whose laws have not been deemed to provide such an adequate level of protection.  However, in these cases:
    • we may use specific appropriate safeguards, which are designed to give personal information effectively the same protection it has in Europe – for example, standard-form contracts approved by relevant authorities for this purpose; or
    • in limited circumstances, we may rely on an exception, or ‘derogation’, which permits us to transfer your personal information to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – for example, reliance on your explicit consent to that transfer. 

You may contact us if you want further information on the specific mechanism used by us when transferring your personal information out of Europe.