Data Deposit Box® was designed with your privacy in mind. Each user can have their own individual username and password. This ensures that while your data is securely stored at our data center, only you have access to your data. Even our most privileged systems administrators do not have the ability to decrypt your data.
2. NAME AND ADDRESS OF THE CONTROLLER:
Controller (“Controller”) for the purposes of the General Data Protection Regulation (“GDPR”), other data protection laws and other provisions related to data protection is:
Data Deposit Box
5063 North Service Road
NAME AND ADDRESS OF THE DATA PROTECTION OFFICER:
The data protection officer of the controller (“Data Protection Officer”) is:
Data Deposit Box
5063 North Service Road
You may, at any time, contact our Data Protection Officer directly with questions and suggestions concerning data protection.
4. USE OF PERSONAL INFORMATION:
Data Deposit Box owns and operates the Website and is committed to protecting the privacy of its users. Data Deposit Box stands behind the belief that personal information provided by our users should only be used to enhance and improve their experience at the Website.
Data Deposit Box does not collect personal information about individual users except (a) when such personal information is provided to Data Deposit Box on a voluntary basis; (b) to monitor traffic to the Website; (c) to determine the future direction of the Website, including any necessary technical upgrades; (d) to contact the user regarding future services; (e) to promote Data Deposit Box products; (f) to respond to customer inquiries and comments; and (g) to maintain a list of Data Deposit Box customers. By providing personal information to Data Deposit Box, you agree and consent to the collection, use and/or disclosure of such information by Data Deposit Box for the purposes stated above.
Personal information about users will not be sold or otherwise transferred to unaffiliated third parties without the user’s expressed and informed approval. Data Deposit Box does, however, reserve the right to disclose personal information to: (a) its affiliates, subsidiaries and third parties for purposes related to the marketing of the products and services offered by Data Deposit Box, its affiliates and subsidiaries, and (b) if such disclosure is made pursuant to a legal proceeding or is required by law.
If you do not wish to be included in Data Deposit Box’s future marketing efforts, please notify Data Deposit Box by regular mail at 5063 North Service Road, Suite 100, Burlington, Ontario L7L 5H6, Canada or by e-mail at email@example.com.
Notwithstanding your wish to cease receiving such promotional and/or marketing information, Data Deposit Box reserves the right to contact you regarding such matters as is relevant to your continued use of the Website and/or any information about you that is held by Data Deposit Box.
The Website may contain links to third party Websites. By clicking on a link, you agree that Data Deposit Box is not responsible for the privacy policies of such third party websites. You further agree that it is your responsibility to be aware of and comply with such privacy policies.
Data Deposit Box will not monitor, edit, or deliberately disclose private communications unless: (i) required to do so by law; (ii) you grant us permission; or (iii) in the good faith belief that such action is necessary to: (a) comply with the law; (b) comply with any legal process that is served on Data Deposit Box; or (c) protect and defend the rights or property of Data Deposit Box.
7. SECURITY OF PERSONAL INFORMATION:
Data Deposit Box will use commercially reasonable efforts to ensure security of information collected about you through the use of passwords, firewalls, encryption technology and other security measures. You acknowledge that: (i) there are security and privacy limitations of the Internet which are beyond the control of Data Deposit Box; (ii) the security, integrity and privacy of any and all information and data exchanged between you and Data Deposit Box through the Website cannot be guaranteed; (iii) any such information and data may be viewed or tampered with in transit by a third party; and (iv) Data Deposit Box will not be responsible for information sent via e-mail.
8. YOUR INDIVIDUAL RIGHTS:
Right of Confirmation
You shall have the right to obtain from the Controller the confirmation as to whether your personal data is being processed. If you wish to avail yourself of this right of confirmation, you may, at any time, contact our Data Protection Officer.
Right of Access
You shall have the right, at any time, to obtain from the Controller, a free copy of the information about your personal data stored. Furthermore, you are granted access to the following information:
- The purposes of processing your personal data;
- The categories of your personal data that is being stored;
- The recipients or categories of recipients to whom your personal data has been or will be disclosed;
- Where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the controller rectification or erasure of your personal data, or restriction of processing of your personal data, or to object to such processing; and
- The existence of the right to lodge a complaint with a supervisory authority.
- The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing.
Furthermore, you shall have a right to obtain information as to whether your personal data has been transferred to a third country or international organization. Where this is the case, you shall have the right to be informed of the appropriate safeguards relating to the transfer. If you wish to avail yourself of your right of access, you may at any time contact our Data Protection Officer.
Right to Rectification
You shall have the right to obtain from the Controller, without undue delay, the rectification of inaccurate personal data. Considering the purposes of the processing, you shall have the right to have incomplete personal data completed. If you wish to exercise this right to rectification, you may, at any time, contact our Data Protection Officer.
Right to Erasure (Right to be Forgotten)
You shall have the right to obtain, from the controller, the erasure of your personal data without undue delay, and the controller shall have the obligation to erase your personal data without undue delay where one of the following grounds applies, as long as, the processing is not necessary:
- Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- You withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR
- Your personal data has been unlawfully processed
- Your personal data must be erased for compliance with a legal obligation to which the controller is subject.
- Your personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the six reasons, mentioned above, apply, and you wish to request the erasure of your personal data stored by Data Deposit Box, you may at any time contact our Data Protection Officer. The data protection officer of Data Deposit Box shall promptly ensure that the erasure request is complied with immediately. Where the controller has made your personal data public and is obliged pursuant to Article 17(1) to erase your personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the your personal data that you have requested erasure, by such controllers, of any links to, copy or replication of your personal data, as far as processing is not required. The data protection officer of Data Deposit Box will arrange the necessary measures in individual cases.
Right of Restriction of Processing
You shall have the right to obtain from the Controller restriction of processing where one of the following applies:
- The accuracy of your personal data is contested by you, for a period enabling the controller to verify the accuracy of your personal data.
- You object to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller overrides.
- The processing is unlawful and you oppose erasure and request restriction instead.
If one of the aforementioned three conditions is met, and you wish to request the restriction of the processing of your personal data stored by Data Deposit Box, you may at any time contact our Data Protection Officer. The Data Protection Officer of Data Deposit Box will arrange the restriction of the processing.
Right to Data Portability
You shall have the right to receive your personal data, which was provided to a controller, in a structure commonly used and machine-readable format. You shall have the right to transmit such data to another controller without hindrance from the controller to which your personal data has been provided, as long as the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising your right to data portability pursuant to Article 20(1) of the GDPR, you shall have the right to have your personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
To assert the right to data portability, you may at any time contact the Data Protection Officer designated by Data Deposit Box or another employee.
Right to Object
You shall have the right to object, at any time, to processing your personal data, which is based on Article 6(1)(e) or Article 6(1)(f) of the GDPR. This also applies to profiling based on these provisions. Data Deposit Box shall no longer process your personal data in the event of your objection, unless we can demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If Data Deposit Box processes personal data for direct marketing purposes, you shall have the right to object at any time to processing your personal data for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the you object to Data Deposit Box processing your personal data for direct marketing purposes, Data Deposit Box will no longer process your personal data for these purposes.
In addition, you have the right, to object to processing of your personal data by Data Deposit Box for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise your right to object, the you may directly contact the data protection officer of Data Deposit Box.
Automated Individual Decision-Making
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects against you, or similarly significantly affects you, as long as the decision: (1) is not necessary for entering into, or the performance of, a contract between you and a data controller, or (2) is not authorized by law to which the controller is subject and which also provides suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent. If the decision: (1) is necessary for entering into, or the performance of, a contract between you and a data controller, or (2) it is based on your explicit consent, Data Deposit Box shall implement suitable measures to safeguard your rights and freedoms and legitimate interests.
If you wish to exercise your rights concerning automated individual decision-making, you may at any time directly contact the data protection officer at Data Deposit Box or another employee of the controller.
Right to Withdraw Data Protection Consent
You shall have the right to withdraw your consent to processing your personal data at any time.
If you wish to exercise your right to withdraw your consent, you may at any time directly contact the data protection officer at Data Deposit Box or another employee of the controller.
9. GENERAL INFORMATION DISCLOSURE:
Data Deposit Box reserves the right to conduct statistical analyses of anonymous and aggregated customer information, to measure interest in and use of the Website. Data Deposit Box also reserves the right to provide this anonymous and aggregate data from these analyses to third parties.
11. ROUTINE ERASURE AND BLOCKING OF PERSONAL DATA:
The Controller shall process and store your personal data only for the period necessary to achieve the purpose of storage, or as far as this is granted by the laws or regulations to which the controller is subject.
If the storage purpose is not applicable, or if a storage period prescribed by laws or regulations expires, your personal data shall be routinely blocked or erased in accordance with legal requirements.
12. ACCESSING YOUR PERSONAL INFORMATION:
Should you wish to access, update or correct your personal information, Data Deposit Box will: (a) provide reasonable access to your personal information that is in Data Deposit Box’s records; and (b) use reasonable efforts to allow you to update or correct personally identifiable information which you state as incorrect to the extent that such information has been maintained by Data Deposit Box and if so, that such updating will not compromise Data Deposit Box’s privacy or security interests. You acknowledge that it may be impossible to completely delete all of your information from Data Deposit Box’s records without some residual information being maintained due to backups or other reasons.
Access to your personal information posted on the Website will be password protected. You must select a password. You agree to keep your password confidential in order to prevent unauthorized access. You agree to notify Data Deposit Box promptly of any unauthorized use of your password. You will be liable for any orders placed with or any electronic data provided to Data Deposit Box until Data Deposit Box is notified of the unauthorized use of the password.
14. EFFECTIVE DATE:
15. LEGAL BASIS FOR THE PROCESSING:
Article 6(1) of the GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of your personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) of the GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of your personal data is required, such as for the fulfillment of tax obligations, the processing is based on Article 6(1) of the GDPR. In rare cases, the processing of your personal data may be necessary to protect your vital interests or of another natural person, e.g., if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Such processing would be based on Article 6(1) of the GDPR.
16. EXISTENCE OF AUTOMATED DECISION-MAKING:
As a responsible company, we do not use automatic decision-making or profiling.
17. CONTACTING DATA DEPOSIT BOX: