CLIPr Co. EU and UK Privacy Notice

Effective Date: July 19, 2021
This EU and UK Privacy Notice is included in our Privacy Policy and applies to the “personal data,” as defined under Applicable Data Protection Laws, of natural persons located in the European Economic Area or the United Kingdom (“European Individuals,” “you,” or “your”). Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them elsewhere in the Privacy Policy or, if not defined herein or elsewhere in the Privacy Policy, in Applicable Data Protection Laws. If you are located elsewhere, please see the rest of our Privacy Policy.
‍
Definitions:
“Applicable Data Protection Laws” means: (i) the General Data Protection Regulation 2016/679 (“GDPR”); (ii) the Privacy and Electronic Communication Directive 2002/58/EC; (iii) the UK Data Protection Act 2018 (“DPA”), the UK General Data Protection Regulation as defined by the DPA as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, and the Privacy and Electronic Communications Regulations 2003, and (iv) any relevant law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding instrument which implements any of the above or which otherwise relates to data protection, privacy or the use of personal data; in reach case as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time.  “European Economic Area” (or “EEA”) means the then-current member states and member countries of the European Union and European Economic Area.

Controller Disclosure & Details:  
We are a data controller of personal data regarding the following categories of European Individuals: Prospective and current business contacts at customers (collectively, “Customer Business Contacts”), users of Platforms and Services at customers (“Platform Users”), business contacts at vendors, suppliers, or other third parties (“Vendor Business Contacts”), and our Website  visitors (“Site Visitors”) for the purposes and under the legal bases described in the table below. Please note that, in some cases, the categories of data subjects above may overlap (e.g., Customer Business Contacts using our Platforms are also Platform Users, Vendor Business Contacts using the Website are also Site Visitors).
Data Subject CategoryPurpose & Legal Basis of Processing

‍General (applies to all data subjects below)
Information Security: Our web servers will log your IP address and other information (e.g., browser information, operating system, request date/time, user agent string, referral and exiting URL) in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking Site usage, combating denial of service or other attacks, and removing or defending against malicious individuals or programs on the Site.

‍Platform Users
‍Direct Marketing: Generally, we send email marketing to prospective customer business contacts pursuant to their consent. In cases where a prospective or current customer buys, or enters into negotiation for the sale of, a product or service, or when the customer otherwise engages with us, email marketing may be sent to such customer pursuant to our legitimate interest in sending marketing communications to such customers.
‍
Executing Contracts and other Legal Documentation: We will process personal data as necessary for the performance of contracts to which customers are a party (such as our Terms of Use or, Privacy Policy, or a purchase of our Services) or to take requested steps to enter into such contracts.
‍
Providing Access and Support for Services: We will process personal data pursuant to our legitimate interest and as necessary for the performance of contracts to provide customers with access and support for our Services.
‍
Improving the Platform: We will process personal data pursuant to our legitimate interest in training the machine learning algorithms and in processing your feedback.

‍Customer Business Contact
‍Direct Marketing: Generally, we send email marketing to prospective customer business contacts pursuant to their consent. In cases where a prospective or current customer buys, or enters into negotiation for the sale of, a product or service, or when the customer otherwise engages with us, email marketing may be sent to such customer pursuant to our legitimate interest in sending marketing communications to such customers.
‍
General Business Development: We will process personal data pursuant to our legitimate interest in furthering business relationships (such as by storing Customer information within a CRM or other file), ensuring customer satisfaction, and answering inquiries.
‍
Executing Contracts and other Legal Documentation: We will process personal data as necessary for the performance of contracts to which customers are a party (such as our Terms of Use or, Privacy Policy, or a purchase of our products or services) or to take requested steps to enter into such contracts.
‍
Providing Access and Support for Services: We will process personal data pursuant to our legitimate interest and as necessary for the performance of contracts to provide customers with access and support for our Services.

‍Vendor Business Contacts
‍Vendor Contacts: When entering into vendor relationships, we will receive the personal information of contacts employed or otherwise associated with such vendors. We process such information in our legitimate interest in establishing and developing our vendor relationships.

‍Site Visitors
‍Audience Measurement and Retargeting: Pursuant to a Site Visitor’s consent, we use an assortment of marketing and analytics cookies and other tracking technologies (“Tracking Data”) for purposes of audience measurement, retargeting, and creating relevant Site Visitor experiences (such as based on their interaction with our Service).  

Recipients:
CLIPr may disclose your personal data for the purposes described herein to the following categories recipients to effectuate the purposes described herein: lawyers, auditors, and other professional advisors and third party providers of services such as cloud storage, email marketing vendors, online marketing and advertising technology vendors, information security vendors, customer relationship management systems, and analytics providers and databases.
‍
Retention:
‍Please see below for our general retention periods. Please note that the below retention periods may be extended or shortened, as appropriate, based on the context of our relationship with a European Individual, and for compliance with legal obligations (e.g., accounting, finances, tax). We will retain the personal data of prospective customers in our systems for three (3) years. This retention period may be extended for prospective customers that are in current negotiations with CLIPr near the end of such retention period. We will retain current customers’ personal data until the relationship terminates, at which point such personal data will be further retained within our systems for seven (7) years for finance and tax purposes and in case of repeat business. We will retain Tracking Data in our systems for no longer than fourteen (14) months from the date of collection. Personal data relating to contractual and other legal documentation, such as with our customers or vendors, will be retained permanently.

‍Your Rights:
‍As a natural person, you have a right to: (i) request access to, correction, and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability, and (v) withdraw your consent where consent is used as the legal basis for processing your personal data. You may exercise these rights and submit a complaint under Applicable Data Protection Law by contacting: legal@clipr.ai with the subject line “EU and UK Notice.”  
‍
You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority of the EEA state (or the UK) where you work or live or where any alleged infringement of data protection laws occurred. A list of the supervisory authorities in the EEA can be found here:
‍http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
The supervisory authority in the UK is the Information Commissioner’s Office (https://ico.org.uk/).

‍Objecting to Legitimate Interest/Direct Marketing: You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to legal@clipr.ai with the subject line “EU and UK Notice” (the latter for instances where, for example, you would not like to receive follow-ups from our sales team). In such case, your personal data will no longer be used for that purpose.
‍
Transfer of Personal Data outside the EEA:
We may transfer your personal data outside the EEA or the UK when necessary to provide the Services. We will only transfer your personal data outside the EEA or the UK pursuant to applicable data protection laws, and will not make such a transfer unless: (i) we have signed EU Commission Standard Contractual Clauses with the recipient, (ii) the recipient is located in a country that has received an adequacy decision from the European Commission, or (iii) where a derogation under GDPR Article 49 or similar provision applies.
‍
Disclosure to Public Authorities:
CLIPr may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
‍
Corporate Restructuring:
In the event of a merger, reorganization, dissolution, or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this EU and UK Notice.
‍
Updates to this EU and UK Notice:
If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this EU and UK Notice, and the “Effective Date” at the top of this page will be updated accordingly.
‍
How to Contact Us:
Please reach out to legal@clipr.ai for any questions, complaints, or requests regarding this EU and UK Notice; please include the subject line “EU and UK Notice.”