Terms used in this Supplement are consistent with the definitions in The General Data Protection Regulation (EU) 2016/679 (“GDPR”) or its local equivalents under Relevant Laws.
Legal bases for processing. If applicable under a Relevant Law, our legal bases for processing personal data are set forth in the table below.
|PROCESSING PURPOSE||LEGAL BASIS|
|Processing is necessary to perform a contract.|
If we have not entered into a contract with you, we process your personal data based on our legitimate interest in providing the Services you access and request.
|These activities constitute our legitimate interests. We do not use your personal data for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
|To comply with law||Processing is necessary to comply with our legal obligations.|
|Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.|
Certain Relevant Laws provide individuals located in Relevant Regions certain rights regarding their personal data. If a Relevant Law applies to you, you may submit a request to exercise your right(s) in relation to your personal data for which ProSciento is the Data Controller, as follows:
1. Right to be Informed
You may request what personal data is collected about you, why, who is collecting data, how long it will be kept, how you can file a complaint, and with whom we will share the data.
2. Right to Access
You may request a copy of your personal data we process.
3. Right to Rectification
You may request the correction or rectification of any of your inaccurate or incomplete personal data we process.
4. Right to Deletion or Erasure
You may request we delete personal data in accordance with Relevant Laws.
5. Right to Restrict Processing
You may request that we limit the way we use your personal data, including uses of any sensitive personal data.
6. Right to Data Portability
You may request for your data to be transferred directly to another organization.
7. Right to Object to Processing
You may object to the processing of certain personal data.
8. Rights in Relation to Automated Decision Making and Profiling
You have the right not to be subject to automated decision-making if it produces a legal effect that significantly affects you, with certain exceptions. Please note that ProSciento does not generally engage in this activity and does not as a matter of course control or process personal data for this purpose, and if it does, ProSciento complies with Relevant Laws in connection with such data processing.
9. Right to request not to receive direct marketing communications. In some Relevant Regions, you may request to not receive our direct marketing messages, as more fully set forth below.
Certain other details regarding the processing of personal data that individuals located in the above regions may be entitled to receive are contained in other provisions of the Policy.
If you have an account or accounts with us, please visit your account page(s) to review the options available to you to exercise your rights above. Please note that some functionality may not be available, or we may not be able to fulfill your request, depending on our legal obligations or rights, in which case we will inform you of such a limitation or exception. For example, we may not be able to delete all data as we may be legally required to retain certain data or retain certain data in identifiable form. If functionality to exercise your rights is not available to you directly, or you have any concerns about how we process your data under appliable laws, you may submit a request by email to ProSciento’s Data Protection Officer via email at DPO@prosciento.com, via phone to 833-602-2089 (toll free), or in writing to:
Data Protection Officer
6160 Cornerstone Ct. E
San Diego, CA 92121
ProSciento is established in the European Union at:
ProSciento Europe B.V.
6222 PH Maastricht
We may request specific information from you to help us confirm your identity and process your request.
If you wish to file a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact the data protection Supervisory Authority in your Relevant Region.
Cross-Border Data Transfer
We have affiliates, subsidiaries and operations globally and may transfer personal data on a global basis, including to the Unites States, to operate our business. If we transfer your personal data out of the EEA, UK, Switzerland, or another Relevant Region to a jurisdiction not deemed by the applicable regulatory authorities in the Relevant Region to provide an adequate level of personal data protection, the transfer will be performed:
- Pursuant to the recipient’s compliance with the applicable standard contractual clauses or their equivalent, or Binding Corporate Rules
- Pursuant to the consent of the individual to whom the personal data pertains
- As otherwise permitted by applicable requirements under Relevant Laws.
You may contact us for further information on the specific legal mechanism used when transferring your personal data out of Europe or your applicable Relevant Region.
California “Shine the Light” Law
California residents may request certain information regarding our disclosure (if any) of personal data to third parties for their direct marketing purposes, pursuant to California Civil Code Section 1798.83 (the California “Shine the Light” law). To make such a request, please contact us, identify yourself as a California resident and provide sufficient information so we can take appropriate action, such as your name, email address or any additional information required.
California Privacy Rights Act (“CPRA”) Notice
The below information applies to all personal data collected and/or received by ProSciento from consumers residing in California if and to the extent the CPRA applies and provides additional information about how ProSciento processes personal data.
California residents may have the right to disclosure of certain information about the processing of their personal data, including, to the extent applicable, the following:
- The categories of personal data we have collected about such consumer.
- The categories of sources from which such personal data has been collected.
- The business or commercial purpose for collecting or selling or sharing such personal data.
- The specific pieces of personal data we have collected about such consumer.
- The time period for which we retain personal data or the criteria it will use to determine how long we retain personal data
- The categories of such consumer’s personal data we have sold, shared, or disclosed for a business purpose, by category for each category of third parties to whom the personal data was sold, shared, or disclosed, or we will state that we have not sold, shared, or disclosed for a business purpose such consumer’s personal data.
Information identified above may be found in our Policy.
In addition, as set forth in our Policy, we may collect the following specific categories of personal data:
- Identifiers such as real name; alias; signature; postal address; email address; telephone number; unique personal identifier; online identifier; Internet Protocol address; device identifiers; email address; account name; Social Security number; driver’s license or other state identification number; passport number; insurance policy number; insurance claim number; financial information, including bank account, credit card numbers, bank routing details; employment, including current and historical; association membership; other device identifiers including the operating system, browser type, network information; or other similar identifiers
- Protected legal characteristics such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, or veteran or military status.
- Commercial information such as data related to insurance policies, or other purchasing or consuming histories or tendencies.
- Biometric information (i.e. Items related appearance including, but not limited to, height, weight, eye color, hair color; NOT including any genetic data or data that could alone be considered Personal Data when not combined with other information (i.e. fingerprint or genetic data))
- Internet activity such as data set forth in our Policy.
- Thermal information such as your body temperature taken in connection with a clinical trial study.
- Employment information
- Education information
- Inferences drawn from the above data to create a profile reflecting personal preferences and attributes
“Sale” and “Sharing” of Personal Data
ProSciento does not as a matter of course “sell” or “share” personal data , in accordance with the definitions of “sell” and “share” in the CPRA. If you believe we have “sold” or “shared” your personal data, please contact us as set forth below.
Non-Discrimination and Non-Retaliation
In accordance with the CRPA, ProSciento will not discriminate or retaliate against you for exercising any of your Personal Data rights. Unless permitted by applicable regulations, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Responding to Your Requests
Depending on the applicable Relevant Law, we may only have to respond to requests for access or data portability twice within a 12-month period. Each verifiable request must:
- Provide sufficient information that allows us to reasonably verify you are either (i) the person about whom we collected personal data or (ii) an authorized representative which provided the personal data.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
ProSciento cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you or an individual about which you provided personal data.
ProSciento will respond to a verifiable request within the time periods required by the Relevant Law and if more time is required, ProSciento will comply with any such applicable requirements. The response ProSciento provides will also explain the reasons we cannot comply with a request, if applicable.
We will provide appropriate disclosures upon receipt of a verifiable request, to the extent required by Relevant Laws (or in our discretion if not required by Relevant Laws) and as permitted by our contracts, confidentiality obligations and applicable laws and regulations.
Post: Attn: Data Protection Officer,
6160 Cornerstone Ct. E
San Diego, CA 92121