Effective as of February 13th, 2023
General Data Protection Regulation (2016/679) (“GDPR”)
Flashpoint provides its Products on its customers’ behalf as a “data processor,” as such term is defined under the GDPR. As such, customers are the data controllers, as such terms are defined under the GDPR, when using Flashpoint’s Products. Thus, Customers must, as applicable, have an appropriate legal basis for its processing activities when using the Products, give appropriate notices under Articles 13-14, and fulfill all other data controller obligations under the GDPR.
When serving as a processor, we have certain obligations under GDPR including only processing personal data at our customers’ instructions reflected in the applicable software license agreement, providing assistance with fulfillment of rights requests, and implementing appropriate security for personal data. We will forward any inquiries, complaints, or requests received from data subjects with respect to use of the Products to the appropriate customer and await instructions before taking any action.
With respect to other processing activities, Flashpoint may act as a data controller. As examples, we are a controller with respect to certain activities related to prospective/current customers, customer end-users, and vendors (“Business Contacts”), and visitors to our Website to the extent they are located in the European Economic Area (note that, in some cases, the categories may overlap such as Business Contacts using the Website). Please see below for more information related to such processing activities and other important information.
Your Rights Under the GDPR
As a natural person located in the European Economic Area, you have a right to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data (such as direct marketing); (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights and submit a GDPR complaint by contacting [email protected] with the subject line “GDPR.”
You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under Flashpoint’s Standard Contractual Clauses.
Contact details for the EU data protection authorities can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Flashpoint’s intelligence portal may collect your IP address and this information will be used by Flashpoint for security, analytics and other internal purposes.
When you sign up to receive our newsletters or Product information on the Website, we collect your contact information. Contact information is provided via browser forms or online request forms, and includes: first name, last name, e-mail address, job title, name of the organization, country, state/region and phone numbers (fax, cell and/or landline). This contact information is used by our sales, support and Product teams to contact our visitors, customers and distributors for the purpose of providing the requested information, support, or Products. We do not collect any contact information from you when you use the Website unless you provide us with the contact information voluntarily.
Like most organizations, we use automatic data collection technology, such as Google Analytics, New Relic, and Pardot when you visit our Website, or license, access, or use our Products online. These technology services may collect information on our behalf such as your IP Address, geolocation information, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, number of links you click while on the Website, search terms, and other data. This information is collected automatically and anonymized. The third parties we currently work with include the following (click on the links to view these organizations’ privacy policies and find out more about what data they hold about you, what they do with it, and how to opt-out from certain data collection). Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Website.
For Google Analytics, please visit: https://www.google.com/analytics
For Pardot, please visit: https://www.salesforce.com/company/privacy/
For New Relic, please visit: https://newrelic.com/termsandconditions/privacy
If you do not want the Website to place a cookie on your hard drive, you may be able to turn that feature off on your device. Please consult your Internet browser’s documentation for information on how to do this. However, if you decide not to accept cookies from our Website, the Website may not function properly.
In an ongoing effort to better understand our users and the Website, we might analyze your information in aggregate form to operate, maintain, manage, and improve the Website. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our Products and the Website to current and prospective business partners and to other third parties for other lawful purposes.
Disclosure to Public Authorities
We may be required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Opt-Out for Direct Marketing; Email Management
You may opt out at any time from the use of your personal information for direct marketing purposes by contacting us at [email protected]. Please allow us a reasonable time to process your request.
You also may manage your receipt of marketing and non-transactional communications by clicking on the “Manage Email Preferences” link located on the bottom of any Flashpoint marketing email and following the instructions found on the page to which the link takes you. You cannot opt out of receiving transactional emails related to their account or purchase orders.
Retention of Personal Information
How We Protect Your Information
We take commercially reasonable steps to protect the personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Website may not be secure, and you should therefore take special care in deciding what information you send to us via email.
Important Notice to Non-U.S. Residents
Our servers are located in the US. If you are located outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US, which may not have privacy laws as comprehensive as those in the country where you reside or are a citizen. Except in the case of data transfers under the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, described below, your decision to provide personal information to us, or allow us to collect such data through our Website or Products, constitutes your consent to this data transfer.
Important Notice for Individuals of the European Economic Area, the United Kingdom, and Switzerland
Flashpoint is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Onward Transfer to Third Parties under the Privacy Shield
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Flashpoint’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Flashpoint remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless Flashpoint proves that it is not responsible for the event giving rise to the damage.
Although Flashpoint adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, Flashpoint does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal information from the European Economic Area to third countries in light of the judgment of the Court of Justice of the EU in Case C-311/18 (Schrems II Decision). Nor do we rely on the Swiss-U.S. Privacy Shield Framework in light of the policy paper of the Swiss Federal Data Protection and Information Commissioner of September 8, 2020. To learn more, visit the U.S. Department of Commerce’s Privacy Shield website (at: https://www.privacyshield.gov/). Accordingly, Flashpoint utilizes legally recognized mechanisms to facilitate the transfer of personal information from the European Economic Area and Switzerland to the United States and other third countries, including the Standard Contractual Clauses. For transfers of personal Information from the United Kingdom to third countries, we similarly use authorized transfer mechanisms, such as the UK International Data Transfer Agreement.
Opt-In and Opt-Out to Certain Onward Transfers under the Privacy Shield
Individuals have the opportunity to opt-out of sharing of their personal data with third parties other than our agents or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, please submit a written request to [email protected] with the subject line “Privacy Shield.”
We will not disclose your sensitive personal information to any third party without first obtaining your opt-in consent. In addition to any consent mechanisms on the Site, you may provide your consent by sending us an email at [email protected] with the subject line “Privacy Shield.” In each instance, please allow us a reasonable time to process your response.
Your Privacy Shield Rights
California Privacy Rights
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you wish to submit a request pursuant to Section 1798.83, please contact Flashpoint via email at [email protected].
If you are a California resident and you have questions about our practices with respect to sharing information with third parties for their direct marketing purposes and your ability to exercise choice, please send your request to the following email address: [email protected] or write to us at our mailing address below.
For California residents under the age of 18 and registered users, California law (Business and Professions Code § 22581) provides that you can request the removal of content or information you posted on the Website. Any such request should be sent to us at [email protected] along with a description of the posted content or other information to be removed. Be advised, however, that applicable law may not permit us to completely or comprehensively remove your deleted content or for other reasons as set forth in this California law.
In addition, Flashpoint does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.
California Consumer Privacy Act (CCPA). Your California Privacy Rights If you are a California resident, California law may provide you with additional rights regarding our use of your personal information pursuant to the California Consumer Privacy Act (including as amended by the California Privacy Rights Act). To learn more about your California privacy rights, visit CCPA Privacy Notice for California Residents. Flashpoint does not sell or share your personal information to third parties for purposes of the CCPA.
Other State Privacy Rights
State consumer privacy laws in Colorado, Connecticut, Nevada, Utah and Virginia may provide their residents with additional rights regarding our use of their personal information.
Colorado, Connecticut, Utah and Virginia each provide their state residents with rights to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Data portability.
- Opt-out of personal data processing for targeted advertising and sales (However, we do not use your personal information for targeted advertising or sell your personal information.)
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
- Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
If you are a resident of Nevada, you also have the right to opt-out of the sale of your personal information to third parties. (Again, however, we do not sell your personal information to third parties.)
To exercise any of these rights, or appeal a decision, please send an email to [email protected] Again, however, we do not use your personal information for targeted advertising or sell your personal information.
For all verifiable consumer requests, we will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at [email protected]
We endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
How to Contact Us
E-mail us at [email protected]
Or write to us at:
EJ2 Communications, Inc.
6218 Georgia Avenue NW, Suite 1, PMB 3032
Washington, D.C. 20011 USA
For GDPR Requests Email us at [email protected]
For GDPR Data Processing Agreement Questions Email us at: [email protected]
Copyright 2023 EJ2 Communications, Inc. All rights reserved.