Last Updated: 10 June 2020
We use the terms “personal information” and “personal data” to mean any information relating to an identified or identifiable individual. If you are located in the European Economic Area (“EEA”), please also see our Supplemental EEA Privacy Statement below. If you are a resident of California, please also see our Supplemental California Consumer Privacy Act Disclosures.
Should you have any questions regarding this Policy, you can contact our Data Protection Officer by email at firstname.lastname@example.org.
What Types of Personal Information Do We Collect?
Information You Actively Submit on our Site: If you create an account, fill out a form, send an email to our team, or otherwise send us information through the Site, we collect personal information about you. The Site has webpages that allow you to submit a variety of personal information to us, including contact information such as your name, email address and physical address, social media information such as your social media account name, login information such as a user name and password, and other information such as survey responses, photo uploads, and forum posts. In each instance, you will know what personal information we collect because you will actively submit it.
Information from Other Sources: We collect personal information through other sources such as third party data providers, social media platforms and joint marketing partners to help us offer our services to you. This personal information generally consists of business contact information such as email address, title, phone number and similar information.
Combined: We may link information that you automatically provide with information that we collect from other sources and/or information you actively submit. When such a linkage occurs, we treat all of the combined data as personal information.
How Do We Use Your Personal Information?
We use personal information that we collect about you as follows:
• Upon request, to create an account for you;
• To enable you to use online interactive forums that we may offer;
• To provide requested services and information;
• To respond appropriately to your inquiries and requests;
• To discharge our contractual obligations to you;
• To send you invites and service emails if you become a member of our communities as part of your ongoing membership;
• To contact you to administer rewards such as sweepstakes/contests;
• To comply with any legal obligations that apply to us;
• If you submit an employment application, to administer and evaluate your application and comply with legal obligations we have in relation to your application; and
• To secure, optimize and customize your experience on the Site.
To the extent permitted by applicable law, we may use your personal information to contact you with sales and marketing communications. You may at any time choose to stop receiving marketing emails from us by using one of the unsubscribe options we provide. Please see the Your Choices section of this Policy for more information about opting-out of communications. Service-related communications that Potentiate sends to our own customers are covered in the Our Clients section of this Policy.
For How Long Do We Keep Your Personal Information?
We generally retain your personal information for as long as you have a business relationship with us and for 3 years thereafter, unless we are required to delete or anonymize it sooner. If you do not have a direct business relationship with us, for example where we have received your personal information from a third party data provider, we shall retain your personal information for 3 years following our last communication with you unless we are required to delete or anonymize it sooner. In some cases, we may be required to retain personal information for a longer period of time based on laws or regulations that apply to our business or for other necessary business purposes. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period.
To Whom Do We Disclose Your Personal Information?
We do not share your personal information with third parties, except in the following cases:
• with your consent;
• with affiliated and unaffiliated services providers that act on our behalf and under our instructions to help us operate our business (data processors);
• in redacted or aggregated form that cannot be used to identify you individually;
• if required or permitted by law, including as necessary to comply with the law, to protect the rights or safety of Site users, other users, or third parties (e.g., for fraud protection and credit risk reduction purposes; for protecting and defending the rights or property of Potentiate, its customers, other users, or members of the public); or
• with a buyer of all or substantially all of our assets relating to a particular business line or division, or in connection with a merger, acquisition, reorganization or restructuring.
You have a variety of choices regarding which personal information we may collect, process and use and for what purposes. Wherever reasonably practical, we will provide you with the ability to use the features of the Site without submitting personal information to us or to use a pseudonym. Some areas of the Site however, such as registration forms, questionnaires and submissions to our Careers section require you to provide accurate and up to date personal information and your choice is to not use such areas and features.
You can contact us to request that we correct or stop using your personal information, or to find out what personal information we have collected about you:
• Email Communications – You may opt-out of receiving marketing and other promotional emails from us at any time by clicking the unsubscribe links embedded within the emails we send, or by contacting us directly at email@example.com. Members of communities we own can opt-out of participating by using the unsubscribe links embedded in emails, or by using the subscription preference options in the Profile / Settings section of the member hub. Some emails are transactional in nature, including emails we send to our clients regarding the services they have purchased. These emails do not provide the ability to opt-out.
• Data Access, Correction & Deletion – You may request access to your personal information to confirm that it is in our possession, to ensure that it is accurate and to make corrections, or to request that it be removed/anonymized. We will respond to your request as quickly as possible and will need to verify your identity before providing you with access to the personal information we hold about you.
In some cases, we may be unable to accommodate your request if we are unable to verify your identity, if we are prohibited by law, if disclosure would result in the disclosure of the personal information of others, or if the request is unreasonable or impractical. If we are unable to process your request for these or any other reasons, we will provide you with an explanation of the reason for denial, and you will be permitted to request a review.
All requests for information should be sent by email to firstname.lastname@example.org or to the mailing address listed above.
International Considerations and Data Transfers
Information collected on this Site may be processed outside of the country you are visiting from. We process personal information in the United States, Australia, the European Union, the United Kingdom, Malaysia and Japan. Occasionally, we use service providers located in these and other jurisdictions including Thailand, Israel and India to process data on our behalf and under our instructions. When transferring your personal information, we take appropriate measures to protect it in accordance with applicable laws and this Policy.
We have implemented commercially reasonable safeguards and precautions to protect your personal information, including technical and organizational measures against unauthorized access, improper use, alteration, unlawful or accidental destruction, and accidental loss. These measures include utilizing secure Transport Layer Security (“TLS”) connections for data collected via our platform, employee training, policies, and secure facilities. Access to personal information is restricted to employees and contractors who have a need to know and who are required to maintain the confidentiality and security of information. Please note that despite our use of the safeguards described above, we cannot guarantee that personal information you submit to us will never be accessed, disclosed, altered, or destroyed in a manner that is inconsistent with this Policy.
• AUP / Reporting Abuse – Potentiate has a comprehensive Acceptable Use Policy (“AUP”), available upon request outlining the acceptable use of our services and our clients are required to abide by the terms of the AUP at all times. Potentiate disclaims any responsibility for clients who use our services to engage in illegal or unethical behavior and will take any action we deem necessary should we discover such activity is taking place including suspension or termination of service. If you suspect a breach of the AUP, or have concerns with the manner in which our clients are using our services, please immediately contact us at email@example.com. If you have general questions including requesting to opt-out of our client’s use of your data, please use the support link provided within your member hub.
• Potentiates Communications with our Clients – When we are required to do so in order to provide services to our clients, we may send service-related emails such as maintenance notifications, responses to support inquiries, billing notices, account management emails, and password reset emails. Generally, you may not opt-out of these types of communications as they are not promotional in nature. We will occasionally send promotional emails as well, which do provide you the ability to opt-out of similar communications. We may also communicate with you by phone or postal mail.
This site is not intended for or directed at children and we do not knowingly collect personal information from any person under the age of 13. If we discover that we have inadvertently collected personal information from a person under 13 years of age, we will promptly take commercially reasonable measures to delete such information from our systems.
Changes to This Policy
We may change the terms of this Policy at any time at our sole discretion so please review it periodically.
Supplemental EEA Privacy Statement
European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”), requires Potentiate as the data controller to provide additional and different information about its data processing practices to data subjects in the EEA. If you are accessing the Site from a member state of the EEA, this Supplemental EEA Online Privacy Statement applies to you in addition to the Policy above.
Our GDPR-specific representative is Potentiate GmbH. Our Data Protection Officer may be contacted at firstname.lastname@example.org.
What Are Our Legal Bases for Processing Personal Data?
We process the personal data of users of our Site on several different legal bases, as follows:
• Legitimate Interests: We process the personal data of users of our Site as necessary to pursue the following legitimate interests, pursuant to Article 6(1)(f) of the EU GDPR: To provide a good user experience, to maintain, secure and improve our Site and products, to tailor our communications and services to our users, to market and promote our products and services and to support and provide requested services.
• Legal Obligations: If we are subject to a lawful access request, engaged in a legal proceeding or suspect a user of illegal conduct, we may need to process your personal data to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process, pursuant to Article 6(1)(c) of the EU GDPR.
• Consent: If we are required to obtain your consent to send you marketing communications, place certain cookies on your device, or engage in other processing activities associated with the Site, we may perform such processing on the basis of your consent if you have provided it, pursuant to Article 6(1)(a) of the EU GDPR. In such cases, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Providing your consent is voluntary, however we will not be able to provide you with a service for which we require your consent unless it is provided.
• Vital Interests: In extenuating circumstances, we may need to process your personal data to protect the vital interests of you or another natural person, pursuant to Article 6(1)(d) of the EU GDPR.
Where Do We Transfer Personal Data and How Do We Protect Such Transfers?
We disclose your personal data to recipients in the following jurisdiction or jurisdictions outside of the EEA which provide adequate protection to personal data according to the European Commission: Canada, Israel, and the United States (limited to the Privacy Shield framework). In each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (see Article 45 of the EU GDPR).
We disclose your personal data to recipients in the following jurisdiction or jurisdictions outside of the EEA which do not provide adequate protection to personal data according to the European Commission: Australia, the United States (where the Privacy Shield framework has not been applied), South Africa, Singapore, Hong Kong, Japan and India. By entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) of the EU GDPR or other adequate means, we have established that all such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including to our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by the applicable contract or applicable law. You can ask for a copy of such appropriate data transfer agreements by contacting email@example.com.
What Data Subject Rights Do You Have?
Under the conditions set out under the EU GDPR and any other national data protection laws in the EEA, you have the following rights:
• Right of access: You have the right to obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to the personal data. The access information includes, among other things, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. You have the right to obtain a copy of the personal data undergoing processing. Subject to applicable law, we may charge a reasonable fee for copies, based on administrative costs.
• Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• Right to erasure: You have the right to ask us to erase your personal data to the extent it is not required for legally required purposes.
• Right to restriction of processing: You have the right to request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
• Right to data portability: You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any cost. Such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
• Right to Submit Complaints: You have a right to lodge a complaint with a supervisory authority.
Please note that these rights may be limited under the applicable national data protection law. To exercise your rights please contact us at firstname.lastname@example.org.
Are You Required to Provide Personal Data?
You are not required to provide any personal data to us, but if you do not provide any personal data to us, you may not be able to use certain features of the Site, such as those available to account holders, such as participants on our platform, job applicants, among others. You can use the Site without consenting to cookies that are not strictly necessary; which will mean that your experience on the Site will be less tailored to you and certain features of the Site may not function as intended. You can also use the Site without consenting to receiving marketing communications from us; which will mean that you may not receive marketing communications that you may be interested in.