Last updated: December 15, 2020
GDPR Data Protection Officer: Ryan Cwynar
ParOne, Inc. (“ParOne”) operates ParOne.com. ParOne respects your privacy regarding any information we may collect while operating our websites.
The purpose of this policy is to explain how we ensure your privacy, what steps we take to prevent and mitigate the compromise of private information, what kinds of information we collect from you, what we do with that information, and how you may exercise certain of your rights under applicable data privacy laws related to that information. This policy identifies our data protection officer, and provides you with the information that you may need to contact our data protection officer.
Who is responsible for the Company’s data privacy compliance, and how do I contact that person?
The Company’s GDPR Data Protection Officer is Ryan Cwynar, an authorized representative of the Company (the “Chief Technology Officer”). The Chief Technology Officer may be contacted via email at GPDR@ParOne.com, or by writing to us at:
245 8th Ave #1003
New York, NY 10011
You may complain to the GDPR Protection Officer if you think there is a problem with the way we are handling your data. You may also contact the GDPR Protection Officer in order to exercise any of your rights, including your “right to be forgotten,” under the GDPR.
What kinds of information do we collect about you?.
Content that you input to the Website or transmit via the Website in any form may be collected. Content that you post to the Website, such as blog comments, may be visible to all or some other users, and to the Company.
We also collect, store, and process any information, whether or not constituting Content, that you submit to the Company in any form, including via email. We collect, store, and process any information that is sent to our GDPR Compliance Officer, as further defined below, for purposes of complying with the actual or stated intent of any requests received that are within the responsibilities of the GDPR Compliance Officer, and for internal purposes including tracking the frequency of different GDPR requests and ensuring the suitability of internal compliance protocols.
Information that you enter into the Website at the point of account creation will be stored by us and used to create a customer profile for you, except that we do not store passwords locally. If you lose your password, you may request a password reset. We cannot provide you with your current password because we do not know it.
If you delete your account, the company may retain your profile information for future use, including for counting the number of customer accounts that have been deactivated.
We also collect information about your uses of the Website. For example, our web host will note the dates and times that your account is accessed, and will note the approximate physical location from which your account is accessed based upon the IP address of the device that logged into the Website. This information is “pseudonymous” within the meaning of the GDPR, and is subject to deletion at your request the same as any personal identifying information.
We also collect information about the Content that you view while using the Website. We collect information about how long you use the Website. We may collect certain non-personal information about your Website usage, such as an IP address or similar information. Please see below for more information about the kinds of non-personal information that we collect about you.
If we choose to display promotional content or advertisements, we may use information about the kinds of Content that you view, and your own Content, to determine the advertising experience that is most relevant to your interests.
What kinds of non-personal information do we collect about you?
The Company collects certain non-personal information about you. By “non-personal information,” we mean information about you that cannot be used, and is not stored, in a way that can identify you personally. This information may also be known as “pseudonymous” information.
The Website will collect information about your location based on your IP address. An IP address is a user-supplied identifier that allows the Company to know, in general terms, where its users are located. An IP address is not the same as a physical address, and is not the same as either your shipping address or your billing address, if applicable.
The Company uses your IP address for internal purposes such as knowing which countries provide certain percentages of its users. The Company does not distribute your IP address to any other person. The Company does not verify your IP address or connect it to your shipping or billing address for purposes of checkout if you purchase any products or services from us. Your IP address is not and cannot be used by the Company to identify you personally. The Company’s web host will also know your IP address for purposes of logging visits to the Website from your IP address and for preventing distributed denial-of-service attacks, which are disruptive attacks on websites caused by very large numbers of simultaneous visits to the Website.
The Company collects information about users such as the number of users visiting the Website at any given time, the times during which visitors visit the Website, the length of time that users use the Website, which pages they visit, which products they order, and what other actions they take while using the Website. This information is collected by the Website and is provided in an anonymized form to the Company's data analytics provider, which is Google Analytics (the “Data Analytics Provider”). This information is used by the Company to track the engagement, general geographic origin, and headcount of its users. This information is combined together to provide general demographic information on the Website's users. This information is not and cannot be used to identify you specifically.
The Data Analytics Provider is a third-party processor for purposes of the GDPR.
What does the Company do with payment information?
The Company’s Third-Party Platforms may include payment processing tools or merchant services providers (all such payment platforms, without limiting the generality of the foregoing, “Merchants"). The use of any Merchant is subject to the terms of service and privacy policies of that Merchant. The Company does not collect or store payment information except for the express and limited purpose of verifying submitted payment information to enable checkout. The Company does not store your credit card information or other information, including any of your native login credentials to a Merchant.
Any payment information that is transmitted to us through the Website is transmitted via a token system. Payment information is reduced to a pseudonymous token, transmitted to the Merchant, who confirms to us whether or not payment is successful. The Company collects and processes information related to the success or failure of payments for the purpose of effectuating fulfillment of any order or purchase, and where applicable, will also collect and process information related to your shipping or billing address for the express and limited purpose of verifying successful payment and effectuating fulfillment of any order or purchase (such information shall be deemed Content hereunder). The Company cannot remind you of lost or forgotten payment information because the Company does not know it.
How is your information shared?
If we elect to provide promotional content or advertising, we may share information about the kinds of Content that you post and use, information related to your general geographic location as we infer it from your IP address, and other information that you supply to the Website to ensure that promotional content or advertisements are relevant to your interests.
We do not share your information with third-parties except to the express and limited extent that your use of a Third-Party Platform, via an API or otherwise, may necessitate the sharing of certain of your information (such as your IP address) via the Third-Party Platform’s API. We will also respond to a valid subpoena or other valid governmental requests for information. If we receive a valid subpoena or other valid governmental request for information about you, we may not disclose this request to you.
If we elect to provide for integration with other third-party apps or other services with the Website, we may share your Content or other information with those third-party apps or other services depending on their own terms and conditions. We will not share your information with any third-party apps or other services without first informing you.
If we have a good-faith belief that a user has posted Content or otherwise used the ParOne Platform in a way that makes us believe that a user has engaged, or is about to engage, in criminal activity or other serious wrongdoing, we may share that information with the relevant authorities. If we do so, we may not inform you when we share that information.
NOTICE TO RESIDENTS OF THE EUROPEAN UNION AND THE UNITED KINGDOM
Nothing in this notice should be construed as amending, modifying, replacing, or otherwise affecting the terms and conditions of any transactions between you and the Company, except that to the extent any such terms and conditions are inconsistent with the General Data Protection Regulations of the European Union and the equivalent rules of the United Kingdom and any other applicable jurisdiction (altogether, the “GDPR”) those terms and conditions are VOID.
Instructions For Exercising Your Right To Instruct Us To Forget Your Information
The GDPR provides a generalized “right to be forgotten,” meaning that you have the right to instruct us to delete any and all information that the Company, the Website, or any of the third parties collects about you. Please contact us by email at GPDR@ParOne.com, by phone at in order to instruct us to forget any or all of the information that the Company, the Website, or any of the third parties collects about you. You may delete your profile entirely in the settings. This withdraws your consent from our policies. Per the GDPR, we may take up to 24 hours to process any withdrawn consent. You may download a copy of the personal data you have provided through the controller in the settings. Any further subject access requests must be directed via email to GPDR@ParOne.com.
The Model GDPR Clauses Apply to this Policy.
To process personal data, we and our sub-processors will only use personnel who are bound to observe data secrecy under the Data Protection Law. We will use the appropriate technical and organizational measures to meet this objective.
At signup, each user will be prompted to consent to this policy, which has been customized by each client in the Admin Settings. We record the date/time when the consent was given, and for
TOS/Privacy consent we restrict any access unless consent was given. The option to withdraw consent is entailed in the option to delete the user profile.
YOUR CALIFORNIA PRIVACY RIGHTS