GDPR Notice

Last Updated: March 10, 2023

1. Additional Rights

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), you may have additional rights with respect to your personal data under the EU General Data Protection Regulation (“EU GDPR”), and the EU GDPR as saved into United Kingdom law by the United Kingdom's European Union (Withdrawal) Act 2018 (“UK GDPR” and together with the EU GDPR, the “GDPR”), as set forth in this GDPR Notice (the “GDPR Notice”). This GPDR Notice applies to your personal data (as defined in the GDPR) included in the Employment Data and/or Your Data.

Argyle Systems Inc. is the controller of your personal data for the purposes of the GDPR.

2. Lawful Basis(es) for Processing Your Personal Data

We will only process (as defined in the GDPR) your personal data if we have a lawful basis for doing so. Under the GDPR, the lawful bases we rely on for processing this information are:

a. Your Consent: In some cases, we process personal data based on the consent you expressly grant to us at the time we collect such data. When we process personal data based on your consent, it will be expressly indicated to you at the point and time of collection. You can remove your consent at any time by contacting us via email at [email protected] with the subject line “GDPR Request.”

b. We Have a Contractual Obligation: We may process your personal data as a matter of “contractual necessity,” meaning that we need to process the data to provide the Services under our End User Terms. When we process data due to contractual necessity, failure to provide such personal data will result in your inability to use some or all portions of the Services that require such data.

c. We Have a Legitimate Interest:  We process your personal data when we believe it furthers the legitimate interests of us or third parties. Our legitimate interests are:

(i) Information Security;

(ii) Operation and Improvement of our Services;

(iii) Audience Measurement and Marketing;

(iv) Direct Marketing, where we otherwise are not required to seek consent;

(v) General Business Development and Management; and

(vi) Protection or Enforcement of Right.

d. We Have a Legal Obligation: We may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

3. Your Data Protection Rights

You have certain rights with respect to your personal data, including those set forth below. For more information about these rights, or to submit a request, please email us at [email protected] with the subject line “GDPR Request.” You are not required to pay any charge for exercising your rights.

Where we are acting as a data controller of your personal data, there may be circumstances where we are not able to fully comply with your request, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.

a. Right of access: You can request more information about the personal data we hold about you and request a copy of such personal data.

b. Right to rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.

c. Right to erasure: You can request that we erase some or all of your personal data from our systems.

d. Right to restriction of processing: You have the right to ask us to restrict the processing of your personal data.

e. Right to object to processing: You have the right to object to the processing of your personal data in certain circumstances.

f. Right to data portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.

g. Right to withdraw consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time.

h. Objecting to Legitimate Interest/Direct Marketing: You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to [email protected] with the subject line “GDPR Request.” In such case, your personal data will no longer be used for that purpose.

Where we are acting as a data controller for your personal data, we will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Please note that all of these rights are subject to applicable exemptions and restrictions, and are not absolute rights.

4. How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us at [email protected] with the subject line “GDPR Request.”

You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority of the European state where you work or live or where any alleged infringement of data protection laws occurred. A list of most of the supervisory authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm, and the UK authority details can be found at https://ico.org.uk/make-a-complaint/.

5. Transfers of personal data

We are based in the United States. As such you transfer your personal data directly to us in the United States.  We may transfer your personal data outside the EEA and/or the UK. The United States and recipient countries may not provide the same protections as the data protection laws where you are based. We will ensure that relevant safeguards are in place to afford adequate protection for your personal data, including through the use of the EU Commission-approved or UK Secretary of State-approved (as applicable) standard contractual clauses. For more information about how we transfer personal data internationally, please contact us at [email protected].

5. Data Protection Representatives

We have appointed VeraSafe Ireland Ltd., at Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland, as our EU data representative, and VeraSafe United Kingdom Ltd. at 37 Albert Embankment, London SE1 7TL, United Kingdom, as our UK data representative. You can contact our EU and UK representatives at https://verasafe.com/public-resources/contact-data-protection-representative.