At PCI, we value everyone’s policy.
- “Privacy Laws” refers to the applicable legislation, statutory instruments, and any other enforceable laws, codes, regulations, or guidelines regulating the collection, transfer, processing, use, and disclosure of, and/or rights to Users’ Personal Data based on their governing jurisdiction, including, in particular: (i) the California Consumer Privacy Act and its implementing regulations, as amended from time to time (the “CCPA”).
Collection and Use of Personal Data
PCI uses information about Users, including Personal Data, for a variety of purposes, including:
- To enable you to use our Sites or Services;
- To monitor usage and analyze statistical information related to our Sites or Services;
- To supply information regarding your Services upon your request;
- To respond to your comments, questions, and requests;
- To carry out our obligations and enforce rights arising from our contractual relationship with you;
- To improve and maintain the security, performance, and operational efficiency of our Sites or Services;
- To provide customer support;
- To send communications regarding Services or information related thereto; and/or
- For any other purpose with your consent.
When you visit the Sites, including if you have visited the Sites in the past twelve (12) months, PCI has collected Personal Data as listed in the Personal Data Categories Chart below. The categories of Personal Data collected by customers through the use of the Services varies based on the specific Services provided, the engagement and scope of Services requested, and/or any configurations or customizations undertaken on your behalf in accordance with the terms of your Services Agreement.
- Data Integrity: You are responsible for the accuracy of the information you provide to PCI. PCI will use reasonable efforts to maintain the accuracy and integrity of such information and update it, as appropriate. PCI will not maintain data any longer than necessary for the purposes stated without your consent unless legally required.
- End-User Personal Data: As part of using the Services, you may enable access to your end-users (as governed by the terms of your Services Agreement). PCI collects Personal Data on behalf of our customers in order to provide the Services and has no direct relationship with your end-users whose Personal Data may be processed in connection with the provision of those Services. You are solely responsible for establishing policies for and ensuring compliance with applicable Privacy Laws relating to the collection of Personal Data from your end-users.
- Automated Collection: PCI collects log files, domain names, and IP addresses of Users for statistical purposes, to measure use, to improve the content or responsiveness of the Sites, or to customize the content or layout of the Site for individual Users. PCI may also aggregate this information to identify traffic patterns for the Sites. This data helps PCI understand how Users consume information on the Site and interact with the Services with the ultimate goal of building an experience that improves PCI’s processes and priorities in accordance with User needs. Access to this data is restricted to those who administer PCI’s network and Sites. PCI may use and disclose this data to third parties only in connection with monitoring our networks for security purposes, in response to legal process or law enforcement inquiries, to control any abuses of the Sites, or to address identified violations of any contractual provision entered into between you and PCI.
In addition, most web browsers contain cookies, but also provide controls that allow you to block or delete them. You have the ability to accept or decline cookies from the Sites at any time by modifying the settings in your web browser. Certain Site and Service features require cookies to function. Please be aware that if you choose to block cookies, you may not be able to access or use those features and preferences that are dependent on cookies.
Purposes of Personal Data Processing
PCI’s legal basis for collecting and using Personal Data will depend on the Personal Data concerned and the specific context in which PCI collects it.
However, PCI will normally collect Personal Data with your consent, to perform a contract (for example, when providing Services), or where the processing is in PCI’s legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, PCI may also have a legal obligation to process Personal Data or may need to do so in order to exercise, establish, or defend legal claims.
If PCI asks you to provide Personal Data to comply with a legal requirement or to perform a contract, PCI will make this clear at the relevant time and advise whether the provision of Personal Data is mandatory or not (as well as the possible consequences, if any, if you do not provide that Personal Data).
Confidentially and Security of Personal Data
Security is one of PCI’s highest priorities. PCI takes commercially reasonable and appropriate steps to protect Personal Data transmitted from you to the Sites and in connection with the Services and to protect such data from loss, misuse, or unauthorized access, disclosure, alteration, or destruction. You should keep in mind that no internet transmission is ever 100% secure or error-free. In particular, email may not be secure and therefore special care should be taken when deciding what information is sent to PCI via email. Where you use passwords, ID numbers, or other special access features, it is your responsibility to safeguard them.
We make commercially reasonable efforts to reduce the risk of data breaches and have dedicated controls and procedures in place for such situations, along with the procedures to make notifications to the relevant supervisory authorities and data subjects (where applicable).
Disclosure / Onward Transfers of Personal Data
Any Personal Data provided to PCI will be used for PCI’s business purposes only and only disclosed on a need-to-know basis or as required by law. When PCI provides Personal Data to third parties used to deliver or support specific Services to you, our agreements with these third parties do not permit them to use Personal Data outside the scope of fulfilling those Services nor allow them to further disclose your Personal Data. You should consult your Services Agreement for information regarding disclosures and transfers relevant to the Services.
PCI’s business partners are independent third parties that are otherwise not affiliated with PCI. Any relationship you elect to enter into with a partner for additional products and services is directly between you and that third party.
User Rights to Personal Data
The CCPA permits California consumers (as defined under Cal. Code Regs. tit. 18, § 17014) to request certain information regarding PCI’s disclosures of Personal Data and compliance with the CCPA. Depending on the circumstances of your relationship with PCI, the disclosure may extend over the previous twelve (12) months. It is important to note that PCI is required under the CCPA to verify your identity in order to respond. PCI will respond to verifiable requests within a reasonable period of time after receipt.
- Marketing Based on applicable Privacy Laws, PCI may separately ask you to opt-in to receive promotional and/or marketing communications. At any time, you can manage your communication preferences by unsubscribing from receiving such communications by utilizing the “unsubscribe” or opt-out feature within the communication. Requests to unsubscribe from PCI communications may also be made by contacting PCI via [email protected].
- Selling of Personal Data PCI’s disclosures of Personal Data to its affiliates, third-party service providers, partners, or subprocessors do not qualify as “sales” within the scope and meaning of the CCPA as the disclosures are necessary to perform the business purpose under your Services Agreement or facilitate business communications and/or transactions between the parties. As defined under Chapter 603A of Nevada Revised Statute, as amended, PCI does not exchange “covered information” (as defined under the Nevada Statute) for monetary consideration to any person or entity for the purpose of licensing or selling the covered information.
- Personal Data Collection Based on Consent. If PCI collects and processes Personal Data with your consent, you can withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of any processing PCI conducted prior to your withdrawal, nor will it affect processing of Personal Data conducted in reliance on lawful processing grounds other than your consent.
Personal Data Categories Chart
This chart is for informational purposes only. PCI customers should consult their Services Agreement or contact their Customer Care Representative for information on the scope of Personal Data pertinent to their Services.
Name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers.
B. Personal information per the California Customer Records statute (Cal. Civ. Code § 1798.80(e)
Name, signature, address, or telephone number.
C. Commercial information
Records of products or services purchased, obtained, or considered
D. Internet or other similar network activity
Browsing history, search history, or information on User interactions with the Sites or Services.