Privacy Policy - Protecting Your Personal Data
1. INTRODUCTION TO THIS PRIVACY STATEMENT
Protection of your Personal Data is important to Tokenize Inc. and its affiliated entities worldwide. Token respects individual privacy and the protection of Personal Data and values the confidence of our customers, job applicants, employees, suppliers, contractors, business partners, and the public (all “Data Subjects”). That is why we strive to collect, use and disclose Personal Data in a manner consistent with the laws of the countries in which we do business. In particular, we seek to protect the data of Data Subjects, among others, against loss, leaks, errors, unauthorized access or unlawful processing.
This Corporate Privacy Statement (“Statement”) applies where Token acts as a “controller’, i.e., determines the purposes and means of our processing for our own internal business purposes of Personal Data that we obtain through our Sites or Other Interactions, as defined below. This Statement describes the data privacy and protection practices of Token as a controller in the collection, processing, use, storage, transfer, and disclosure of Personal Data. This Statement applies to the extent applicable and not prohibited under the Applicable Data Protection Laws in your jurisdiction. Token conducts, or may in the future conduct, business globally and may reference regulations in this Statement that may not be applicable to your particular use or jurisdiction.
Please read this Statement and the Terms of Use before you continue browsing the Sites or participating in Other Interactions with Token. If you disagree with Token’s privacy practices, please do not access or use the Sites or participate in Other Interactions with us and do not transfer Personal Data to Token. By accessing or otherwise using the Sites or participating in Other Interactions with us, you indicate that you have read this Statement and consent to its terms, unless such form of consent is prohibited in under the Applicable Data Protection Laws in your jurisdiction.
You are not obliged to disclose your Personal Data, but you understand that if you do not consent to its collection and processing by us, we will not be able to provide you with certain materials available on the Sites and our other websites or certain services, support or other assistance. You also understand are responsible for all Personal Data you provide to us and that we rely on its accuracy. If your Personal Data that you have provided to us is no longer up to date, please inform us immediately.
This Statement was last updated on the date set forth below. We may update this Statement from time to time to reflect changes to Token’s processing of Personal Data. We encourage you to review this Statement on a regular basis and whenever you elect to provide personal information to Token by visiting our website. You will be notified of material revisions to this Statement electronically or by other means that Token deems reasonably sufficient to reach your attention, such as a prominent post on the Sites or the Privacy Center.
2. KEY TERMS USED IN THIS PRIVACY STATEMENT
"Applicable Data Protection Laws” means Data Protection Laws that apply in a particular jurisdiction and/or to a particular type of data or use of data.
"Chatbot” means the chatbot application which simulates and processes human conversations with us found on the Token website for jurisdictions where the Chatbot is activated.
"Cookie Technologies” means passive data collection techniques such as web beacons, tags, various types of cookies and other similar tools, as further described in our Cookie Statement.
“Data Protection Laws” means 1) the U.S. Data Protection Laws, 2) the GDPR and the laws of non-EU EEA countries that have formally adopted the GDPR, 3) Brazil’s Lei General de Proteção de Dados Pessoais or 4) any other data protection laws applicable to Token’s processing of Personal Data.
“Data Subjects” mean Token’s customers, job applicants, employees, suppliers, contractors, business partners, and the general public.
“EEA” means the European Economic Area.
“EU” means the European Union.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation).
“Token” “we”, “us”, or “our” means Token Inc. and its affiliated entities worldwide.
“Other Interactions” means various online and offline instances where Personal Data is obtained by Token, other than through the Sites.
“Personal Data” means personal information and personally identifiable information, as such information may be defined under Applicable Data Protection Laws.
“Portals” means online community forums, chatrooms or portals owned or controlled by Token, such as the developer portal, customer portal, partner portal, online training services and similar Sites.
“Privacy Center” means the Token website portion that contains this policy and related materials or an equivalent successor Token website.
“Sites” means websites owned or controlled by Token (including Portals) that that link to or reference this Statement and where Personal Data is obtained by Token.
“Statement” means this Corporate Privacy Statement.
“Terms of Use” means Token’s website Terms of Use available at https://www.TokenRing.com.
"U.S. Data Protection Laws" means all laws and regulations of the United States of America, including the California Consumer Privacy Act (CCPA), applicable to the processing of Personal Data.
Information Security
Token recognizes the importance of identifying and protecting the information assets of the organization, avoiding destruction, improper disclosure, improper modification or unauthorized use of any information relating to our customers, job applicants, employees, pricing, strategy, management, or other related concepts. We are therefore committed to developing, implementing, maintaining and continuously improving our information security management system in order to help ensure the confidentiality, availability and integrity of Personal Data and information in general. You can find more information about our information security program in our Privacy Center.
Error or Vulnerability Reports
Despite the care we take to secure our systems, errors or vulnerabilities may happen. If you believe you have identified an error or a vulnerability, please let us know so we can address it. You can report errors and vulnerabilities to our security department: security@Token.com
Cookies
Cookie Technologies and controls are described in our Cookie Statement.
3. WHAT’S IN SCOPE FOR THIS STATEMENT
This Statement applies to Personal Data processed by Token as a controller for our own internal business processes when you interact with Token online, onsite or offsite, via the Sites, by downloading a whitepaper, subscribing to a newsletter, white paper or other marketing material, attending a webinar or tradeshow event, visiting our branded social media pages and other direct marketing interactions. Token may collect Personal Data directly from yourself, via public sources or social media or from third parties. Our Sites may contain links to other websites and services which are outside Token control and are not covered by this Statement. We recommend that you review the privacy statements of these other parties.
Personal Data processed in connection with a customer’s use of Token products and services are subject to the Product Privacy Statement available at the Privacy Center.
4. FROM WHOM DOES TOKEN PROCESS PERSONAL DATA AS A CONTROLLER?
Token may collect Personal Data from the following Data Subjects:
Customers
Within the framework of our services and activities, we collect and process the professional identification and contact data of prospective/potential customers as well as our customers and clients, their staff, employees, appointees and other useful contacts.
The purposes of these processing operations are the execution of the agreements with our customers, customer management, contract and account management, executing the accounting, prospecting and direct marketing activities such as sending surveys, promotional or commercial information. The legal grounds are the execution of the agreement, the fulfilment of legal and regulatory obligations and/or our legitimate interest. The legal basis for prospecting and direct marketing is consent in jurisdictions where this is mandatory or, if permitted by the relevant Applicable Data Protection Laws, our legitimate interest in expanding our market share, increasing our customer base and publicizing our range of services. For marketing purposes, Token identifies individuals by select criteria as having roles relevant to receive certain information regarding services and products and does not harvest email addresses using computer programs or by scraping websites for this information. Only relevant professional information is used, such as the name, title, address and telephone number of an individual that appears in a professional or business directory, listing or notice. Token ensures that any such collection or use of Personal Data is done solely for a purpose that directly relates to the individual’s professional activities, including their business, role and/or profession.
Suppliers, contractors and business partners
We collect and process the identity and contact details of our suppliers, outsourcing partners, service providers, advisors, brokers, agents, consultants, contractors and subcontractors, as well as of certain of their staff, employees, appointees and other useful contact persons. The purposes of these processing operations are the execution of the agreement with these parties and the fulfillment of legal and regulatory obligations such as the management of the contractual relationship, administration, assessments/audits, and financial and accounting matters. The legal grounds are the execution of the agreement, execution of payments, the fulfilment of legal and regulatory obligations and/or our legitimate interest (such as for direct marketing).
Personnel
We process the Personal Data of our employees as part of our personnel management and payroll administration. In view of its specific nature, this processing is regulated more comprehensively in an internal policy.
Candidates who apply for a job at Token
For our recruitment activities, Token may ask you for certain information, including identification and contact details, information about your education and employment, contact details and preferences, professional qualifications and jobs for which you wish to apply. You may also choose to provide Token with additional information, such as your CV or diploma, employment references and related information, and compensation requests. In addition, Token may collect information from third parties, based on your consent or on the basis of the consent you gave to such third parties such as temporary work agencies or recruitment agencies, for example in connection with a background check and/or an employment reference. Given its specific nature, this processing is regulated in more detail in our internal HR policy.
Other Persons
In addition to the Personal Data of customers, suppliers, contractors, business partners, job applicants and employees, we also process Personal Data of others, such as possible useful contacts within our sector, network contacts, contacts with government agencies, regulators, expert contacts, etc. The purposes of these processing operations are in the legitimate interest of our business, the execution of a contract or on the basis of a legal obligation. In addition, we also process Personal Data to comply with certain legal obligations. Finally, we may also process Personal Data when a person has given an unambiguous consent.
5. WHAT PERSONAL DATA DOES TOKEN PROCESS AS A CONTROLLER?
Depending on your activities and your relationship with Token, you may provide us with certain Personal Data. When you use the Sites or participate in Other Interactions with Token, Token will process certain information including Personal Data in connection with your use of the Sites or Other Interactions. Some information you provide directly to us, some we obtain by observing you interact with the Sites and some we obtain from public sources or from third parties. Personal Data processed by Token will vary based on the Sites you interact with, the nature of your Other Interactions with us, the Personal Data you may elect to provide and what Personal Data is collected passively as you interact with the Sites.
Token and our sub-processors may process Personal Data actively and passively. Active data processing is done for data that we request directly from a Data Subject. The Data Subject needs to actively provide this Personal Data. Passive data processing is done for data that is collected without asking the Data Subject for it. By way of example, this occurs when cookies on the Sites collect information about visitors to the Sites without the Data Subject activity inserting or otherwise providing data to the applicable Site. It may also refer to the passive processing of Personal Data without processing it in any other way other than receiving it, storing it or passing it on, without performing any analysis, modification or operation on it.
The Personal Data we process as a controller may include the following:
Persons that contact or that have interactions with Token through e-mail, telephone, at online webinars or other events, or in person (at events, trade fairs and other offline interactions):
- Your name, professional information, such as business title and/or occupation, salutation, contact details such as telephone, mobile, or fax, email and/or postal address, username, password, photograph and/or biographical information, social media profile, and/or areas of expertise when you: (i) communicate in person, electronically, by telephone, or in writing with any Token employee or representative; (ii) apply or register for or attend any training, certification program, or event, webinar, or contest involving a Token product, service, or promotional activity; (iii) subscribe to the Token newsletter or download Site content; (iv) register for an online community that we host
- Your consent to Token’s processing of your Personal Data for the agreed purposes, if applicable
- Your consent to marketing permissions on the use of cookies and other data collection techniques
Persons that use the Sites (including Portals):
- Information about your device and your usage of the Sites
- Your registration information for, and information on your usage of, Portals that we host, such as the Token customer portal for account management, the community portal, developer portal, partner portal, support portal or similar communities.
- Unique IDs such as a cookie ID on your browser or geolocation data as well as information about your device, usage, mobile applications, websites or emails through Cookie Technologies, which may qualify as Personal Data
- Certain information from the browser you use, such as your IP address, device identifier, location data, browser type and language, access times, the Uniform Resource Locator (URL) of the website that referred you to our website and the URL to which you browse away from our site if you click on a link on our site
- Token and third-party service providers of security monitoring, analytics and tracking technologies may gather Personal Data and other information using passive data collection techniques such as Cookie Technologies that provide Token with Site activity data reflecting how you enter, navigate, and leave the Site pages you visit, the frequency of your visit and length of stay on any part of the Sites
- Certain Personal Data arising from security monitoring or SSL decryption of corporate firewalls, such as first name, last name/surname, email address, phone number, date of birth or any data submitted to the website.
Prospective customers or customers participating in demonstrations or trials
- Biometric data or other Personal Data that you elect to submit to use for a product demonstration, testing, proof of concept or other agreed purposes may be processed. We refer to our Global Biometric Privacy Notice for this.
Representatives of our customers
- First name, last name
- Professional contact information (such as employer, job title, email address and telephone number)
- Employment information: employer, function title, address
- Involvement in incidents, complaints and problems in the execution of the contract or payments, as well as the content thereof
- All other information you share in your interaction with us for a certain business purpose.
Representatives of suppliers, contractors and business partners
- First name, last name, professional contact information (such as employer, job title, email address and telephone number)
- For suppliers, contractors and business partners that are individuals: bank account number, bank name, account holder name, transactions/bank transfer, billing.
- All other information you share in your interaction with us for the execution of the contract between us and for fulfillment of financial, accounting and legal obligations.
Token personnel
- All information required and permitted under applicable law to carry out the employment relationship and our legal obligations towards employees, payment of salaries/employee benefits and related administration and financial matters.
Persons who apply for a job at Token or inquire about career opportunities
- First name, last name, professional contact information (such as employer, job title, email address and telephone number)
- Education and employment
- Job preferences
- Professional qualifications
- Jobs you wish to apply for
- Résumé or curriculum vitae
- Diploma
- Employment references and related information
- Compensation expectations or requests
- If required for the function: result of background checks and screening
- All other information you share in your interaction with us during the application process and interviews for the job
- Your areas of interest or message topic
- Your language preferences
Other persons
- First name, last name, professional contact information such as employer, job title, email address and telephone number
- All other information you share in your interaction with us for the execution of the contract between us (if any) and for fulfillment of legal, financial, regulatory or other obligations.
6. PARTICIPATION IN PORTALS
When you participate in Token Portals, such as a partner portal, which allow users to post messages for public comment, respond to comments or otherwise use the functionality of the portal to post information or interact with others, you are solely responsibility for the Personal Data and content that you publish, and you acknowledge that any Personal Data you volunteer will be accessible to and may be collected and used by the community of users in Token forums or portals, depending on your account settings. Token has no control over Personal Data and content that users share and publish in Portals. In some cases, such content may be publicly available on the Internet. When you publish in a Portal any Personal Data or content, you warrant and represent that you have the right to cause its publication, and you grant Token a perpetual, royalty-free, worldwide license to use, transmit, display, copy, distribute, and exploit such content. Token reserves the right to remove, in whole or in part, published content deemed offensive or inappropriate, and to disallow continued participation in Portals of the user responsible for such content.
7. CHATBOT
This section 7 describes the data privacy and protection practices of Token as a controller in the collection, processing, use, storage, transfer, and disclosure of Personal Data when you’re using the Chatbot.
The essential purpose of the Chatbot is to provide information in in response to a general question or request for help and assistance or to answer individual questions from website users. When you use the Chatbot, you may elect to identify yourself and submit Personal Data such as your name, address, and telephone number to the Chatbot.
Once you submit Personal Data to the Chatbot, we will collect and process the questions and data you submit (this may be information on your identity or contact details, questions you ask, comments you leave or input you give in the Chatbot), your IP address and any other Personal Data that you elect to submit to the chatbot. The purpose of this processing is the provision of information, help and assistance as described above. The legal ground for the processing is our legitimate interest to offer a modern, efficient and easily accessible means of communication.
In addition to your Personal Data, we may also process Personal Data of other persons, if you submit such information to the Chatbot. We strongly discourage Chatbot users from submitting Personal Data of any other persons and Token may delete such data if it is transferred to us. The Chatbot is not designed nor intended for input or submission of sensitive categories of Personal Data. You should not submit or input any sensitive Personal Data into the Chatbot.
The Chatbot may also collect other information through your interaction with it which does not reveal your specific identity or does not directly relate to an individual. Such other information may include, but is not limited to, browser and device information, data collected through automated electronic interactions, application usage data, demographic information, geographic or geo-location information, statistical and aggregated information. Statistical or aggregated information does not directly identify a specific person, but it may be derived from Personal Data.
The Personal Data you submit in the Chatbot is processed in different ways and for various purposes and only for the intended purposes. The purposes for which we process data may vary depending on the person from whom and about whom we process Personal Data.
Token uses the data collected via the chatbot for the following purposes:
-
-
- Communications. To deliver communications to you via the chatbot.
- Information. To deliver information regarding standard topics and answers to standard questions to you.
- Help and assistance. To respond to your requests for help or assistance with our products.
- Enrichment of our marketing management system. To share the with our marketing management system. This may be insertion of new information or updating of your existing information in the account of the company you represent.
- Further processing
Subject to applicable law, the inserted information may be further used for the following purposes:- Prospecting
- Processing of Chatbot user’s data to send marketing communications or to be contacted commercially.
- Contact may be made in a variety of ways including post, facsimile, telephone, SMS, or chat or email.
- Business analytics
- The chatbot personal data may be used for analysis, reporting, statistics and forecasts, internal reports and management where your personal data from Chatbot use is anonymous.
- Deletion and destruction of Personal Data after the retention period applicable to the specific processing.
- Development of our marketing activities
- Prospecting
-
We confirm that the processing of Personal Data via the Chatbot does not include profiling and that you are not subject to fully automated decisions.
For the Chatbot functionality, we use the services of a third party which stores and processed the Personal Data you submit to the Chatbot in the United States of America.
We will retain your Personal Data obtained from the Chatbot as long as it is necessary for the legitimate purpose for which it was obtained. In particular, we retain Personal Data for as long as the company you represent is an interested prospect (potential customer) or existing customer.
8. HOW DOES TOKEN COLLECT PERSONAL DATA?
We collect personal data in variety of ways directly from you, including:
-
-
- When you communicate your personal data verbally or in writing to us;
- When you visit the Sites;
- When you create an account in a Token Portal and use the functions or service provided through the Portal, directly or indirectly;
- When you participate in webinars, events, commercial promotions or marketing campaigns;
- When you participate in market research, surveys or other evaluation actions we launch;
- When you contact us via a webform;
- When you contact us via e-mail, chat(bot), social media or telephone; or
- When you participate in a demonstration, trial or specific project.
-
We collect Personal Data both when you give it to us verbally, when you send us documents and when you do it digitally, as well as when we look for it through public channels and professional social media (such as Linkedin). In addition, we process your Personal Data to enable you to use the interactive applications and services on our Sites.
We may also collect Personal Data from third parties and partners who can demonstrate that you gave them your consent to transfer your Personal Data to us.
When you contact Token by telephone, this telephone call may be recorded. We record these telephone calls for educational, quality and security reasons. Only a limited number of employees in the customer service department have access to the recordings. Telephone recordings are automatically deleted after 30 days.
Token may also collect other information which does not reveal your specific identity or does not directly relate to you as an individual, either through your interaction with us and/or with non-Token websites. Other information may include, but is not limited to, browser and device information, data collected through automated electronic interactions, application usage data, demographic information, geographic or geo-location information, statistical and aggregated information. Statistical or aggregated information does not directly identify a specific person, but it may be derived from personal data.
9. HOW DOES TOKEN USE THE PERSONAL DATA WE COLLECT?
- Business operations and service delivery.
Website users and visitors
-
-
- To allow access to downloadable materials and third-party resources
- To allow access and use of the Sites, including the Portals. With regard to demonstration experiences available via a Portal, refer to the Product Privacy Statement for information regarding Personal Data which may be shared with third parties in connection with performing a product demonstration.
- To verify user compliance with the Token Terms of Use
- To monitor your use of the Site and any apps and tools in our systems
- To enhance security and to protect Token from fraud or other inappropriate conduct.
- To provide other functions or serve other purposes, as disclosed to you at the point of collection or such other time or as required or permitted by law.
- For SSL decryption of corporate firewalls to visualize and analyze, for monitoring purposes only, the encrypted traffic and screen for malicious data (viruses, spyware and malware) in order to prevent its download.
-
Customers
We use Personal Data to provide and improve our services and perform essential business operations for our customers. This is based on Token’s obligation to execute a contract it has with a customer.
-
-
- To provide Token products, services, updating/patching, maintenance, support, troubleshooting, reporting, logging, technical support, and to resolve Site user problems as per the Product Privacy Statement
- To perform data analysis for product, service, and/or data protection or information security enhancement
- To develop aggregate analysis and business intelligence that enable Token to operate, protect, make informed decisions, and report on the performance of our business and identify the services our customers want.
- To improve the user experience for our services by analyzing user behavior and potential problems a user may encounter.
- To test, improve, and develop products and services.
- Service development and quality improvement and coaching and training of our personnel. Calls to our customer support department may be recorded and used for this purpose. We may evaluate your satisfaction and/or identify your wishes as a customer by asking you about your experience. We may evaluate the market and perform market research or trend analysis by involving our customers. You can participate in these efforts voluntarily. Where possible, we pseudonymize and aggregate Personal Data and will evaluate our projects in advance based on principles of privacy by design. The Data Protection Officer advises on and supervises these usages of Personal Data.
- To detect and prevent internal or external fraud and criminal activities.
- To conduct aggregate analysis and business intelligence, which enables us to make informed business decisions (including profiling based on anonymized Personal Data which does not involve automatic decision making by our software applications for business analytics and reporting) and report on the performance of our business and our services.
-
Suppliers, contractors and business partners
We use Personal Data to receive supplies, services or works from suppliers, outsourcing partners, partners, resellers, service providers and subcontractors and to manage those parties as they execute their contract with us.
- Contractual obligations.
Customers
When you enter into a contract with Token, Token will use your personal identification data and transactional data in order to:
-
-
- Provide you with the Token services you contracted for;
- Provide customer support, such as replying to your requests or inquiries, offering assistance, or handling a complaint;
- Inform you and send you messages related to your contract with us and our services;
- Send you analysis or reports as agreed in your contract; and
- Perform internal analytics and transaction reporting
-
Suppliers, contractors and business partners
We use Personal Data to execute our contracts with suppliers, outsourcing partners, resellers, partners, service providers and subcontractors (including conducting communications, providing instructions, handling complaints, and attending to invoicing, payment and other matters).
Employees
We use Personal Data to carry out our responsibilities and obligations as an employer, including payment of salaries and benefits and management of personnel.
- Communications.
Customers
Token collects Personal Data (1) to respond to requests or to perform a required activity; (2) to communicate news and updates on Token products and services; (3) to enhance Token’s business programs and the relevance of Token’s marketing activities, product and service offerings; (4) to perform a contract; or (5) if you attend an event, we may, with your further consent, scan your attendee badge, which will provide to us your information, such as name, title, company name, address, country, phone number and email address.
Based on your consent or, in the absence of explicit consent, our legitimate interest to grow our customer base and market share, we use data we collect to deliver and personalize our communications with you via e-mail, SMS or social media. With regard to direct marketing, Token might send you information about its services via personalized marketing messages (such as information or special offers) or generalized publicity and information. You can withdraw your consent to process your Personal Data for commercial communications by contacting our Data Protection Officer via privacy@Token.com. When you revoke your consent, we will remove you from the mailing list as quickly as possible and within the deadlines specified by Applicable Data Protection Laws. You may still receive the communications that were already scheduled before your request to unsubscribe. Any processing performed prior to your withdrawal remains a legitimate processing based on a valid consent at the time. Token will not be under the obligation to reverse the processing.
We use your Personal Data to facilitate the delivery of Token information, such as:
-
-
- to communicate with you and other users of the Sites, send Token notifications and communication to users on current and new products or services and related news updates, programs or events
- to respond to inquiries, send administrative Personal Data and service notifications
- to allow participation in a survey, community discussion, blogs, chat forums, or message boards
- to tailor content and improve Site quality and user experience and notify users of changes or updates to the Sites
- to tailor marketing to users’ and subscribers’ needs
- to remarket and advertise to previous Site users
- to customize, measure, and enhance effectivity of promotional events and communications to customers
- to track marketing campaign results and responses
- link or combine information about you with other personal information we get from third parties, to provide the Sites, perform under our contract with you and provide our customers with better and more personalized products
- to communicate news and updates on Token products, industry events, promotions, upcoming events, and news about products we offer or may be of interest to you, including promotional offers and surveys. You may opt-out of receiving emails regarding Token events and various products by emailing privacy@tokenring.com, however, you will continue to receive notices regarding Token products you’ve purchased, and other communication related to your account
-
Token may also disclose and transfer Personal Data to a third party in relation to any merger and acquisition or other similar activities.
Suppliers, contractors and business partners
We use Personal Data to communicate with suppliers, outsourcing partners, partners, resellers, service providers and subcontractors regarding the execution of the contract and new requirements for purchasing, tenders or assignments.
- Personnel management and recruitment.
We use Personal Data from our personnel for our personnel management, the execution of the employment contract and compliance with our legal obligations as an employer. For candidates for recruitment, we collect to process online applications for job vacancies and spontaneous job applications, to communicate with you, to manage Token’s recruiting and hiring processes, and for compliance with legal and regulatory requirements. If you are hired, the information may be used in connection with employment and personnel management, including reporting on hiring analytics.
- Comply with legal and compliance obligations
Token may use Personal Data to comply with applicable laws, court orders and regulations, to protect the rights, property or safety of Token, our customers, end users, employees or others and to operate our business.
Customers
Token uses your Personal Data to comply with mandatory requirements imposed by Applicable Data Protection Laws. Token legal obligations are, amongst others (this list is not limitative):
-
-
- To collect, verify and to store the personal identification and store transaction data of all of its counterparties. Token is also obliged to transfer these data to the competent criminal, fiscal or other government authorities requesting counterparty’s information and this without informing the data subject of such official request and the related data transfer
- Financial, accounting and administrative compliance
-
Suppliers, contractors and business partners
-
-
- Financial, accounting and administrative compliance
-
Profiling of customers
We confirm that the processing of Personal Data does not include profiling with the purpose of fully automated decisions.
Token does not sell, rent, or allow your Personal Data to be used by third parties for their own marketing or other purposes.
10. WHAT IS OUR BASIS FOR PROCESSING INFORMATION ABOUT YOU?
Where Applicable Data Protection Laws require a legal basis for the collection of Personal Data, Token will collect and process your Personal Data on one or more of the following bases:
-
-
- when you give your explicit consent, such as when you apply for a job, create a user account, subscribe to a newsletter, access any Token webcast, forum, information or materials from the Site, visit our branded social media pages, or use or access Token services
- for compliance with Token’s legal obligations where other laws require the processing of your Personal Data (for example, health and safety, taxation, anti-money laundering laws, anti-corruption laws) or where we need your Personal Data to protect your vital interests or those of another person
- to communicate adequately with you and to respond to your requests, we need to process information about you and therefore have a legitimate interest in processing this information
- we rely on our legitimate interest to analyze, develop, improve and optimize our Sites, products and services, and to maintain the security of our Sites, networks and systems
- legitimate interests of Token and our service providers, suppliers and subprocessors, which include the provision of the applicable products, provided always that our legitimate interests are not outweighed by harm your rights and interests
- Token collects and processes your Personal Data and those of your representatives to the extent necessary to create the contract or to fulfill Token’s obligations under the contract with you or with the person or entity you represent, as well as for billing, reporting, or other legitimate business purposes
- Compliance with a legal obligation where Token is required by law to process Personal Data for a particular purpose
- Legitimate interest where a customer or a representative of the customer, or in case of marketing actions for which Token has a legitimate interest, Token may process Personal Data obtained directly from you, via public sources or from third parties without your explicit consent if Token has a genuine and legitimate reason, unless outweighed by harm to your rights and interests
-
11. WHY AND HOW WE SHARE PERSONAL DATA FOR BUSINESS PURPOSES
Generally
Your Personal Data are mainly processed internally. However, in order to execute a contract we have with you (or measures preceding the conclusion of the contract) or to fulfil certain legal obligations, they may sometimes need to be communicated to third parties.
For the purpose of processing your Personal Data, we grant access to your Personal Data to our employees, contractors and certain other service providers. We require our employees, contractors and service providers to agree to confidentiality and data privacy obligations designed to safeguard Personal Data. In order to provide adequate protection for the transfer of your Personal Data, where appropriate, Token may share your Personal Data with other companies within the Token group if required for the purposes described in this Statement. This may involve the transfer of your Personal Data to countries outside your home country or region (including outside the EEA if that is your region) which may have a different level of data protection from your home country. We have contractual arrangements in place (such as the European Commission’s Standard Contractual Clauses as appropriate) among our parent company and affiliates and with our suppliers/sub processors in respect of such transfers where applicable.
We only transfer your Personal Data to third parties under GDPR (recipients) if:
-
-
- you have given your explicit consent for one or more specific purposes pursuant to Art. 6(1) Paragraph 1(a) of the GDPR,
- disclosure is necessary for the assertion, exercise or defense of legal claims in accordance with Art. 6(1) para. 1(f) of the GDPR and there is no reason to assume that you have a primary, legitimate interest in the non-disclosure of your Personal Data,
- in case a legal obligation for disclosure exists according to Art. 6(1) Paragraph I(c) of the GDPR and
- it is permitted by law and necessary for the fulfilment of contractual obligations in accordance with Art. 6(1) Paragraph 1 (b) of the GDPR.
-
Certain Personal Data collected by us will also be passed on to and possibly processed by third-party service providers, such as our hosting partners and IT suppliers, external partners assisting us with the support and further development of our IT tools, lawyers, data protection officers, and accountants, as well as by government or auditing authorities. These and other public authorities are entitled to request Personal Data from us to which we are legally obliged to respond in certain cases defined by law. In such cases, your Personal Data may be transmitted to these third parties but only for the purpose of the service in question.
The employees, managers and/or representatives of the above-mentioned service providers or institutions and the specialized service providers appointed by them are obligated to respect the confidential nature of your Personal Data and to use these data only for the purposes for which they were provided.
If necessary, your Personal Data may be passed on to other third parties. This may be the case, for example, if all or part of our business is reorganized, if our activities are transferred or if we are declared bankrupt. It is also possible that Personal Data may need to be transferred in response to a court order or to comply with a specific legal obligation. In this case, we will make reasonable efforts to inform you in advance of such communication to other third parties. However, you will acknowledge and understand that in certain circumstances, this may not be technically or commercially feasible, or that legal restrictions may apply.
Customers
We share your Personal Data in the event we have a legal obligation to do so, for instance to the regulatory or government bodies or agencies, or in case of legal proceedings, a court order or other mandatory legal injunction.
We may also share Personal Data with your consent or as necessary to complete any transaction or provide a service you have requested or authorized.
In addition, we share Personal Data among Token affiliates and entities for our reporting, service delivery, business operations, direct marketing and communications.
We also share Personal Data with suppliers, outsourcing partners, service providers, processors or agents working on our behalf for the purposes described in this statement, including, for example (this list is not limitative):
-
-
- IT services companies
- Providers of cloud and hosting infrastructure and services
- Platform providers
- Marketing companies or market analysts
- Providers of services and tools to assure regulatory compliance
- Connectivity, telecommunication and internet providers
- Companies we have hired to provide customer service assistance
- Companies we have hired to assist in protecting and securing our systems and services
- Third-party service providers (for example, integrated technology partners who provide customer support, data analytics, information technology and related infrastructure provision, managed service providers, auditing, other similar service providers,) for those service providers to perform business functions on behalf of Token
- In individual instances, with professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors and insurers based in countries in which we operate who provide consultancy, banking, legal, insurance and accounting services, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data
- Relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings)
- As required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes, provided if not otherwise prohibited, for third party notices specific to you, we notify you first and cooperate with you in any response to such third parties
-
We may also elect to share anonymous or pseudonymous usage data with Token third parties, sub-processors and service providers for the purpose of helping Token in such analysis and improvements. Additionally, Token may share such anonymous or pseudonymous usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our Sites.
We might also share data with third parties where the data has and has not been deidentified or aggregated in a way so it cannot be used to identify you or your end users. We might share Personal Data for marketing purposes with event organizers, marketing services providers and we may also receive Personal Data from such services providers for the organization of events, marketing actions or email/blast campaigns provided such services providers have a legal basis to transfer such Personal Data to Token.
In such cases, these companies must abide by our data protection and security requirements and are not allowed to use Personal Data they receive from us for any other purpose.
Finally, we will access, transfer, disclose, and preserve Personal Data, including your content, when we believe that doing so is necessary to:
-
-
- comply with applicable law (for instance: financial, accounting and administrative compliance) or respond to valid legal process, including from law enforcement or other government agencies
- protect our customers, for example to prevent spam or attempts to defraud users of our services, or to help prevent the loss of life or serious injury of anyone
- operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks
- protect the rights or property of Token, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Token, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement
-
Some of our services include links to services of third parties whose data protection practices differ from Token. If you provide Personal Data to any of those services, your data is governed by their Data Protection Statements. In the event of a conflict between a Token Data Protection Statement and the terms of any agreement(s) between a party and Token, the terms of those agreement(s) will prevail.
Suppliers, contractors and business partners
We share only professional information if we have a legitimate interest or legal obligation to do so, including the following:
-
-
- comply with applicable law (for instance: financial, accounting and administrative compliance) or respond to valid legal process, including from law enforcement or other government agencies;
- organize and facilitate collaborations between suppliers, outsourcing partners, service providers and subcontractors or between those parties and third parties which are interfacing with or complementary to them; or
- protect the rights or property of Token
-
12. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We may retain your Personal Data for a period consistent with the original purpose of collection. We determine the appropriate retention period for Personal Data based on applicable legal requirements (such as applicable legal conservation periods or statutes of limitation). After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any Personal Data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to restrict access and use of such Personal Data as required by applicable law. Website monitoring data are kept for 1 year or longer as per applicable legal requirements.
13. USER PROFILE, PREFERENCES, AND OPT-OUT
To gain full access to certain areas of the Sites, download materials, or subscribe to or participate in certain Token programs, Token may require you to create a user account and maintain a user profile. You can opt-out of electronic communications by clicking the unsubscribe or opt-out link in Token’s marketing communication. You can control your preferences for using the Site including opting into or out of Personal Data for marketing use and certain programs and interests in your user account by informing Token at privacy@Tokenring.com.
With your consent, your Personal Data will be added to Token’s internal mailing list so we can furnish you with information about our products and services and Token offerings, events, webinars and other information via email, telemarketing, fax, SMS, and postal mail, as legally permitted. Also, Token may disclose and transfer Personal Data to our marketing or other partners or resellers for the marketing of Token products and services. If you no longer want to receive communications from Token, you are free to withdraw your consent at any time via the Preference Center, however, please note that withdrawal of your consent of processing Personal Data may render Token unable to continue to provide access to certain Sites. If you withdraw your consent, it will not affect the lawfulness of any processing based on your consent before you withdrew it. Some Token Sites may require separate user registrations for you to obtain the services offered on those Sites. Certain Token Sites will permit automatic access to other Token Sites so that by logging into one user account, you may automatically be signed in to other Token Sites. Other Token Sites may have different purposes, uses, and data collection techniques than those indicated in this Statement. Please always review the privacy statement of the Token Site that you access before providing your Personal Data.
Cookies may collect a unique identifier and store user Personal Data such as IP addresses, navigational data, server Personal Data, data transfer times, user preferences, and Personal Data including username and password you provide for a user account you establish.
To manage your privacy preferences, you may configure your Internet browser using the “Help” function in order to alert you when a cookie is sent or used and allow you the option to accept, reject or remove cookies. You can manage interest-based advertising or completely opt-out by indicating your choice in www.aboutads.info/choices. If you reject, disable or remove cookies, you might not be able to access certain pages or important functions on the Site. Remarketing tags such as a pixel tag or a clear GIF, and universal website tag are snippets of code that Token adds on certain pages of the Site. A tag is a “web beacon” that appears as a clear graphic image of a 1x1 pixel delivered through a web browser or an HTML compliant e-mail client application to a user’s device. Token uses these remarketing tags together with cookies to reach previous Site visitors for marketing activities.
Use of data collected with cookies and remarketing tags is governed by this Statement as to Token’s use, and by the respective service providers’ privacy policies as to their data use. Locally shared objects, also called “flash cookies,” are pieces of data that websites using Adobe Flash may store on your computer. Token will use the Personal Data collected to find out how you navigate the Site. You may disable this function by referring to www.adobe.com for Personal Data. If you disable or disallow locally shared objects, you might not be able to access certain pages or important functions on the Site. Internet Protocol (IP) addresses and log files are used to identify server problems, improve Site content, and compile aggregated statistics about Site usage and clickstream data. The Site also uses electronic images, known as web beacons, to help personalize your experience and perform standard Site traffic analysis in a manner similar to the use of cookies. Token reserves the right to introduce new passive tracking technologies and techniques related to the use of the Site, subject to and in accordance with Applicable Data Protection Laws.
14. THIRD-PARTY WEB ANALYTICS TOOLS
The table below shows third-party tools and tracking technologies that Token employs for marketing activities, with links to the respective Privacy Policies and Optout/Preferences Settings.
Tools | Purposes | Link to Privacy Policy | Link to Opt-Out and Settings Preferences |
---|---|---|---|
Google Ads and DoubleClick | Advertising analytics and administration | http://www.google.com/policies/privacy/ | To adjust Google Ad Preferences: http://www.google.com/settings/ads/onweb/ Manage your Ad Settings by installing Google’s advertising cookie Opt-out plugin: www.google.com/settings/ads/plugin |
Google Analytics (including Google Universal Analytics) | Analyzes web traffic across multiple devices | http://www.google.com/policies/privacy/ http://www.google.co.uk/intl/en/ |
To set your preferences or opt-out of Google Analytics: https://tools.google.com/dlpage/gaoptout |
Universal website tag of Twitter | Conversion analytics involving marketing campaigns | https://twitter.com/en/privacy | To opt-out of interest-based advertising or adjust Twitter ad settings: https://support.twitter.com/articles/20170405 |
Demandbase Website Platform Services by Demandbase | Uses cookies and web beacons for analytics of user interactions. | https://www.demandbase.com/privacy-policy/ | To opt-out of personalized advertising delivered by other participating companies: www.aboutads.info/choices |
Yahoo Gemini by Yahoo | Uses web beacons and persistent cookies for digital advertising | http://info.yahoo.com/privacy | To adjust Yahoo Ads Settings: http://info.yahoo.com/privacy/us/yahoo/opt_out/targeting/details.html |
LinkedIn Marketing Solutions by LinkedIn | Deploys ads to customers. | https://www.linkedin.com/legal/privacy-policy | Ad preferences may be adjusted on your LinkedIn account |
Visual Web Optimizer by Wingify | Conversion optimization services. | https://vwo.com/privacy-policy/ | To opt out of VWO tracking: https://vwo.com/opt-out/ |
Marketo Social Marketing (MSM) by Marketo | Analytics involving behavioral advertising | http://www.marketo.com/trust/legal/privacy/ | |
Marketo Munchkin Cookie by Marketo | Email and marketing activity analytics | http://www.marketo.com/trust/legal/privacy/ | |
Alexa web beacons, cookies, and pixels in Toolbar Service by Amazon | Site analytics with Alexa tools | http://www.alexa.com/help/privacy | You may disable the Toolbar Service on the Options Menu of your Amazon account |
AddThis Tools (cookies and pixels) by AddThis | Collect certain Personal Data from Sites for targeted advertising | http://www.addthis.com/privacy/privacy-policy | To opt-out: http://www.addthis.com/privacy/opt-out-saved To opt-out in US: http://www.aboutads.info/choices/ or http://www.networkadvertising.org/choices/ To opt-out in EU/EEA: http://www.youronlinechoices.eu/ |
One by AOL | Use and site traffic analytics | https://privacy.aol.com/legacy/privacy-policy.1.html | To opt-out: http://www.youronlinechoices.com/opt-out-interface |
Bing Ads by Microsoft | Site usage data and analytics browsers | https://privacy.microsoft.com/en-us/privacystatement | To adjust Microsoft ads: https://account.microsoft.com/privacy/ad-settings/signedout |
Google Optimize | Analyzes web traffic across multiple devices and browsers | https://policies.google.com/privacy?hl=en | To set your preferences or to opt-out: https://policies.google.com/privacy?hl=en#infochoices |
Hotjar | User experience analytics | https://www.hotjar.com/legal/policies/privacy | To opt-out of Hotjar tracking: https://www.hotjar.com/legal/compliance/opt-out |
Facebook Tag API and Custom Audience Pixel | Data analytics and interaction with Facebook for advertising | https://www.facebook.com/about/privacy/ | To adjust Facebook ad settings: https://www.facebook.com/about/ads/ |
Token and our third-party service providers may gather Personal Data using passive data collection technology such as cookies, web beacons, tags, and other tools that provide Token with Site activity data reflecting how you enter, navigate, and leave the pages you visit while using the Sites. Cookie Technologies are used to remember Site preferences, track device usage data, manage your activity across devices, analyze site traffic, and various other activities. Depending on the settings you have selected, your browser adds the text to your device as a small file. You can accept or decline cookies as you prefer. The Help portion of your web browser, most likely found on the toolbar, can assist you with setting or modifying your Cookie Technology settings. Note that disabling or declining cookies may prevent the use of certain features of our Sites, including the ability to login to a Site. Use of data collected with cookies and remarketing tags is governed by this Statement as to Token’s use of such data, and by the respective service providers’ privacy policies as to their use of such data.
15. DATA SUBJECT RIGHTS
Your rights as a data subject: you can access and control your personal data
In accordance with and subject to the conditions of Applicable Data Protection Laws, we inform you that you may have the following rights:
-
-
- Right of access and inspection: you have the right to inspect, free of charge, the Personal Data that we hold about you and to check what such Personal Data is used for.
- Right of rectification: you have the right to obtain rectification (correction) of your incorrect Personal Data, as well as to complete incomplete Personal Data.
- Right of deletion or limitation: you have the right to request us to delete or limit the processing of your Personal Data in the circumstances and under the conditions laid down by Applicable Data Protection Laws. We may refuse the deletion or restriction of any personal data which is necessary for us to fulfil a legal obligation, the performance of the contract or our legitimate interest, for as long as this Personal Data is necessary for the purposes for which it was collected.
- Right to transferability of data: You have the right to obtain the Personal Data you have provided to us in a structured, common and machine-readable form. You have the right to transfer these data to another data controller.
- Right of objection: you have the right to object to the processing of your Personal Data for serious and legitimate reasons. Please note, however, that you cannot object to the processing of Personal Data which is necessary for us to fulfil a legal obligation, the performance of the contract or our legitimate interest, for as long as these data are necessary for the purposes for which it was collected.
- Right of withdrawal of consent: If the processing of Personal Data is based on prior consent, you have the right to revoke this consent. This Personal Data will then only be processed if we have another legal basis for doing so.
- Automatic decisions and profiling: You may object to profiling and fully automated decisions.
- Complaints under Applicable Data Protection Laws. You may submit a compliant to Token’s Data Protection Officer via privacy@TokenRing.com.
-
You can exercise the aforementioned rights by contacting Token via privacy@TokenRing.com.
16. TECHNICAL AND ORGANIZATIONAL MEASURES
We take steps to ensure that the Personal Data we collect under this Statement is processed in accordance with the provisions of this Statement and the requirements of applicable law wherever the Personal Data is located. We also take appropriate technical and organizational security measures to protect your Personal Data against accidental or deliberate manipulation, partial or complete loss, destruction or access by unauthorized third parties. We strive to continuously improve our security measures in line with technological developments. We endeavor to take the necessary technical and organizational measures to process your Personal Data with an adequate level of security and to protect it against destruction, loss, falsification, alteration, unauthorized access or accidental disclosure to third parties, as well as any other unauthorized processing.
The Sites use TLS (Transport Layer Security) in combination with the highest level of encryption supported by your browser.
Token is also committed to reducing the risks of human error, theft, fraud and misuse of Token facilities. Token's efforts include making staff aware of security policies and training them to implement such policies. Token employees are required to maintain data confidentiality through written confidentiality agreements, and they also receive regular training on information protection and compliance with company policies regarding the protection of confidential information.
Token promptly evaluates and responds to incidents that cause suspicion of unauthorized processing of Personal Data. If Token determines that your Personal Data has been misused (including by an Token employee) or otherwise wrongfully obtained by a third party, Token will report such misuse or data breach to you within the time limits set by Applicable Data Protection Laws.
Under no circumstances shall Token be held liable for any direct or indirect damage resulting from the incorrect or unlawful use of personal data by a third party.
17. DATA PROTECTION FRAMEWORK
All information about collection and processing of personal data, personal data sharing, your rights to access your Personal Data and your right to send us inquiries or to file complaints are provided for in this Statement, the Product Privacy Statement, the Global Biometrics Privacy Notice and other relevant policies and communications provided by us.
18. CONTACTING TOKEN
We strive to handle your Personal Data in a careful and legitimate manner in accordance with the applicable regulations. Nevertheless, if you believe that your rights have been violated and if you do not find an answer to your concerns with Token and you are protected under Applicable Data Protection Laws, such laws often provide contact information for relevant agencies and authorities.
If you believe that Personal Data has been used in a way inconsistent with this
Statement, or if you have further questions, comments or suggestions related to Token’s handling of Personal Data, please contact Token by emailing privacy@TokenRing.com.
Written inquiries may be addressed to:
Token
4545 East River Rd, Suite 310
West Henrietta, NY 14586
November 2023