Privacy Notice

SafePorter Privacy Notice

Effective Date: May 15th, 2021

Privacy Notice Summary

This DataProtected privacy notice (the “Privacy Notice”) explains what personal information SafePorter LLC (“Safeporter”, “we”, “us”, “our”) gathers about you when you browse Safeportersecure.com, use the OurDataProtected.com admin portal, the MyDataProtected.com diversity surveys and inclusion feedback portal, and any related mydataprotected.com or ourdataprotected.com websites (individually and collectively the “DataProtected Tools”), what we use that information for and to whom we give that information. It also sets out your rights in relation to your information and who you can contact for more information or queries.

Click on the links below to take you to the more detailed sections of this Notice:

What does this Privacy Notice cover?

SafePorter is fully committed to protecting your privacy and handling your information in an open and transparent manner. This Privacy Notice sets out how we will collect, handle, store and protect information about you when:

you interact with or use the “SafePorter Tools” or
you interact with us related to your engagement with the “SafePorter Tools” or
we perform any other activities that form part of the operation of the SafePorter Tools and this Website.

When we refer to “our Website” or “this Website” in this Privacy Notice we mean the specific webpages of SafePortersecure.com, MyDataProtected.com or OurDataProtected.com from which you accessed this Privacy Notice.

This Privacy Notice also contains information about when we share your personal information with third parties (for example, our service providers).

In this Privacy Notice, “Personal Data”, means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal data” under applicable data privacy laws, rules, or regulations. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal information.

By using or accessing the Website in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Notice, and you hereby consent that we will collect, use, and share your information in the following ways.

What information do we collect from you?

We collect Personal Data about you when you access or use our Website or provide such information directly to us in connection with MyDataProtected organizational surveys, inclusion feedback, or use of the OurDataProtected admin portal.

We collect or obtain such data because you give it to us (for example in a secure form on our Website) or, in the case of administrative access, because your organization provided it. To improve your experience when you use this Website and ensure that it is functioning effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) and Web beacons which may collect personal information. Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our cookie notice.

We collect and process of the following types of Personal Data about you:

Personal Identifiers:

Anyone who contacts SafePorter directly:

Your name
Your email
Any other information that could identify you that you provide in relation to your inquiry or correspondence

(All of the foregoing, “Personal Identifiers.”)

MyDataProtected Survey and Inclusion Feedback Users:

We do not have your name or your contact information.

We collect the following personal information from you when you complete a survey:

Race, ethnicity, gender, sexuality, ability, veteran status and other special categories of Personal Data provided by you in your diversity survey
Inclusion feedback
Job type, membership type or position, region, salary
Your opinions and assessments related to specific additional surveys from the organization who assigned and distributed the survey
The organization or school you are affiliated with
Your SafePorter ID Number

(All of the foregoing, “Personal Identifiers.”)

We process your Personal Identifiers from you based on your interaction with, and for the purposes of administering , the diversity data survey, inclusion feedback portal, and other surveys through MyDataProtected.com

OurDataProtected Admin Portal Users:

We collect the following Personal Data from you or your employer as OurDataProtected account administrators for your organization:

Employer name
Your name
Work email address
Your IP address
Browser type
SafePorter service desk inquiry details and correspondence

(All of the foregoing, “Personal Identifiers.”)

We process Personal Identifiers for the purposes of providing you access to your organization’s OurDataProtected Admin Portal.

We may also send you information about new features of the DataProtected Tools or updates to our user guides. SafePorter will not send you marketing emails related to your use of the Services, but you can opt-out of emails from SafePorter and the DataProtected Tools at any time by emailing Privacy@safeportersecure.com

Special Categories of Personal Data ( also "Sensitive Personal Information"): Diversity Data

Through our MyDataProtected.com surveys, you may provide answers that give information about your race, gender, sexuality, ability, or other diversity related data. (All of the foregoing, “Diversity Data”)

We process Diversity Data for the following purposes:

To provide aggregate-only diversity information or inclusion and other program feedback to employers and organizations that allow them insight into the status, progress, and effectiveness of their programs and initiatives.

Device Information:

When you access the ourdataprotected.com and safeportersecure.com sites, we automatically collect certain information about the computer or devices (including mobile devices) you use to access the Services. For example, we collect and analyze information such as IP addresses, browser types, browser language, operating system, or the state or country from which you accessed the Services.

Children’s Information:

SafePorter does not knowingly collect or solicit Personal Data from children under 18; if you are a child under 18, please do not attempt to register for or otherwise use the Services or send us any Personal Information. If we learn we have collected Personal Information from a child under 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us Personal Information, please contact us at Privacy@safeportersecure.com .

How we use information about you

Use of Personal Data collected via our Website

We use the information that we collect for the following purposes:

For the purposes for which you provided the information, which may include to provide aggregate information to the organization that assigned you a survey;
To provide and administer the MyDataProtected.com surveys and feedback intake forms, including to facilitate your use of our website;
To provide you access to the OurDataProtected Admin Hub; or
to manage and respond to any request or inquiry you submit via email.

Your Diversity Data and inclusion feedback are only provided to your organization in the aggregate or through broad insights about the organization or the feedback overall, and are held in escrow (not released into the aggregate totals) where they can be linked to you due to timing or a discernible shift in aggregate totals.

The basis upon which we process your personal information

We use your Personal Data for the purposes outlined above because of: (a) our legitimate interests in the effective delivery of our Website and the DataProtected Tools; (b) our legitimate interests in the effective and lawful operation of our Website so long as such interests are not outweighed by your interests; (c) the legal and regulatory obligations that we are subject to.

To the extent that we process any sensitive or Special Categories of Personal Data relating to you for any of the purposes outlined above, we will do so because you have given us your explicit consent to process that data.

To whom we disclose your information

Survey respondent Diversity Data and inclusion feedback is included in aggregated diversity data shared with your organization. Data that would be identifying due to timing, scarcity, or for any other reason is held in escrow until it would not be identifying.

Third party processors: We use third parties to process some of your Personal Dataon our behalf, for example security and fraud prevention providers, hosting and other technology and communications providers. We have in place with each processor a contract that requires them only to process the data on our instructions and to take proper care in using it.

These processors include:

- Amazon Web Services

MyDataProtected Survey and Inclusion Feedback Users:

SafePorter will share your Diversity Data with your organization in the aggregate only and your inclusion and program feedback without any context or information beyond that which is contained in your submission.

OurDataProtected Admin Portal Users:

We may share information about your use of and engagement with the Admin Portal with your organization.

Please note that SafePorter LLC is located in the United States and SafePorter Limited is located in Ireland and that the two companies are not subsidiaries of one another.

Mydataprotected.com survey and feedback Personal Data is not transferred outside of the EEA by SafePorter except in an aggregated form. Where your organization is in the EU or the UK or otherwise subject to GDPR, SafePorter will only engage with that organization as a client when there are adequate safeguards in place to protect your personal information that comply with their, and our, legal obligations. The adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal information to third countries, with additional clauses to address GDPR requirements.

Further details of the transfers described above and the adequate safeguards used by us in respect of such transfers are also available from us by contacting the Privacy Office.

We may also need to disclose your Personal Data if required to do so by law, by a regulator or during legal proceedings.

We may share non-personal, de-identified and aggregated information with third parties for data analytics and aggregate organizational comparison purposes.

Protection of your personal information

SafePorter is dedicated to the protection of your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data.

We use a range of physical, electronic and managerial measures to ensure that we keep your personal information secure, accurate and up to date. These measures include:

education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal information
administrative and technical controls to restrict access to personal information on a ‘need to know’ basis
technological security measures, including fire walls, encryption and anti-virus software
physical security measures, such as staff security passes to access locations and systems containing personal information.

Although we use appropriate security measures once we have received your personal information, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal information, but we cannot guarantee the security of data transmitted to us or by us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.

How long do we keep your information?

Your Personal Information is tied to your SafePorter ID number and is retained until that ID number is off-boarded from our system by your organization or you delete your information, which you can do at any time.

In contrast, the name, email and organization of anyone who is provided access to a Client’s OurDataProtected admin portal will be retained until the Client removes the account or notifies SafePorter to remove the account.

In some rare cases we retain Personal Data for longer, where doing so is necessary to comply with our legal obligations, resolve disputes or is otherwise required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

Your rights

GDPR

You have various rights in relation to your Personal Data. In particular, you have a right to:

obtain confirmation that we are processing your Personal Data and request a copy of the Personal Data we hold about you
ask that we update the Personal Data we hold about you, or correct such personal information that you think is incorrect or incomplete
ask that we delete Personal Data that we hold about you, or restrict the way in which we use such Personal Data.
object to our processing of your Personal Data.

To exercise any of your rights, or if you have any other questions about our use of your personal information, please contact us.

Right to complain

If you are unhappy with the way we have handled your Personal Data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us.

California Resident Rights

We will not provide your Personal Data to third parties for such third parties’ direct marketing purposes.

If you are a California resident, you have the rights outlined in this section under the California Consumer Privacy Act (“CCPA”). Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Privacy Notice and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at privacy@safeportersecure.com.

Access

You have the right to request certain information about our collection and use of your Personal Information over the past 12 months. If we have your Personal Data we will provide you with the following information:

The categories of Personal Data that we have collected about you.
The categories of sources from which that Personal Data was collected.
The business or commercial purpose for collecting or selling your Personal Data.
The categories of third parties with whom we have shared your Personal Information.
The specific pieces of Personal Data that we have collected about you.

If we have disclosed your Personal Data for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient.

Deletion

You have the right to request that we delete the Personal Data that we have collected from you. For any User with a SafePorter ID Number, you can also delete your information at any time through the survey portal.

Exercising Your Rights

To exercise the rights described above, you must send us a request that (1) provides enough information to allow us to verify that you are the person about whom we have collected Personal Information, and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request.

We will not discriminate against you for exercising your rights under the CCPA.

We will work to respond to your Valid Request within 30 days of receipt.

You may submit a Valid Request by sending an email to privacy@safeportersecure.com

Other State Law Privacy Rights

Nevada Resident Rights

Nevada law requires the following wording even though we do not sell your data: If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at privacy@safeportersecure.com with the subject line “Nevada Do Not Sell Request” and providing us with your name. We do not sell your Personal Information as defined in Nevada Revised Statutes Chapter 603A.

Changes to this Privacy Notice

We may modify or amend this Privacy Notice from time to time.

To let you know when we make changes to this Privacy Notice, we will amend the revision date at the top of this page. The new modified or amended Privacy Notice will apply from that revision date. Please periodically review this Notice to be informed about how we handle your information.