Privacy Statement

2. Information We Collect

‍

We collect personal information from or about you when you visit our Site or interact with us as part of our standard marketing or business practices.

‍

Information You Provide to Us

• We only collect personal information you provide to us when contacting us via email using the ASAPP email address provided on the Site, such as your name, email address, and any other personal information you choose to include in your message.
• We collect personal information of our business contacts, including potential Customers, that they provide directly to us through our marketing and standard business practices, including through attending events, conferences other business meetings. This includes business contact information, such as your name, email, and phone number.

‍

Information We Collect Automatically

When you visit our Site, we automatically collect information to administer the Site and analyze its usage. This information may include:

‍

• The browser you use.
• Pages you viewed on the Site.
• Number of links you click within the Site.
• State or country from which you accessed the site.
• Date and time of your Site visit.
• Number of times you return to our Sites.
• Web page you linked to our Site from.

‍

We may aggregate and anonymize information received to produce reports on Site activity and statistics. We use Google Analytics to collect and analyze such information. For more information about how we share information with Google Analytics, please see our Cookie Notice.

‍

Information Received from Third Parties

We may collect business contact information about you from certain third party services for business development and marketing purposes. We receive this information from advisory firms and publicly available resources, such as LinkedIn.

3. How We Use Your Personal Information

‍

We use information you provide us only for the purposes of:

‍

• Communicating with you.
• Providing you with the information you have requested.
• Facilitating your movement through the Site.
• Marketing our products and services to you.
• Administering and improving our Site.
• Diagnosing problems with our Site.
• Uses described in our Cookie Notice

4. How We Share Your Information

‍

We disclose your personal information only with selected recipients for specific purposes, including:

‍

Service Providers and Other Third Parties:

• To vendors, consultants, and service providers who need access to your information to assist us with administering the Site and facilitating improvement and optimization of our Site. For more information about how we share information with third parties, please see our #cookieNotice.

‍

ASAPP Affiliates and Subsidiaries:

• To any corporate affiliate or subsidiary of ASAPP for the purposes described in this Notice.
• If we are involved in a merger, acquisition, or sale of assets, we will notify you. The use and disclosure of all personal information collected through our Site is subject to this Notice. However, any personal information submitted or collected after a merger, acquisition, or sale of assets, may be subject to a new privacy notice adopted by the successor entity.

‍

Compliance and Regulatory Purposes:

• As required by law, such as responding to lawful requests by public authorities, including to meet national security or law enforcement requirements, comply with a subpoena, bankruptcy proceedings, or similar legal process.
• When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

5. Cookies and Tracking Technology

‍

We use cookies and other similar technologies to collect information about your browsing activities when you navigate through our Site. Cookies help make interactions with our Site easier and faster for you. We also use cookies to analyze trends, administer our Services, and track activity and interactions with our Site. For more information about how we use cookies and to learn how to manage cookies, please see our Cookie Notice.

‍

We do not respond to web browser “Do-Not-Track” signals. We do not serve targeted advertisements in our Services at this time.

6. How We Protect Your Information

‍

At ASAPP, we take our responsibility to protect the security and privacy of your personal information very seriously. We continuously review our established policies and procedures to ensure that they are appropriate and effective in meeting our commitment to our community, our Customers, and ourselves.

We maintain appropriate administrative, technical, and physical safeguards designed to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We also require third party service providers acting on our behalf or with whom we share your information also provide such security measures in accordance with industry standards.

For your own online security, please do not send payment card numbers or any other confidential personal information to us via email.

7. Minimum Age Requirements

‍

We do not knowingly or intentionally collect any personal information from, or market to, individuals under the age of 13. Our Site is not intended for persons under the age of 13. If you learn that a child under the age of 13 has provided us with personal information contrary to these rules, please contact us at the address listed in the “Contact Us” section below.

8. How Long We Retain Your Information

‍

We retain your information for as long as needed to fulfill our legitimate business purposes outlined in this Notice, support our business operations, develop our Services, resolve disputes and enforce our rights. The criteria used to determine our retention periods include:

‍

• Only retaining Personal information for as long as needed to fulfill our legitimate business purposes.
• Retention of records to fulfill a legal or regulatory obligation or investigation.

9. Changes to this Notice

‍

We may update this Privacy Notice from time to time. You can determine when this Privacy Notice was last revised by referring to the “Updated Date” at the top of this Notice. We encourage you to review the Privacy Notice whenever you interact with us to stay informed about our information practices and the ways you can help protect your privacy. Your use of the Site constitutes your consent to any new privacy policy to the fullest extent permitted by law. We are not responsible for and do not control the privacy practices of any of our Customers or any other third party. We encourage you to review the privacy practices of each third party.

10. Information About Sub-processors

‍

ASAPP, Inc. (“ASAPP”) uses certain sub-processors, and content delivery networks to assist it in providing the ASAPP Services.
‍

What is a Sub-processor?

‍

A sub-processor is a third-party data processor engaged by ASAPP, who has or potentially will have access to or process customer data (which may contain personal data). ASAPP engages different types of sub-processors to perform various functions as explained in the tables below.

‍

Due Diligence

‍

ASAPP undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or process customer data.

‍

Contractual Safeguards

‍

ASAPP executes an agreement with our Subprocessors, including but not limited to the requirements to:

• Restrict the Subprocessors’ access to customer data only to what is necessary to assist ASAPP in providing or maintaining the ASAPP Services, and prohibit the Subprocessor from accessing customer data for any other purpose
• In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws
• Make clear that ASAPP will remain responsible for its compliance with the obligations of any applicable agreements between us and our customers and for any acts or omissions of the Subprocessor that cause ASAPP to breach any of its obligations under those agreements
• Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which ASAPP is contractually committed to adhere to insofar as they are equally relevant to the sub-processor’s processing of Personal Data on ASAPP’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification ASAPP reserves the right to audit the sub-processor
• Promptly inform ASAPP about any actual or potential security breach and cooperate with ASAPP in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable
  ‍

Sub-processors—Service Data Storage and Processing

‍

ASAPP owns or controls access to the infrastructure that ASAPP uses to host and process customer data submitted to the ASAPP Services, other than as set forth herein. Currently, the ASAPP production systems used for hosting customer data for the ASAPP Services are located in co-location facilities in the United States and Europe and in the infrastructure sub-processors listed below.
‍

Current list available here.

1. Purposes and Legal Bases for Processing

‍

We process personal information for the purposes set out above in “How We Use Your Personal Information.” We collect and process your personal information only where we have a legal basis for doing so under applicable data protection laws. Our legal bases include processing personal information that is (i) pursuant to our legitimate interests to run our Sites and market our products and services to you; (ii) pursuant to your consent and (ii) for compliance with a legal obligation.

Where you provide personal information to us, we may transfer and store your data in the United States (“US”), where ASAPP’s corporate headquarters is located and where our IT systems (including email servers) are located. We also transfer your personal information to third parties as described in the “How We Share Your Information” section above. These third parties may be located outside of the European Economic Area (EEA) (in most cases, in the US).
‍

2. Transfer of Personal Information to Other Countries

‍

Although the data protection laws of various countries may differ from those in your own country, we take appropriate steps to ensure that your personal information is handled as described in this Notice and in accordance with the law.

In the limited circumstances that require us to transfer your information to third parties located outside the EEA, we will only transfer such information where we have adequate measures in place to provide appropriate safeguards such as Model Clauses (standard contractual clauses produced by the EU Commission).

3. Data Subject Rights

‍

Where the GDPR applies, you have certain rights related to the personal information we hold about you. Some of these only apply in certain circumstances, as set out below. We also describe how to exercise those rights. End Users seeking to access, correct, amend, or delete personal information should contact our Customer (the data controller) whom has transferred such data to us for processing. The Customer is responsible for responding to End User data subject requests as determined under the applicable local data protection law.

Please note that before we respond to requests for information, we will require that you verify your identity, or the identity of any data subject for whom you are requesting information. The GDPR provides data subjects with the following rights:

‍

• Right of Access – You have the right to request access to the personal information we hold about you and be provided with certain information about how we use your personal information and who we share it with.
• Right to Rectification – You have the right to request correction of your personal information where it is inaccurate or incomplete and we endeavor to do so without undue delay.
• Right to Data Portability – You have the right to request a copy of your data in a structured, machine readable format and to ask us to share this information to another entity.
• Right to Erasure – You have the right to request deletion of the personal information we hold about you:
• Where you believe that it is no longer necessary for us to hold your personal information;
• Where we are processing your personal information on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing;
• Where you have provided your personal information to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal information; or
• Where you believe the personal information we hold about you is being unlawfully processed by us.
• Right to Restriction of Processing – You have the right to ask us to restrict (stop any active) processing of your personal information:
• Where you believe the personal information we hold about you is inaccurate and while we verify accuracy;
• Where we want to erase your personal information as the processing is unlawful, but you want us to continue to store it;
• Where we no longer need your personal information for the purposes of our processing, but you require us to retain the data for the establishment, exercise or defense of legal claims; or
• Where you have objected to us processing your personal information based on our legitimate interests and we are considering your objection.
• Right to Object – You can object to our processing of your personal information based on our legitimate interests. We will no longer process your personal information unless we can demonstrate an overriding legitimate purpose.
• Objection to Marketing and Profiling – You have the right to object to our processing of personal information for marketing communications. We will stop processing the data for that purpose. ASAPP does not share personal information with third parties for marketing purposes and does not engage in any automated profiling for its Services outlined in this Notice.
• Withdrawal of Consent – Where you have provided your consent for us to process your personal information, you can withdraw your consent at any time by emailing privacy@asapp.com.

‍

Exercising your Rights

To exercise any of these rights above, please contact us as noted in the “Contact Us” section below. If you are an End User, contact the Customer acting as the Data Controller directly to fulfill any Data Subject Rights requests.

‍

Please note that the above rights may be limited, for example, where fulfilling your request would adversely affect other individuals or company trade secrets or intellectual property, where there are overriding public interest reasons, or where we are required by law to retain your personal information.

‍

Complaints

If you are an End User, we encourage you to first reach out to the applicable Customer to address any complaints or issues. To the extent that the above rights apply to you, we encourage you to contact us in the first instance. You may also address any grievance directly with the relevant Supervisory Authority.