Last updated: 14 December 2021
We will not rent, sell, or share your Personal Information except in accordance with this Policy. If you do not feel comfortable with any part of this Policy, you should cease using our Websites and Services.
1. Policy Scope
Superside is committed to protecting the privacy of individuals who interact with us. This Policy applies to the personal information we collect and use for our own purposes (i.e., as a “data controller”). We provide this Policy to explain the ways in which we collect, use, and share personal information about individuals who:
For purposes of this Policy “Websites”, shall refer collectively to www.superside.com, www.airstart.co, as well as the other websites that Superside operates and that link to this Policy, the term “Services” shall refer to any of our plans located on any of the Websites. The term “Subscriber” refers to an individual or legal entity that has agreed to an applicable agreement between you and any member of Superside relating to access and use of our Services (“Services Agreement”), including an individual representing the Subscribing company. The term “Account” refers to a Superside account or instance created by or on behalf of a Subscriber within the Services. The term “Users” shall refer to the individuals authorized to use our Services through a Subscriber’s Account.
2. Personal Information You Provide
In this Policy, “personal information” means information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, including by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.
Account and Registration Information. If you are Subscriber, we must process certain personal information about you such as name, date of birth, place of birth, taxpayer identification number, address, phone number, email address, and, if applicable, credit card information to provide our Services (collectively “Account Information”), and name or alias for each of your Users. We may request documents to verify this information, such as a copy of your government-issued identification or photo, and we may authenticate it against third-party databases or request a credit report. By voluntarily providing us with this information, you represent that you are the owner of such personal information or are otherwise authorized to provide it to us, specifically, if you as a Subscriber provide us information related to the User, you represent that the User has not objected to such processing. We use a third-party intermediary to manage credit card processing.
User Information. We collect certain information automatically from Users through cookies and other tracking technologies when they use a Subscriber’s Account, subject to the applicable law’s consent requirements. We use this information to improve our services. In relation to all of the information that Users voluntarily provide when working in a Subscriber’s Account, the Subscriber is the data controller and we are a data processor.
3. Personal Information Automatically Collected
Logs. As is true with most websites and services delivered over the internet, we gather certain information and store it in log files when you interact with our Websites and Services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect personal information to other information gathered in our log files as necessary to improve our Websites and Services. In such a case, we would treat the combined information in accordance with this Policy. In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Websites' functionality and user experience and to detect suspicious activity. These third-party service providers have their own privacy policies addressing how they use such information.
Session Replay Scripts. On our Services we may also use session replay scripts provided by third-party analytics service providers to better understand our users’ needs and to optimize our Services and user experience. These website analytics tools provide us heatmaps, session recordings of your activities on the Services, form analytics, feedback campaigns, and similar features and functionalities, including to assist in website debugging and customer service matters. Our session replay script providers may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, and other metadata such as IP address or device type.
Do Not Track. Some Internet browsers, like Internet Explorer, Firefox, and Safari, include the ability to transmit “Do Not Track” or “DNT” signals. Since Superside does not track Users over time and across third-party websites to provide targeted advertising, we therefore do not respond to DNT signals. Third parties cannot collect any other personally identifiable information from Superside unless you provide it to them directly.
We Do Not Request Unsolicited Personal Information. To safeguard against the identity theft practice known as ”phishing”, we do not, and will not, at any time, request your credit card information, account ID, login password, or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. We advise you to promptly report any email or telephone communication purporting to be from us in which such information is attempting to be collected. For more information about phishing, visit the Federal Trade Commissionʼs website at https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
4. Personal Information We Collect From Other Sources
5. Why We Process Your Personal Information
We process your personal information to:
6. Legal Basis for Processing Personal Information
For individuals who are located in the European Economic Area, the United Kingdom or Switzerland, Japan or Brazil, at the time their personal information is collected, our legal basis for processing your information under the applicable laws will depend on the personal information at issue, the specific context in the which the personal information is collected and the purposes for which it is used. We generally only process your personal information where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), where processing is in our legitimate interests to operate our business and not overridden by your data protection interests or fundamental rights and freedoms, or where we have obtained your consent to do so. In some rare instances, we may need to process your personal information to protect your vital interests or those of another person.
We process your information for the purposes described in this Policy, based on the following legal grounds:
When we are pursuing legitimate interests. We process your personal information for our legitimate interests and those of third parties. This means that we process your information for things like: providing, operating; maintaining, and improving our Services; enabling you to access and use the Services; promoting the Services; sending promotional communications, including through the use of tools or services that may provide us with personal contact information for potential job applicants or business contact information for prospective customers; monitoring and analyzing trends, usage, and activities in connection with the Websites and Services (subject to applicable law); investigating and preventing fraudulent transactions, unauthorized access to the Services, and other illegal activities; personalizing the Websites and Services.
When we are providing a service pursuant to a contract. We process your personal information to provide you with our Services pursuant to the Service Agreement or other contract between you and us. This means that we process your personal information to: enable you to access and use the Services; process transactions, and send you related information; provide customer service and support.
When we are complying with legal obligations. We process your personal information when we have a legal obligation to do so, for example, if we are responding to legal process or an enforceable governmental request.
With your consent. In certain situations, we may request your consent to process your personal information for specific purposes and you have the right to withdraw your consent at any time.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at firstname.lastname@example.org.
7. Why We Share Your Personal Information
We take care to allow your personal information to be accessed only by those who really need access in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. We may share personal information about you with third parties in the following circumstances.
Third-Party Service Providers. We share your personal information with our third-party service providers that we use to provide hosting for and maintenance of our Websites, application development, backup, storage, payment processing, analytics and other services for us. A list of our third-party sub processors can be provided upon request by sending an email to email@example.com. These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes or for any other purpose other than in connection with the services they provide to us.
Testimonials. From time to time, we may post testimonials on the Websites that may contain personal information. We obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial after giving your consent, you can contact us at firstname.lastname@example.org.
Interactive Areas. The Websites may offer feedback forms, comments sections, discussion forums, or other interactive features (“Interactive Areas”). You should be aware that any information that you post in an Interactive Area might be read, collected, and used by others who access it, in particular to Users who initiated the particular Interactive Area. To request the removal of your personal information from an Interactive Area, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Superside Sharing. We may share information, including personal information, with any member of Superside.
With Your Consent. We may also share personal information with third parties when we have your consent to do so.
8. Security & Confidentiality
We maintain (and require service providers to maintain) generally accepted, reasonable, and appropriate standards to protect your personal information, both during transmission and once it is received. For example, we employ physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. In deciding what is reasonable and appropriate, we take into account the risks involved and the nature of the information. However, no security procedures or protocols are ever guaranteed to be 100% secure. In the event that we are required by law to inform you of a breach of your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.
9. Retention of Your Personal Information
10. International Transfer of Personal Information
We primarily store personal information about Website Visitors and Subscribers within the European Economic Area (the “EEA”) and in the United States. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which Superside has operations. If and when transferring your personal data from the EEA, United Kingdom or Switzerland, or via an onward transfer, we rely on the Standard Contractual Clauses adopted by the relevant authority as appropriate safeguards.
We will protect your personal information in accordance with this Policy wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal information in accordance with applicable laws. We contractually obligate recipients of your personal information to agree to at least the same level of privacy safeguards as required under applicable data protection laws.
International transfer for Client personal information is governed by Superside's DPA, located at www.superside.com/dpa.
11. Your Privacy Rights and Choices
Marketing Communications. If you do not want to receive marketing email communications from us, you can opt-out by clicking on the “unsubscribe” link located at the bottom of our marketing emails or you may send a request to email@example.com.
Right to Correct or Update Your Information. You may request that we correct or update any inaccurate or incomplete personal information by contacting support@Superside.com. Subscribers to our Services may update or change their Account Information at any time by editing their profile or organization record or by contacting support@Superside.com for more detailed instructions.
Additional Rights for Certain Territories: If you reside in certain territories (such as the European Economic Area, Switzerland, the United Kingdom, Japan or Brazil), you may have the right to exercise certain privacy rights available to you under applicable law. If any of the rights listed below are not provided under law for your jurisdiction, we have the absolute discretion in providing you with those rights.
Your personal information rights are not absolute. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another’s privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.
Right not to provide consent or to withdraw consent: We may seek to rely on your consent in order to process certain personal information. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
Right of access and/or portability: You may have the right to access the personal information that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or port that data to another provider.
Right of erasure: In certain circumstances, you may have the right to the erasure of personal information that we hold about you (for example, if it is no longer necessary for the purposes for which it was originally collected).
Right to object to processing: You may have the right to request that we stop processing your personal information and/or stop sending you marketing communications.
Right to rectification: You may have the right to require us to correct any inaccurate or incomplete personal information.
Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is not accurate or lawfully held).
Right to lodge a complaint to your local Data Protection Authority: You may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.
To assert your privacy rights, please email firstname.lastname@example.org. Please note that to protect your privacy and security, we must be able to verify your identity before we can process your request to exercise any of the privacy rights that you may be entitled to under the applicable law. We may conduct the verification process by email or phone, and we may ask you to provide information such as your name, contact information, and any additional relevant information based on your relationship with us. You may also use an authorized agent to submit a request to opt out on your behalf if you provide the authorized agent signed written permission to do so. You may have other privacy rights if you are a California Resident, see our “Notice to California Residents” section below for more information.
Rights and Choices where Superside Acts as a Processor: An individual who seeks access to, or who seeks to correct, amend, or delete inaccuracies in personal information stored or processed by us on behalf of a Subscriber should direct his/her query to the Subscriber (the data controller)
12. Notice to California Residents
This notice to California residents is provided under California law, including the California Consumer Privacy Act (“CCPA”), Cal. Civ. Code 1798.100, et seq.. The information provided below relates to the personal information, Superside Groups process as a data controller, which is known as a “business” under the CCPA. If you are a California resident, this Section applies to you in addition to the rest of this Policy.
Categories of Personal Information Collected. In the preceding 12 months, we have collected the following categories of personal information: identifiers (such as your name and contact information); commercial information (such as information about products or services you have purchased); internet or other electronic network activity information (such as your IP address, device identifier, and other information captured by online tracking technologies); and inferences drawn from the information collected about you. When you purchase a product or service from us, we may also collect information described in Section 1798.80(e) of the California Civil Code (such as signature and credit/debit card number). For examples of the precise data points we collect and the categories of sources of such collection, please see Sections 3, 4, and 5 of this Policy.
Business or Commercial Purpose for Collecting and Using Personal Information. We collect the categories of personal information described in this Section for the business or commercial purposes described in Section 6 of this Policy.
Categories of Personal Information Disclosed and Categories of Recipients. In the preceding 12 months, we have disclosed the following categories of personal information for business or commercial purposes to the following recipients:
We may share identifiers with advertising networks, Internet service providers, data analytics providers, operating systems and platforms, social networks, payment processors, customer support partners, events and promotions partners, and fraud prevention partners.
We may share commercial information with data analytics providers, payment processors, customer support partners, and fraud prevention partners.
We may share internet and electronic network activity information with data analytics providers, operating systems and platforms, customer support partners, and fraud prevention partners.
We may share information described in Section 1798.80(e) of the California Civil Code (such as signature and credit/debit card number) with: our affiliates and subsidiaries, our business partners, financial institutions, professional services organizations such as auditors and law firms, and other service providers.
We may share inferences with data analytics providers and fraud prevention partners.
We may also share the above categories of information with government entities as may be needed to comply with our legal obligations or prevent illegal or fraudulent activity.
Your Rights. For personal information collected by us during the preceding 12 months preceding your request that is not otherwise subject to an exception, California residents have the right to access and delete their personal information. We will not discriminate against those who exercise their rights. You have the right to (a) opt out of any sales of personal information that may be occurring; and (b) not be discriminated against for exercising these rights.
Sale of Personal Information. If you are a California resident, you have the right to “opt out” of the “sale” of your “personal information” to “third parties” (as those terms are defined in the CCPA).
If you are a California resident and you would like to exercise your rights described in this Policy, you can submit your request by emailing us at: dataprivacy@Superside.com with the subject line “CCPA Rights.” Except where we are required by law to maintain such information for record-keeping purposes, we will take steps to delete any new personal information collected for the purpose of verification as soon as practical after processing your request. Please also be aware that making any such request does not ensure complete or comprehensive removal or deletion of Personal Information or content you may have posted, and there may be circumstances in which the law does not require or allow us to fulfill your request, including for example, where fulfilling your request may infringe upon the rights and freedoms of other consumers.
13. Children’s Personal Information
We do not knowingly collect any personal information from children under the age of 16. If you are under the age of 16, please do not use or submit any personal information through our Websites or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Websites or Services without parental permission. If you have reason to believe that a child under the age of 16 has provided personal information to us through the Websites or Services, please contact us at email@example.com, and we will use commercially reasonable efforts to delete that information.
14. Contact Us
If you have questions regarding this Policy or about the privacy practices of Superside, please contact us by email at firstname.lastname@example.org, or at: Konsus, Inc., Attn: Data Privacy, 1201 N. Market Street, Suite 111, Wilmington, DE, 19801, United States of America.