Privacy & Security

Effective June 26, 2018

OpenBCI collects customer information in an effort to improve our customers’ shopping experiences and to communicate with our customers about our products, services and promotions. OpenBCI recognizes that it must maintain and use customer information responsibly. We value the privacy and security of our customers. We NEVER sell, rent, or disclose your information to a third-party without your express permission, and then only for the purposes of customer service related to order processing and payment, as required by law.

1. WHO ARE WE?

“OpenBCI” refers to OpenBCI, Inc a company incorporated in the USA with its registered office at 67 WEST STREET, BROOKLYN, NEW YORK, 11222. You can contact us via email at contact@openbci.com for any questions relating to our Privacy Policy.

2. WHAT DOES THIS PRIVACY POLICY GOVERN?

This Privacy Policy is where we explain what information is being collected when you use the OpenBCI website and products (our “Services”), and how that information is collected, utilized, stored and protected. This policy also explains your rights relating to the collection and use of your personal information ("Personal Information" means information which, on its own or in combination with other information, can be used to identify you). OpenBCI respects the privacy of its online visitors and customers of its products and services and complies with applicable laws for the protection of your privacy in the USA and elsewhere.

Under European Union data protection legislation, OpenBCI is the “data controller” for personal information collected from our Services. OpenBCI works with several “Partners” and Third Parties (Google, Facebook, Shopify) who are “data processors” under GDPR.

Please read the following carefully to get a clear understanding of how we collect, use, protect or otherwise handle any Personal Information collected from the use of our Services.

3. WHAT CONSTITUTES ACCEPTANCE OF THIS POLICY?

By clicking “I accept” on any Privacy Policy prompts, or by continuing to use the OpenBCI website and Services beyond reviewing this Privacy Policy, you are consenting to the use of your personal information as described in this Policy.

4. WHAT PERSONAL INFORMATION DO WE COLLECT?

The Personal Information that OpenBCI collects varies depending on your use of our Services. Not all of the below items are required for all parts of our Services; for example, payment information and shipping address are only collected when making a purchase, and are not required to access other parts of our site.

When you use OpenBCI services we may collect the following information (how we use it is described later in this document):

I. Contact Information: Name, Address, Phone Number, Email, Username and other basic information submitted when making a purchase, contacting us, or registering on our site. II. Linked social/external accounts: Github, personal website, or other personal social account names/URLS which you provide to us when registering for our Services, or communicating with us through social media. III. Limited financial information: information you provide to us when making purchases from OpenBCI including credit card number, expiration date, verification code, or similar information from other connected payment services (Paypal, Google Pay, Apple Pay). IV. ser Content: any information you include in posts or content shared while using our Services. V. Technical device information: information about the devices which you use to access OpenBCI services, including: Internet and/or network connection (including your IP address); mobile device identifiers; your operating system, browser type or other software; your hardware details; or other technical details provided by your web browser. This is technical data about our users and their actions and patterns, which does not provide personal information. VI. Support query information: any other personal information, or technical information provided in order to help you during any customer support communications. VII. Any other information which you voluntarily submit to us during the use of our Services.

5. HOW DO WE COLLECT INFORMATION?

We collect Personal Information when a user: I. Creates an account II. Makes a purchase III. Accesses or logs into our Services IV. Uploads or shares User Content either on our site or through connected social media platforms V. Communicates with us via all channels VI. Interacts with marketing content and advertisements from OpenBCI or our Partners VII. Through “Cookies” VIII. Completes surveys or other optional forms from our communications with users When submitting to OpenBCI any information about a third party, such as a friend, research subject, partner, or employee, you represent and warrant to OpenBCI that you have obtained the informed consent of that third party to provide this information to OpenBCI for use as outlined in this Policy.

6. COOKIES AND OTHER THIRD PARTY TRACKING

We also collect information about you via cookies. You can find out more about this in our Cookie Policy. The Cookie Policy forms part of this Privacy Policy.

7. LEGAL GROUNDS FOR DATA PROCESSING

Data protection law in Europe requires a “lawful basis” for collecting and retaining personal information from citizens or residents of the European Economic Area. Our lawful bases include: I. Contractual obligation: In certain circumstances, we need personal data to complete our end of any contract/agreement with you, such as collecting payment information and address to complete your order. II. Legal compliance: Sometimes the law says we need to collect and use your data. For example, tax laws require us to retain records of pledges and payments made through our Services. III. Legitimate interests: This is a technical term in data protection law which essentially means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

For other purposes we will ask for your consent and you will be entitled to withdraw this consent any time, with no impact on the validity of the processing before your consent has been withdrawn.

8. HOW DO WE USE YOUR INFORMATION?

We use the Personal Information that we collect to operate, improve, and personalize the Website and services including to provide customer service, customize our marketing, to detect, prevent and mitigate fraudulent or illegal activities. You agree that we may use your Personal Data as follows: I. to provide the Services to you; II. to improve and personalize the services we offer; III. to allow us to better respond to your customer service requests; IV. to communicate with you, either via email, telephone, or otherwise as authorized by you to inform you about our Services, V. to better understand how users access and use the website and services, for the purposes of trying to improve the Website VI. to help us develop new products and improve our existing Services; VII. to provide users with more relevant marketing and promotional material; VIII. to assess the effectiveness of and improve advertising and other marketing and promotional activities on or in connection with the Services. IX. for any other purpose with your consent. By continuing to use the OpenBCI services, you are consenting to our use of your Personal Information for the above reasons.

9. DISCLOSURE OF INFORMATION

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may disclose personal information that we collect or you provide as described in this privacy policy: I. To our affiliates, product partners, and manufacturers of products that users purchase through OpenBCI, Inc. II. To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them. III. To fulfill the purpose for which you provide it. IV. For any other purpose disclosed by us when you provide the information. V. With your consent. VI. For legal purposes: We also may share information that we collect from users, as needed, to enforce our rights, protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. We will disclose Personal Data as we deem necessary to respond to a subpoena, regulation, binding order of a data protection agency, legal process, governmental request or other legal or regulatory process. We may also share Personal Information as required to pursue available remedies or limit damages we may sustain. VII. Corporate Changes. We may transfer information, including your Personal Data, in connection with a merger, sale, acquisition or other change of ownership, whether in whole or in part. When one of these events occurs, we will use reasonable efforts to notify users before your information is transferred or becomes subject to a different privacy policy.

10. HOW DO WE STORE AND PROTECT YOUR INFORMATION?

Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful access, destruction, theft, or accidental damage.

We use regular malware scanning and your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.

As required by law, OpenBCI will notify you of any data breach that occurs where your Personal Information has been accessed by unauthorized third parties as soon as possible.

11. TRANSFER TO COUNTRIES OUTSIDE EUROPE

OpenBCI Services are accessible to users globally. Therefore, OpenBCI may transfer your Personal Data to countries outside the European Union and the European Economic Area. When we transfer any data to a country for which no adequacy decision of the European Commission exists, such transfer will be subject to the provisions of the (standard or other) clauses adopted by the European Commission, the EU-US Privacy Shield or other means approved by the EU’s security authorities. If you wish to know more about international transfers of your Personal Data, you may contact us at contact@openbci.com

12. HOW LONG DO WE KEEP YOUR DATA?

We will retain your personal information only for as long as we will be required in order to fulfill the purposes outlined in this Privacy Policy. In certain special cases, longer retention period might be required by law for tax, accounting purposes or other legal requirements and obligations. As soon as we no longer require your personal data to provide our services for other purposes mentioned above, we will promptly delete or anonymize it.

13. THIRD-PARTY LINKS AND SERVICES

Some content or applications, including advertisements, on our Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. We may include or link to third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback or questions about the integrity of third-party links.

14. YOUR PRIVACY RIGHTS & OPTING OUT

You have the right to object to the processing of your personal information in certain situations and can opt out by contacting us, or by unsubscribing from any marketing emails sent to you. For information on opting out of other Partner tracking and advertising, please refer to our Cookie Policy and the Digital Advertising Alliance’s WebChoices tool

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Depending on where you live, you may have additional privacy rights. Under EU laws, you have the following additional rights:

I. The right to be informed; This means anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to. II. The right of access; this is your right to see what data is held about you by a Data Controller. III. The right to rectification; the right to have your data corrected or amended if what is held is incorrect in some way. IV. The right to erasure; under certain circumstances you can ask for your personal data to be deleted. This is also called ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed. V. The right to restrict processing; this gives the Data Subject the right to ask for a temporary halt to processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected. VI. The right to data portability; a Data Subject has the right to ask for any data supplied directly to the Data Controller by him or her, to be provided in a structured, commonly used, and machine-readable format. VII. The right to object; the Data Subject has the right to object to further processing of their data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing. VIII. Rights in relation to automated decision making and profiling; Data Subjects have the right not to be subject to a decision based solely on automated processing.

California residents have additional rights pursuant to Section 1798.83 of the California Civil Code. This law states that companies must inform consumers about the types of Personal Information that have been shared with third parties, who those third parties are, and examples of the types of services or products marketed by those third parties. To request a copy of the information disclosure contact@openbci.com

15. PROTECTING CHILDREN

We do not and will not knowingly collect personal information from any child under the age of 16. If we learn that any user of the Services is under the age of 16, we will take necessary steps to remove information about that user from all systems. If you are a parent or guardian of a child under 16 who you believe has used our Services, please contact contact@openbci.com

16. CONTACT INFO & ENFORCEMENT

If you have any concerns or questions about how OpenBCI handles your personal information, please contact us first. If you feel we have not dealt with your concern you have the right to lodge a complaint with the relevant national supervisory authority or EU Member State.

17. CHANGES TO THIS POLICY

Our Privacy Statement applies to all users worldwide. OpenBCI reserves the right to make changes to this Policy at any time. In the event we do change our Policy you will find the updated version on our website, and users will be emailed to notify them of changes. You can find the current version on our website.

1. WHO ARE WE?​

2. WHAT DOES THIS PRIVACY POLICY GOVERN?​

3. WHAT CONSTITUTES ACCEPTANCE OF THIS POLICY?​

4. WHAT PERSONAL INFORMATION DO WE COLLECT?​

5. HOW DO WE COLLECT INFORMATION?​

6. COOKIES AND OTHER THIRD PARTY TRACKING​

7. LEGAL GROUNDS FOR DATA PROCESSING​

8. HOW DO WE USE YOUR INFORMATION?​

9. DISCLOSURE OF INFORMATION​

10. HOW DO WE STORE AND PROTECT YOUR INFORMATION?​

11. TRANSFER TO COUNTRIES OUTSIDE EUROPE​

12. HOW LONG DO WE KEEP YOUR DATA?​

13. THIRD-PARTY LINKS AND SERVICES​

14. YOUR PRIVACY RIGHTS & OPTING OUT​

15. PROTECTING CHILDREN​

16. CONTACT INFO & ENFORCEMENT​

17. CHANGES TO THIS POLICY​