Privacy & Security
Effective June 26, 2018
OpenBCI collects customer information in an effort to improve our customers’ shopping experiences and to communicate with our customers about our products, services and promotions. OpenBCI recognizes that it must maintain and use customer information responsibly. We value the privacy and security of our customers. We NEVER sell, rent, or disclose your information to a third-party without your express permission, and then only for the purposes of customer service related to order processing and payment, as required by law.
1. WHO ARE WE?
Under European Union data protection legislation, OpenBCI is the “data controller” for personal information collected from our Services. OpenBCI works with several “Partners” and Third Parties (Google, Facebook, Shopify) who are “data processors” under GDPR.
Please read the following carefully to get a clear understanding of how we collect, use, protect or otherwise handle any Personal Information collected from the use of our Services.
3. WHAT CONSTITUTES ACCEPTANCE OF THIS POLICY?
4. WHAT PERSONAL INFORMATION DO WE COLLECT?
The Personal Information that OpenBCI collects varies depending on your use of our Services. Not all of the below items are required for all parts of our Services; for example, payment information and shipping address are only collected when making a purchase, and are not required to access other parts of our site.
When you use OpenBCI services we may collect the following information (how we use it is described later in this document):
I. Contact Information: Name, Address, Phone Number, Email, Username and other basic information submitted when making a purchase, contacting us, or registering on our site. II. Linked social/external accounts: Github, personal website, or other personal social account names/URLS which you provide to us when registering for our Services, or communicating with us through social media. III. Limited financial information: information you provide to us when making purchases from OpenBCI including credit card number, expiration date, verification code, or similar information from other connected payment services (Paypal, Google Pay, Apple Pay). IV. ser Content: any information you include in posts or content shared while using our Services. V. Technical device information: information about the devices which you use to access OpenBCI services, including: Internet and/or network connection (including your IP address); mobile device identifiers; your operating system, browser type or other software; your hardware details; or other technical details provided by your web browser. This is technical data about our users and their actions and patterns, which does not provide personal information. VI. Support query information: any other personal information, or technical information provided in order to help you during any customer support communications. VII. Any other information which you voluntarily submit to us during the use of our Services.
5. HOW DO WE COLLECT INFORMATION?
We collect Personal Information when a user: I. Creates an account II. Makes a purchase III. Accesses or logs into our Services IV. Uploads or shares User Content either on our site or through connected social media platforms V. Communicates with us via all channels VI. Interacts with marketing content and advertisements from OpenBCI or our Partners VII. Through “Cookies” VIII. Completes surveys or other optional forms from our communications with users When submitting to OpenBCI any information about a third party, such as a friend, research subject, partner, or employee, you represent and warrant to OpenBCI that you have obtained the informed consent of that third party to provide this information to OpenBCI for use as outlined in this Policy.
6. COOKIES AND OTHER THIRD PARTY TRACKING
7. LEGAL GROUNDS FOR DATA PROCESSING
Data protection law in Europe requires a “lawful basis” for collecting and retaining personal information from citizens or residents of the European Economic Area. Our lawful bases include: I. Contractual obligation: In certain circumstances, we need personal data to complete our end of any contract/agreement with you, such as collecting payment information and address to complete your order. II. Legal compliance: Sometimes the law says we need to collect and use your data. For example, tax laws require us to retain records of pledges and payments made through our Services. III. Legitimate interests: This is a technical term in data protection law which essentially means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
For other purposes we will ask for your consent and you will be entitled to withdraw this consent any time, with no impact on the validity of the processing before your consent has been withdrawn.
8. HOW DO WE USE YOUR INFORMATION?
We use the Personal Information that we collect to operate, improve, and personalize the Website and services including to provide customer service, customize our marketing, to detect, prevent and mitigate fraudulent or illegal activities. You agree that we may use your Personal Data as follows: I. to provide the Services to you; II. to improve and personalize the services we offer; III. to allow us to better respond to your customer service requests; IV. to communicate with you, either via email, telephone, or otherwise as authorized by you to inform you about our Services, V. to better understand how users access and use the website and services, for the purposes of trying to improve the Website VI. to help us develop new products and improve our existing Services; VII. to provide users with more relevant marketing and promotional material; VIII. to assess the effectiveness of and improve advertising and other marketing and promotional activities on or in connection with the Services. IX. for any other purpose with your consent. By continuing to use the OpenBCI services, you are consenting to our use of your Personal Information for the above reasons.
9. DISCLOSURE OF INFORMATION
10. HOW DO WE STORE AND PROTECT YOUR INFORMATION?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful access, destruction, theft, or accidental damage.
We use regular malware scanning and your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.
As required by law, OpenBCI will notify you of any data breach that occurs where your Personal Information has been accessed by unauthorized third parties as soon as possible.
11. TRANSFER TO COUNTRIES OUTSIDE EUROPE
OpenBCI Services are accessible to users globally. Therefore, OpenBCI may transfer your Personal Data to countries outside the European Union and the European Economic Area. When we transfer any data to a country for which no adequacy decision of the European Commission exists, such transfer will be subject to the provisions of the (standard or other) clauses adopted by the European Commission, the EU-US Privacy Shield or other means approved by the EU’s security authorities. If you wish to know more about international transfers of your Personal Data, you may contact us at firstname.lastname@example.org
12. HOW LONG DO WE KEEP YOUR DATA?
13. THIRD-PARTY LINKS AND SERVICES
14. YOUR PRIVACY RIGHTS & OPTING OUT
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Depending on where you live, you may have additional privacy rights. Under EU laws, you have the following additional rights:
I. The right to be informed; This means anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to. II. The right of access; this is your right to see what data is held about you by a Data Controller. III. The right to rectification; the right to have your data corrected or amended if what is held is incorrect in some way. IV. The right to erasure; under certain circumstances you can ask for your personal data to be deleted. This is also called ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed. V. The right to restrict processing; this gives the Data Subject the right to ask for a temporary halt to processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected. VI. The right to data portability; a Data Subject has the right to ask for any data supplied directly to the Data Controller by him or her, to be provided in a structured, commonly used, and machine-readable format. VII. The right to object; the Data Subject has the right to object to further processing of their data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing. VIII. Rights in relation to automated decision making and profiling; Data Subjects have the right not to be subject to a decision based solely on automated processing.
California residents have additional rights pursuant to Section 1798.83 of the California Civil Code. This law states that companies must inform consumers about the types of Personal Information that have been shared with third parties, who those third parties are, and examples of the types of services or products marketed by those third parties. To request a copy of the information disclosure email@example.com
15. PROTECTING CHILDREN
We do not and will not knowingly collect personal information from any child under the age of 16. If we learn that any user of the Services is under the age of 16, we will take necessary steps to remove information about that user from all systems. If you are a parent or guardian of a child under 16 who you believe has used our Services, please contact firstname.lastname@example.org
16. CONTACT INFO & ENFORCEMENT
If you have any concerns or questions about how OpenBCI handles your personal information, please contact us first. If you feel we have not dealt with your concern you have the right to lodge a complaint with the relevant national supervisory authority or EU Member State.
17. CHANGES TO THIS POLICY
Our Privacy Statement applies to all users worldwide. OpenBCI reserves the right to make changes to this Policy at any time. In the event we do change our Policy you will find the updated version on our website, and users will be emailed to notify them of changes. You can find the current version on our website.