“You” refers to individuals who access and use the Sites or Services. For example, you may be a client or agent of DBC Brand(“Client”) who accesses and uses the Sites or Services, and with whom DBC Brandhas entered into an agreement containing separate terms and conditions that govern delivery, access and use of the Sites or Services (a “Client Agreement”); or you may be a visitor to our Website who is interested in browsing and learning more about us.You must be at least 18 years of age in order to access the Site or Services.
When we collect information from you, we may be doing so on our own behalf (in which case we will be considered a “controller” of your data), or on behalf of a DBC Brand Client who is using the Services to organize an event and manage other event-related activities (in which case, the Client will be the “controller”, and DBC Brand will be considered a “processor” of your data).
Customer: Refers to an individual affiliated with an organization or organization that contracts with DBC Brand to use our services.
Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Protection Legislation or Laws:Means laws and regulations applicable to the processing of Personal Data under the Policy, the GDPR, and the CCPA, to the extent applicable to such processing.
- “GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016); and until 25 May 2018, the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995; and any applicable legislation adopted by any Member State of the European Union, or by the United Kingdom post its ceasing to be a Member State of the European Union.
- The “CCPA” means the California Consumer Privacy Act of 2018, which is referred to as Assembly Bill No. 375. The CCPA became effective as of January 1, 2020.
Homepage: The site hosted at dbcbrand.com, which is used to provide information about the company, market our offerings, products and services.
Personal Information, Personal Data, or Personally Identifiable Information (PII): Refers to the following types of information which may be identifiable to you when you register to use our Services, access various content or features, or directly contact the Site: (i) contact information, such as your email address and name; (ii) your age; and (iii) information for the purpose of authenticating yourself or your account if we have reason to believe, in our sole discretion, that you may be violating site policies or for any other reason we deem necessary.
What data and information do we collect?
- Information that you provide to us
When you use our Services directly or through one of our client organization’s websites, you share some personal information with us, such as your name, email address, and other information that may be considered personal information by various privacy laws.
When you register to attend an event hosted or managed by DBC Brand or when you subscribe to our email newsletters or marketing communications, you provide us your name and contact information.
- Information we collect from you
When you use our services and products, we may collect your IP address, device, and browser information.
- Information we infer from your data
To provide better service to you and to safeguard our systems and clients from abuse and fraud, we may make some inferences from the data you give us and the data we collect about you.
The various categories of data we collect and why we collect them are listed below.
|Name||We use it to identify your submissions (e.g., through an online form).|
|Email address||We use it to contact you with our newsletters, offers and updates. We may also use it to verify your identity and to send you notifications about anything that needs your attention on our services.|
|IP address||We may collect your IP address when you use our systems. We use it to safeguard our systems and clients from abuse and fraud.|
|Other contact information such as phone numbers||Our clients may use our services and products to collect your contact information other than email so that they can reach you regarding your submission.|
|Location information including country, city, postcode, and geocode stored as latitude and longitude.||We use the location information you provide to generate anonymized aggregate statistics of user submissions. We may convert it to geolocation information such as latitude, longitude precise only upto a neighborhood or zipcode.|
|Device and browser information||We use device and browser information collected when you reach out to us via our support channels to diagnose issues and resolve them. We may also use device and browser information to provide you better service by checking for compatibility with our code. We use anonymized aggregate device information to prioritize features and device support. For instance, we may prioritize fixing bugs affecting a particular browser based on aggregate usage statistics of browser used by our users to access our statistics.|
|Questions and queries you submit||All text submitted by you is used to provide support and service. We share information collected via forms and embeds created by our client organizations on our service with that client organization.We do not share your activity with one of our clients with other clients. We may share anonymized aggregate data to detect trends and to market our services.|
|Usage audit||When you use our systems as an admin or a standard user with access to our administrative interface, we store an audit of your activities in our database. This is used to prevent any unauthorized access and to prevent misuse of the system.|
|Payment information||We may collect payment information from you when applicable. Such data is only used for purposes that you explicitly consent to when giving us or our designated service provider the information.|
|Transcript and recordings of calls||When you engage our services, your calls may be recorded and transcribed for record keeping. This data is used to tailor our services to best fit our needs and for quality assurance purposes.|
How We Handle Your Data
Any data that can be attributed to a single user or a household is treated as Personal Information or Personally Identifiable Informationas designated by various privacy laws, and we take all standard security precautions while handling your data.
Access to such data is restricted to authorized personnel or services only.
We store your data in the following places:
- Relational databases: We store your data on a persistent storage that is encrypted at multiple levels.
- Log files: We may record events that occur when you use our products or services in one or more files collectively known as log files.
- Other files: We may store your data in other forms of transient or persistent storage on our infrastructure.
- Caches: To effectively scale our services, we store your information in multiple caching services.
- Third-party services: When applicable, we use third-party services to store and process your information. (See third-party services section for more information)
- Backups and code repositories: We store information backup for business continuity.
- Amazon Web Services who we use to host and process our data and services.
- Heroku who we use to process data and host our services.
- [name of third party service company] who we use for marketing and for scheduling calls with prospective or current partners associated with our Customer Relationship Management objectives. By signing up for a discovery call or requesting any gated content on DBC Brand’s Site, your information will be shared with [name of third party service company] for these purposes.
- Squareup or Square for payment processing.
- Google Analytics who we use to collect usage data about how you use our services.
- Slack who we use to communicate within our team as well as to some third-party services.
- Eventbrite who manages sign-ups for our events and webinars so that we may keep in touch with attendees before and after an event. Any information provided to Eventbrite may also be added to our CRM system.
- Zoom who provide our video conferencing platform for video meetings and webinars. We use the Zoom sign up function to allow participants in meetings and webinars to keep in touch before and after an event. Any information provided to Zoom may be added to our CRM system.
- Gmailwho provide our emailing platform.
- Google Drive who we use to store and collaborate on documents.
- Google Mapswho we use to geocode and display maps.
- Google Hangouts whoprovide our video conferencing platform for video meetings and webinars.
- QuickBooks who we use to track our accounting information including invoices and payments from our clients.
- Google Calendarwho we use to schedule our meetings, calls and webinars with clients.
Sharing Your Information
DBC Brand is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:
- To Third-party services
In addition to third-party service list above, we may also employ short-term contractors or consultants to perform services or audit our systems.
- Business Transfers
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.
- For Legal Requirements
DBC Brand may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of DBC Brand, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability
DBC Brand’s role as data controller or processor
As set forth in privacy laws, a company that has access to your data may be considered a data controller or processor. DBC Brand is sometimes a data controller and sometimes the processor. The following section details when we are considered a controller and when we are a processor.
As it relates to our marketing website, we are a data controller.
When we enter into an agreement with a client organization, we assume the role of a data processor as it pertains to user submissions. We process data as stipulated by the organization. However, we retain the right to use some of the information entered by the end-users for business continuity purposes.
We are the controller of any activity by an end-user that affects more than one of our client organizations. We also own usage audit, analytics, and similar information about how the users engaged with our platform and services. Such data may include user’s contact information and anonymized statistics on the content submitted to our services.
Responsibilities as a controller
We provide mechanisms for our users to access, amend or delete their personal data as long as the request is reasonable and in accordance with the laws. See section on data requests for more information.
Responsibilities as a processor
We will process the data as may be stipulated by the data processor and data controller. We may share data through our APIs or webhooks with other services as directed by the data controller. The responsibility for such transfers reside with the controller.
We will respond to reasonable requests from the controller to access, amend or delete data for an individual user or collective user set as required by the law. Any additional cost incurred to perform such requests will be borne solely by the client in such cases.
We will not hold your personal information for any longer than is necessary for the uses outlined above, unless we are required to keep your personal data longer to comply with the law and any regulatory requirements. Where DBC Brand is the controller of personal data, we will retain your data for up to three (3) years after your last active interaction with our Site and Services.
Where DBC Brand is the processor, we will hold your personal information until told otherwise by the controller. For more information on how your information is used by controllers, please refer to their respective privacy policies.
Data Breach Response
On becoming aware of a data incident, DBC Brand will:
- provide the Customer written electronic notification of the data incident without undue delay;
- make reasonable efforts to identify the cause of such data incident; and,
- where the data incident was not caused by client or customer of DBC Brand, take those steps that DBC Brand deems necessary and reasonable in order to remediate the cause of the data incident to the extent the cause of the data incident is in DBC Brand’s reasonable control.
“Do Not Track” Signal Handling
Most popular browsers provide mechanisms for the users to send a “Do Not Track” signal to websites they visit. There is no consensus on what such signals mean in user privacy context. DBC Brand does not respond to “Do Not Track” signals or other similar mechanisms that provide consumer choice about tracking.
Your Rights as a User
Right to know, rectify and delete personal data
As a user, under data protection legislations, you have the right to know and delete information on you collected by us. You have the right to request the following:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the personal information; and
- The specific pieces of personal information we have collected about you.
Under some laws, you may also have rights to do the following:
- The right to have your personal data rectified if it is inaccurate or incomplete;
- The right to request to have your personal data deleted in certain specific circumstances as set out in Data Protection Laws;
- The right to request to restrict the processing of your personal data in certain specific circumstances as set out in Data Protection Laws;
- The right to ask us not to process your personal data for marketing purposes or for purposes based on our legitimate interests;
- The right to ask us to not undergo automated decision making; and
- Where you have provided consent, to request to withdraw such consent at any time.
Data collected on you over the last twelve (12) months or other period of time specified by the Data Protection Laws is subject to the above provisions and rights.
Right to Opt-Out
If you have consented to receiving marketing communications regarding products and services that we believe may be of interest to you and you later decide that you no longer want to receive this type of marketing or promotional information, you may opt-out at any time by clicking the “Unsubscribe” button at the bottom of the marketing communication, or contacting us at firstname.lastname@example.org.
You may also submit requests to access, update, correct or delete your Personal Information, to no longer receive communications, or to “opt-out” of certain Services, by contacting us at the above email address.
Right to Non-Discrimination
You have the right not to receive discriminatory treatment by us due to your exercising of any of your privacy rights.
Our ability to verify your identity helps us detect spam submissions and bots. If you choose not to verify your email address, we may be unable to provide the same level of service.
Responding to data access requests
You can send us a request to email@example.com to view, rectify or delete information about you collected and held by us.
You may make such requests yourself or via an agent authorized to contact us on your behalf.
We have a duty as the holder of certain personal information to verify your identity when responding to requests to know or delete information to ensure that we do not disseminate information to another person. To verify your identity, we may request and collect additional personal information from you to match it against our records. We may ask you to verify your email address or ask for additional information or documentation if we feel it is necessary to confirm your identity. We may communicate with you through emailor other reasonable means of communication.
We will make reasonable efforts to respond to you within 30 days of receipt of the request. If additional time is needed to fulfill your request or to determine our capability of fulfilling your request, we will notify you if such additional time is needed (but not more than an additional 60 days).
We will attempt to respond to and comply with all reasonable requests. However, we may charge a reasonable fee when a request is manifestly unfounded or excessive.
We retain the right to deny requests under certain circumstances. In such cases, we will notify you of the reasons for denial. We will not provide you with specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of that personal information, your account with us, or the security of our systems or networks.
If we are the processor of the information you requested us to delete, we may redirect your request to the controller of the information.
Propagation and persistence of requests
We will make reasonable attempts to notify any third-party services we may have shared your data with if your request requires making changes to or deleting the shared data. We are not responsible for making sure that such requests are completed.
Because of the nature of the infrastructure and redundancy built in, some data may persist for longer than intended.
DBC Brand does not knowingly collect Personal Data from children under the age of 13.
The Services are intended for a general audience and are not intended for and should not be used by children under the age of 13.
Links to Other Websites
API, webhook usage or data downloads
As an authorized user, when you use our APIs and webhooks or download data, you agree to treat personal data with reasonable precautions and security. We are not responsible for the data once it leaves DBC Brand systems. We do not hold responsibility for verifying the terms of services of the third-party services or systems that the authorized users of our systems send the data to. When delivering data via webhooks, we are acting as the data processor complying with the instructions given to us by our clients who act as the data controller.
- Business critical data. Any data that is reasonably and demonstrably required for our conduct of business or has a legitimate business purpose may be excluded from being deleted.
If we transfer personal information outside of the EEA to a country or framework not determined by the European Commission as providing an adequate level of protection for personal information, the transfers will be under an agreement which covers European Union requirements for such transfers, such as standard contractual clauses. The European Commission approved standard contractual clauses are availablehere.
Your California Privacy Rights
We Do Not Sell Your Personal Information
The CCPA requires us to disclose whether we sell your personal information. We do not sell your personal information.
Categories of Personal Information We Collect
Requests to know
If you are a California resident, under certain circumstances in accordance with applicable law, you have the right to request that we disclose to you specific details about your personal information that we have collected, used, disclosed and sold over the past 12 months and/or a copy of your personal information. These details include: (1) the categories of personal information we have collected about you; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting or selling personal information; (4) the categories of third parties with whom we share personal information; (5) the specific pieces of personal information we have collected about you.
Once we receive your request, we will acknowledge it and either respond in accordance with the law, ask for additional information to verify your identity, clarify the nature of your request, let you know if we need more time, let you know if we need to charge a fee (such as if requests are manifestly unfounded or excessive, in particular because of their repetitive character, taking into account the administrative costs of providing the information or communication or taking the action requested), or we will inform you if we cannot fulfill any part of your request due to an exception under the law. If we know that your request relates to information we process as a service provider to one of our corporate clients, we will forward your request to the relevant client and cooperate with that client as needed to address your request and/or inform you that your request should be submitted directly to the business on whose behalf we process the information.
Requests to delete
If you are a California resident, under certain circumstances in accordance with applicable law, you have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your valid verifiable request, we will delete, de-identify or aggregate your personal information and direct our service providers to do so, or we will inform you if we cannot fulfill any part of your request due to an exception under the law. If your request relates to information we process as a service provider to one of our clients, we will inform you that your request should be submitted directly to the business on whose behalf we process the information.
The verifiable request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Please, however, refrain from sending us sensitive personal information.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable request does not require you to create an account with us. We will only use personal information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
We will respond to your request within a reasonable timeframe in accordance with applicable law. Any disclosures we provide may only cover the 12-month period preceding the verifiable request’s receipt, as required by law.
Information Sale and the Right to Opt-Out
If you are a California resident, you have the right to direct a business not to sell your personal information. Please note that DBC Brand does not sell your personal information, so there is no action required from you to opt-out of selling your information.
In accordance with applicable law, we will not discriminate against you for exercising any of your California privacy rights.