Effective date: June 25, 2018
ESP International (“ESP”, “we”, “us”, “our”) is committed to fulfilling our responsibilities under the European Union’s General Data Protection Regulation (“GDPR”) in relation to the collection, retention, use, and other processing of personal data that is obtained when EU data subjects visit and interact with our website (the “Website”). This Privacy Notice sets forth how we process EU personal data in our role as a data controller (i.e., when we are responsible for determining the purpose and means of the processing). This Privacy Notice does not apply to processing activities ESP carries out on behalf of its business customers or partners in our role as a data processor.
This Privacy Notice covers:
- Personal Data We Collect
- How and Why We Use Your Personal Data
- How We May Share Your Personal Data
- How We Protect Your Personal Data
- How Long We Retain Your Personal Data
- How We Transfer Your Personal Data
- Your Rights and Choices
- How to Contact Us
Personal Data We Collect
ESP may collect and process the following information when you visit the Website.
- Contact data. You may provide us with your contact details, such as name, job title, employer, address, phone number, email address, or other similar information, which we may use to respond to you or for administrative purposes.
- Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Website and record that data in log files. This log data may include your Internet Protocol (IP) address, the address of the web page visited before using the Website, browser type and settings, the date and time the Website was used, information about browser configuration and plugins, language preferences, and cookie data.
- Device Information. ESP may obtain information about devices that access the Website, including the type of device, its operating system, device settings, unique device identifiers, and crash data.
- Job Application Information. If you apply for a job through our Careers page, we or our vendor may collect your name, email address, physical address, phone number, and resume data.
- Other Information You Provide. This includes emails and other communications that you send us or otherwise contribute, such as customer support inquiries
Note that our Website is dynamic. We may introduce new features, which may involve new or different personal data processing activities. If we intend to process your personal data for a purpose not described above, we will notify you and request your consent to the change as appropriate. We may also modify this Privacy Notice.
How and Why We Use Your Personal Data
We may use the personal data we obtain to:
- Communicate with you
- Provide you with customized services
- Ensure the security and integrity of our Website
- Maintain and promote the Website
- Analyze and learn about how the Website is accessed and used
- Manage our customer and partner relationships
- Protect our and others’ interests, rights, and property
- Comply with applicable legal requirements
We process your personal data pursuant to the following legal bases:
- You have consented to the use of your personal data. When you consent, you can change your mind at any time.
- The processing is necessary for us to provide you with the services and products you request, or to respond to your inquiries.
- We have a legal obligation to process your personal data, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
- To protect your vital interests, or those of others.
- We have a legitimate interest in using your personal data. In particular, we have a legitimate interest in the following cases:
- To analyze and improve the safety and security of our Website. This includes implementing and enhancing security measures and protections and protecting against fraud, spam, and abuse.
- To maintain and improve the Website.
- To operate the Website and provide you with certain tailored advertising and communications to develop and promote our business.
- To anonymize personal data and subsequently use the anonymized information.
How We May Share Your Personal Data
We may share your personal data:
- With our affiliates or business partners when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the Website.
- With our service providers that perform services on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other websites, send marketing and other communications on our behalf, or assist with data storage.
- If we are involved in a reorganization, merger, acquisition, or sale of some or all of our assets.
How We Protect Your Personal Data
We maintain appropriate technical and organizational safeguards designed to help protect personal data from unauthorized disclosure or access and accidental or unlawful destruction, loss, or alteration. Although we use reasonable efforts to safeguard personal data, we cannot guarantee the security of your information obtained through the Website.
How Long We Retain Your Personal Data
We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.
How We Transfer Your Personal Data
If we transfer your personal data out of the European Economic Area (“EEA”) to countries not deemed by the European Commission to provide an adequate level of personal data protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal data, where required by EU data protection legislation:
- Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer.
- The EU – U.S. Privacy Shield Framework (for transfers to third parties in the United States that have self-certified to the Framework).
Please contact us if you want further information on the specific mechanism we have used to transfer your personal data.
Your Rights and Choices
The GDPR provides EU data subjects with certain rights regarding their personal data. Subject to certain conditions, you may ask ESP to take the following actions in relation to your personal data that we hold:
- Provide you with information about our processing of your personal data and give you access to your personal data.
- Update or correct inaccuracies in your personal data.
- Delete your personal data.
- Transfer a machine-readable copy of your personal data to you or a third party of your choice.
- Restrict the processing of your personal data.
- Object to our processing of your personal data for direct marketing purposes.
- Object to reliance on our legitimate interests as the basis for processing of your personal data.
You can submit these requests by email to email@example.com or our postal address provided below. We may request specific information from you to help us confirm your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact us at firstname.lastname@example.org or submit a complaint to the data protection regulator in your jurisdiction. You can find information about your data protection regulator here.
How to Contact Us
ESP International can be contacted via e-mail sent to email@example.com or at the following address:
ATTN: PRIVACY INQUIRY
5920 Dry Creek Lane NE
Cedar Rapids, Iowa 52402
United States of America