Last updated: January 2021
We at REDD Global Holdings Corp. (including our subsidiaries, ‘REDD’, 'we', 'our' or 'us' being interpreted accordingly) are committed to protecting your privacy and personal information. Personal information relating to you from which you can be identified that we collect or which you provide is called personal data ('Personal Data').
We collect and process your Personal Data in accordance with applicable law. This includes, without limitation, the UK Data Protection Act 2018 and the General Data Protection Regulation, together with other applicable laws that regulate the collection, processing and privacy of your Personal Data (together, 'Data Protection Law').
What Personal Data do we collect and use?
The Personal Data about you that we collect and use includes the following:
work email address;
work phone number;
username and password;
subscriber and user survey responses;
information regarding your use of our website and services;
IP Address and Referral Data
as well as any other Personal Data that you or your employer may provide to us from time to time.
How your Personal Data is collected
We collect Personal Data about you in various ways as follows:
through your relationship and communications with us with us, for example, if you contact us to enquire about our services;
from your employer if your employer requests that you are made a registered user; and
Please ensure that any Personal Data you supply to us which relates to third party individuals is provided to us with their knowledge of our proposed use of their Personal Data.
What we use your Personal Data for
We may use your Personal Data for one or more of the following purposes:
to create and manage registered user profiles;
to provide and communicate with you about our services, including updates and offers;
to provide support and assistance for our services and service users;
to personalise website content and communications based on your preferences;
to conduct market research;
to protect against or deter fraudulent, illegal or harmful actions;
to provide you with direct marketing communications about what we are doing as well as products, services and/or campaigns which may be of interest to you by post or phone. If required under applicable law, where we contact you by text, email, social media and/or any other electronic communication channels for direct marketing purposes, this will be subject to you providing your express consent. You can object or withdraw your consent to receive direct marketing from us at any time, by contacting us using the email address below;
to resolve disputes;
to enforce and/or defend any of our legal claims or rights; and/or
for any other purpose required by applicable law, regulation, the order of any court or regulatory authority.
Disclosing your Personal Data to third parties
We may share your personal data with:
individuals, companies and/or organisations that act as our service providers (for example, hosting service companies) or professional advisers;
companies and/or organisations that assist us in processing and/or otherwise fulfilling transactions that you have requested and/or running our business (for example, payment processors, fraud prevention service providers, analytics service providers).
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your Personal Data. We also impose contractual obligations on service providers relating to ensure they can only use your Personal Data to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
Data that is Not Personal Data
We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.
We will not transfer your Personal Data outside of territory where your employer is located without your priot written consent, under a contract or another appropriate mechanism which is authorised under Data Protection Law. This is to make sure that your Personal Data is safeguarded in accordance with the same legal standards that apply in the jurisdiction in which you are located.
How long we retain your Personal Data for
We only retain Personal Data identifying you for as long as you have a relationship with us; or as necessary to perform our obligations to you (or to enforce or defend contract claims); or as is required by applicable law
Different retention periods apply for different types of Personal Data. The criteria we use for determining these retention periods is based on various legislative requirements; the purpose for which we hold data; and guidance issued by relevant regulatory authorities.
Personal Data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.
Security that we use to protect Personal Data
We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us (including Personal Data).
Your Personal Data rights
Under Data Protection Law you have the following rights, which are exercisable by making a request to us in writing:
that we provide you with a copy of the Personal Data that we hold about you, along with additional information including details of what the Personal Data is used for and how it is kept for;
that we correct Personal Data that we hold about you which is inaccurate or incomplete;
that we erase your Personal Data without undue delay if we no longer need to hold or process it;
to object to any automated processing (if applicable) that we carry out in relation to your Personal Data;
to object to our use of your Personal Data for direct marketing;
to object and/or to restrict the use of your Personal Data for purpose other than those set out above unless we have a legitimate reason for continuing to use it; or
that we transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contact with you and is being carries out by automated means.
All of these requests may be forwarded on to a third party provider who is involved in the processing of your Personal Data on our behalf.
If you would like to exercise any of the rights set out above, please contact us at the address below.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
We use the following types of cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website (for example, cookies that enable you to log into secure areas of our website).
Analytical or performance cookies. These allow us to recognise and count the number of visitors.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences (for example, your time zone).
The individual cookies we use and the purposes for which we use them are as follows:
client-device-id: this cookie is used to prevent concurrent logins by the same user (each of whom may login simultaneously using only one mobile and one browser), and expires once a browser session ends.
pauth: this cookie is used for session authentication, and removed 12 hours after last API request;
Banner: this cookie is used for tracking the number of sessions in which a banner was shown, and expires when a browser session ends or on logout.
UserSettings: this cookie is used to store user's preferences such as last used view type on home page (headlines/detailed), also contains user's timezone, and expires when a browser session ends.
Instabot: this cookie is used to facilitate the operation of the third party chatbot feature, and expires when a browser session ends.
The cookies we use will only be accessed by us and Instabot for the purposes referred to above. The cookies will not be access by any other third party.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our website.
Data Security and Retention
We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.
We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with our Services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.
Personal Data of Children
We do not knowingly collect or solicit Personal Data about children under 16 years of age; if you are a child under the age of 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided Personal Data to us, please contact us at email@example.com.
European Union Data Subject Rights
If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. REDD will be the controller of your Personal Data processed in connection with the Services.
Personal Data Use and Processing Grounds. Section 4 above explains how we use your Personal Data. We process your Personal Data for the above purposes relying on one or more of the following lawful grounds.
where you have freely provided your specific, informed and unambiguous consent for particular purposes;
where we agree to provide product(s) and/or services to you, in order to take any pre-contract steps at your request and/or to perform our contractual obligations to you;
where we need to use your Personal Data for legitimate purposes relevant to us being able to minimise fraud or misuse of our services or systems that could be damaging for us and for you, to make sure we are following our own internal procedures and to be as efficient as we can so we can deliver the best service to you, to keep in touch with our customers about our services. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your other legal rights and freedoms and, in particular, your right of privacy;
where we need to protect your vital interests or those of someone else (such as in a medical emergency) and/or
where we need to collect, process or hold your Personal Data to comply with a legal obligation.
EU Data Subject Rights. You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at firstname.lastname@example.org. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
Erasure: You can request that we erase some or all of your Personal Data from our systems.
Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
Right to File Complaint: You have the right to lodge a complaint about REDD'S practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.