For the purposes of the General Data Protection Regulation, Afiniti is a controller of the Personal Data (as defined below) we hold about you (i.e., Afiniti is responsible for, and controls the processing of your Personal Data).
Afiniti collects personal information from users of our Site. Under the GDPR, this information is defined as “Personal Data”, which means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal information can also include information that we automatically collect about how you access and use the Site and information about the device you use to access the Site. The categories of information we may collect include:
- Personal information about website visitors and prospective clients or partners. We collect personal information from website visitors and prospective clients or partners who contact us through our Site. In this context, we may collect your first and last name, phone number, email address, and any other information that you voluntarily submit to us through our “Contact Us” form or other means of communication.
- Personal information about prospective employees. We collect information about prospective employees when they submit a job application form on our Site. For example, we may collect an applicant’s first and last name, phone number, email address, city and country of residence, and any other personal information that the applicant voluntarily submits to us, such as information contained in a cover letter, resume, or curriculum vitae.
- Other information collected via passive collection and tracking technologies. Like most websites, in addition to the personal information described above, we also gather certain other information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our Site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, general location, and/or clickstream data. We and our third-party service providers may collect such information using the following technologies:
- Server Logs. When you use the Site, we automatically receive and record certain information from your computer (or other device) and your web browser. To collect such information, we may use server logs or applications that recognize your computer and gather information about its online activity.
- Pixel tags. The Site may collect information through a “pixel tag” (also known as a “clear gif” or “web beacon”). A pixel tag is an electronic file that usually consists of a single-pixel image. It can be embedded in a web page to transmit information about your use of the Site.
Afiniti uses the information that it collects for a variety of purposes, including to:
- Contact our clients or prospective clients and respond to requests for information about Afiniti, and marketing emails include clear and conspicuous instructions to unsubscribe from future marketing emails;
- Process and evaluate job applications that we receive from prospective employees;
- Administer the Site, conduct internal auditing, and troubleshoot technical or user issues on the Site;
- Count and recognize visitors and users of the Site and analyze how individuals use our services;
- Improve our existing products and services or create new products and services;
- Generate and analyze trends in the aggregate; and
- Comply with legal and/or regulatory requirements.
From time to time we may contact you with information about our products and services, including sending you marketing messages and asking for your feedback on our products and services. We will only send you marketing messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails.
We may aggregate any of the personal information we collect (so that it does not directly identify you). We may use aggregated information for purposes that include testing our IT systems, research, data analysis, improving the Site and developing new products and features. We may also share such aggregated information with others.
Afiniti may disclose the information that it collects to third parties for a variety of purposes, such as:
- Legal purposes. We may use or disclose your personal information to third parties when we believe, in our sole discretion, that doing so is necessary:
- To comply with applicable laws or a court order, subpoena, request from government or law enforcement, or other legal process;
- To investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party;
- To establish, protect, or exercise our legal rights or defend against legal claims; or
- To facilitate a merger, acquisition, or sale of all or a portion of Afiniti’s assets. You will be notified via email or a prominent notice on our website of any change in ownership, uses of your personal information, and choices you may have regarding your personal information.
- De-identified or aggregated information. Afiniti also may share de-identified and aggregated information about users of our services, such as by publishing a report on trends in the usage of the Sites; and
- With your consent. We may disclose your information to any other third party with your prior consent.
Afiniti is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. As noted below, Afiniti complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
International Transfers, EU–U.S. Privacy Shield, and Swiss–U.S. Privacy Shield
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Afiniti is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, Afiniti may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Afiniti commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. If you have any questions about this Statement or the information that we collect from you in reliance on Privacy Shield, please contact us at the information provided below. In the event that you are concerned about how personal information you have provided to Afiniti has been used, please address your inquiry or complaint first to us at the address listed above. Afiniti takes all concerns about privacy and use of personal information very seriously and shall endeavor to reply to you within 45 days of receiving a complaint. If we fail to respond within that time, or if our response does not adequately address your concerns, you may submit your complaint free of charge to our designated Privacy Shield dispute resolution provider, using this link: https://feedback-form.truste.com/watchdog/request. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Legal basis for processing in the EU
If you are an EU resident, our legal basis for processing personal information, as described above, will depend on the type of information at issue and the purpose for which it is collected and used.
The purposes for which we process your personal information are:
- the provision of personal information by you may necessary for the performance of ay contractual relationship we have with you;
- where it is necessary for compliance with our legal obligations laid down by EU law;
- where in our legitimate interests except where such interests are overridden by your data protection interests or fundamental rights and freedoms such as:
a) to contact you and respond to your requests and enquiries;
b) for business administration, including statistical analysis;
c) to provide the Site to you;
d) for fraud prevention and detection; and
e) to comply with applicable laws, regulations and codes of practice.
The table at ANNEX 1 sets out the categories of personal information we collect about you and how we use that information. The table also lists the legal basis which we rely on to process the personal information.
Your Rights and Choices
You have the following rights in respect of your personal information that we hold: a) Right to object. YOU HAVE A RIGHT TO OBJECT TO ANY PROCESSING BASED ON OUR LEGITIMATE INTERESTS WHERE THERE ARE GROUNDS RELATING TO YOUR PARTICULAR SITUATION. YOU CAN OBJECT TO MARKETING ACTIVITIES FOR ANY REASON WHATSOEVER.
b) Right of access. The right to obtain access to your personal information.
c) Right to rectification. The right to obtain rectification of your personal information without undue delay where that personal data is inaccurate or incomplete.
d) Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
e) Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information.
f) Right to portability. The right to portability allows you to move, copy or transfer personal information easily from one organization to another.
If you wish to exercise one of these rights, please contact us at firstname.lastname@example.org.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. For your protection, we may only implement requests with respect to the information associated with the particular email address you use to send us your request, and we may need to verify your identity before implementing your request.
Data Retention and Access
The security of your information is important to us. We use commercially reasonable physical, technical, and administrative safeguards to protect your information against loss or unauthorized access, use, modification, or deletion. However, no security program is 100% secure, and thus we cannot guarantee the absolute security of your Personal Information. If you have any questions about the security of your Personal Information, you may contact us at email@example.com.
If you have questions regarding our privacy policies or practices or would like to exercise your data protection rights, please contact us at firstname.lastname@example.org. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. If you are located in the European Union, you may contact our Data Protection Officer at email@example.com.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
For all other inquiries, please visit our contact page or write to us at:
Privacy @ Afiniti 6th Floor, 1701 Pennsylvania Ave NW, Washington, D.C. 20006