Privacy Policy

This Privacy Policy (the “Privacy Policy”) describes how DarwinApps, Inc and its subsidiaries and affiliates (“DarwinApps,” “We,” “Our,” or “Us”) collects, uses, secures, and discloses Personal Information, and what choices you have with respect to that information.

Updates in this latest version of the Privacy Policy reflect changes in applicable data protection laws, including the European Union General Data Protection Regulation (“GDPR”) and the California Consumer Protection Act (“CCPA”). Additionally, We have made this Privacy Policy more clear, concise, and accessible by organizing it into the sections listed in the hyperlinked Table of Contents below.

This Privacy Policy Covers the Following Topics:

Applicability of this Privacy Policy

Information We Collect and Receive About You and How We Use It

Other Information

How, and With Whom, Your Information Is Shared

Data Retention

Data Security

Data Handling

European Data Privacy

Rights with regard to Your Personal Information

GDPR Data Representative in the European Union

Marketing

California Data Privacy

Changes to this Privacy Policy

Contacting DarwinApps If You Have Questions or Concerns

Applicability of this Privacy Policy

This Privacy Policy describes the policies and procedures of DarwinApps located principally at 12110 Sunset Hills Rd #600, Reston, VA 20190 on the collection, use, access, correction, and disclosure of your personal information on darwinapps.com (the “Site”), Our mobile applications: DarwinApps and DarwinApps Box (together, the “Platform”), and the services you may purchase or receive from DarwinApps, including but not limited to Payroll, Benefits Administration, and Managed Services (the “Services”). Your personal information will include any information which is available to Us and may reasonably be used to identify you (“Personal Information”).This Privacy Policy also covers any of your Personal Information which is provided to Us and which is used in connection with the marketing of the Platform, Services, features or content. This Privacy Policy also describes the choices available to you regarding the use of, your access to, and your rights in relation to your Personal Information, generally, and pursuant to applicable regulations for certain European Union and California residents.

This Privacy Policy does not apply to any third party applications or software that can be accessed from the Site, Platform, or the Services, such as applicant tracking systems, social media websites or partner websites (“Third-Party Services”).

Where applicable, a separate agreement may govern the delivery, access, and use of the Platform, Services and Mobile Apps (the “Client Agreement”), including the processing of Personal Information and data submitted through employer-based accounts (“Clients”). The Client that entered into the Client Agreement with DarwinApps may authorize Us to collect, process, and store your personal information and associated Client data. If you have any questions about specific Platform settings or what information DarwinApps has been authorized by Client to process on your behalf, you may contact DarwinApps at the contact information in this notice or your Client administrator for the Platform you use.

Information We Collect and Receive About You and How We Use It

We generally collect and process the following types of Personal Information:

Information You Provide Us:

  • Personal Information. When using the Site, Platform, or Services, you may choose to provide Us with certain Personal Information, such as your name, photograph, employment details, email address, phone number, and other contact information. This information is used to: (i) provide login information to the Platform as well as to carry out Platform processing functions and the Services DarwinApps has been contracted to provide by Client; (ii) communicate with you by responding to your requests, comments and questions; (iii) improve the Site; and (iv) perform various account functions provided by DarwinApps. The GDPR legal basis for processing this information is: (a) the legitimate interest in communicating with you and improving Our Site; and (b) the contractual obligation to perform the Services.
  • Contact Information When you express an interest in obtaining additional information about the Site, Platform, or Services, DarwinApps may ask you to provide your personal contact information, such as your name, email address, and phone number. This information is used to communicate with you by responding to your requests, comments, and questions. The GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions.
  • Device Information. When using the Platform, We may request access to your device’s camera and photo storage. This allows you to take and upload pictures and such access would only be used in ways you choose. You may at any time revoke access at the device level. We do not access your device’s camera and photo storage without your permission. We use mobile analytics software to allow Us to better understand the functionality of Our Platform on your phone or computer. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information We store within the analytics software to any Personal Information you submit within the Platform. When you download or access the Platform, We automatically collect your device information such as operating system version, type, hardware usage statistics, etc. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services.
  • Location Information. We do not ask you for, access, or track any location based information from your mobile device at any time while downloading or using the Platform. However, if you are using the DarwinApps Box App, your employer may enable location tracking technology for time-keeping purposes. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services. If you apply for a job at DarwinApps through the Site, You may provide Us with your location information by selecting the “Locate me” button. We use this information to present to you available jobs near your current location. The GDPR legal basis for processing this information is your consent.
  • Log Data. As is true of most websites and platforms, We gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on Our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site. The GDPR legal basis for processing this information is the legitimate interest in improving the relevance of Our Site.
  • Tracking Technologies. DarwinApps and its partners may use cookies or similar technologies to analyze trends, administer the Site, track users’ movements around the Site, and to gather demographic information about Our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on Our Site or Platform. We partner with third parties to either display advertising on Our Site or to manage Our advertising on other sites. Our third-party partners may use technologies such as cookies to gather information about your activities on Our Site or Platform and other sites in order to provide you with advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union, click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads. The GDPR legal basis for processing this information is the legitimate interest in improving the relevance of Our Site.

Other Information:

  • Social Media Features. Our Site and Platform may include social media features, such as the Facebook “Like” button and widgets, such as the “Share This” button or interactive mini-programs that run on Our Site. These features may collect your IP address, which page you are visiting on Our Site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on Our Site or Platform. Your interactions with these features are governed by the privacy policy of the company providing such service.
  • Single Sign-On. You can log in to Our Platform using sign-in services such as Log in With Google or an Open ID provider. These services will authenticate your identity and provide you the option to share certain Personal Information with Us such as your name and email address to pre-populate Our sign-up form.
  • Blog, Testimonials, and Referrals. Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We display personal testimonials of satisfied customers on Our Site in addition to other endorsements. With your consent, We may post your testimonial along with your name. In addition to your other rights, if you wish to update or delete your testimonial, you can contact Us at info@darwinapps.com. f you choose to use Our referral service to tell a friend about our Site, We will ask you for your friend’s name and email address. You must have the consent of your friend before using this service. We will automatically send your friend a one-time email inviting them to visit the Site. DarwinApps stores this information for the sole purpose of sending this one-time email and tracking the success of Our referral program In addition to their other rights, your friend may contact Us at info@darwinapps.com to request that We remove this information from our database. The GDPR legal basis for processing this information is your consent.
  • Information Related to Data Collected for Our Clients Collection and Use in Providing the Services. When acting as a service provider, DarwinApps collects information under the direction of its Clients. The Client Agreement may govern the delivery, access, and use of the Platform and Services, including the processing of Personal Information and data submitted through Client accounts. The Client (e.g., your employer) controls their Platform and any associated Client data. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the Client administrator of the Platform you use.
  • Client data will be used by DarwinApps in accordance with the Client’s instructions, applicable terms in the Client Agreement, Client’s election of various Platform and Services functionalities, this Privacy Policy, and as required by applicable law. In such cases, DarwinApps acts as the data processor of Client data at the direction of the Client, who acts as the data controller.
  • DarwinApps also uses other information in furtherance of Our legitimate interests in operating Our Site, Platform, and Services.

How, and With Whom, Your Information Is Shared

  • Third Party Services. At times, you may be able to access other Third-Party Services through the Site, for example by clicking on links to those Third-Party Services from within the Site. DarwinApps is not responsible for the privacy policies and/or practices of these Third-Party Services, and you or your employer acting as a DarwinApps Client are responsible for reading and understanding those Third-Party Services’ privacy policies.
  • Information Shared with Our Service Providers. We may share your information with third parties who provide services to Us. These third parties are authorized to use your Personal Information only as necessary to provide these services to Us. These services may include, but are not limited to the provision of: (i) email services to send marketing communications; (ii) mapping services; and (iii) customer service or support, and (iv) providing cloud computing infrastructure.
  • Information Shared with Our Sub-Processors. We employ and contract with people and other entities that perform certain tasks on Our behalf and who are under Our control such as an email service providers to send emails on Our behalf, mapping service providers, and customer support providers Our “Sub-Processors”). We may need to share Personal Information with Our Sub-Processors in order to provide Services to you. Unless We tell you differently, Our Sub-Processors do not have any right to use Personal Information or other information We share with them beyond what is necessary to assist Us in the provision of Services on your or Client’s behalf. Transfers to third parties are covered by subprocessor agreements between DarwinApps and each Sub-Processor. A list of DarwinApps Sub-Processors that process Personal Information of individuals located in the EU can be found here
  • Information Disclosed Pursuant to Business Transfers. In some cases, We may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if We, or substantially all of Our assets, were acquired, or if We go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Us or Our assets may continue to use your Personal Information as set forth in this Privacy Policy. You will be notified via email and/or a prominent notice on Our Site of any change in the legal owner or uses of your Personal Information, as Well as any choices you may have regarding your Personal Information.
  • Information Disclosed for Our Protection and the Protection of Others. In certain situations, We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also reserve the right to access, read, preserve, and disclose any information as We reasonably believe is necessary to: (i) satisfy any applicable law, regulation, legal process or governmental request; (ii) enforce this Privacy Policy, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to user support requests; or (v) protect Our rights, property, or safety. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

We require all third parties to respect the security of your Personal Information and to treat it in accordance with applicable laws. We do not allow third party service providers and Sub-Processors to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes in accordance with Our instructions or the provision of services on DarwinApps’s behalf.

Except as set forth above, you will be notified when your Personal Information is shared with third parties, and will be able to prevent the sharing of this information. Unless We otherwise have your consent, We will only share your Personal Information in the ways that are described in this Privacy Policy.

Data Retention

We will retain your Personal Information and the Personal Information We process on behalf of Our Clients for as long as your account is active or as needed to provide Services to Our Clients in accordance with DarwinApps data retention policies, and as necessary to comply with Our legal obligations, resolve disputes, and enforce Our agreements. You may request removal of your Personal Information at any time by contacting privacy@darwinapps.com.

Data Security

The security of your Personal Information and Our Clients’ information is important to Us. We put in place appropriate technical and organizational measures to ensure your Personal Information is kept secure and protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. When you enter sensitive information (such as login credentials), We encrypt the transmission of that information using Transport Layer Security (TLS). We follow generally accepted standards to protect the Personal Information submitted to Us, both during transmission and once We receive it. When We share your Personal Information with Sub-Processors or other third-party service providers, We base our selection on said parties having adequate safeguards in place that meet Our data protection standards. We audit their compliance with such standards and incorporate contractual provisions ensuring compliance with (i) such standards and (ii) applicable data privacy laws and regulations.

If you have any questions about security on Our Site, you can contact Us at info@darwinapps.com.

Data Handling

All personal data must be handled in accordance with the requirements of the Data Protection Legislation, the Company’s Data Protection Policy, and other related policies. 


All emails containing personal data must be encrypted with the Advanced Encryption Standard 


All emails containing personal data must be marked “confidential”. 


Personal data may be over unsecured networks is not permitted in any circumstances.

Personal data may be transmitted over secure networks only; can’t be transmitted over a wireless network if there is a wired alternative that is reasonably practicable.

Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be deleted using pairwise deletion

Where personal data is to be transferred in hardcopy form it should be passed directly to the recipient

All personal data to be transferred physically, whether in hardcopy form or on removable electronic media shall be transferred in a suitable container marked “confidential”.

All electronic copies of personal data should be stored securely using passwords and Triple Data Encryption Standard (TripleDES).

All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet, or similar. 


All personal data stored electronically should be backed up daily with backups stored onsite. All backups should be encrypted Triple Data Encryption Standard (TripleDES). 


When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of.


No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), whether such device belongs to the Company or other wise without the formal written approval of CTO and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary. 


No personal data should be transferred to any computer or device personally belonging to an employee, agent, contractor, or other party working on behalf of the Company and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the Data Protection Legislation (which may include demonstrating to the Company that all suitable technical and organizational measures have been taken). 


No personal data may be shared informally and if an employee, agent, contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from CTO. 


No personal data may be shared with or transferred to any employee, agent, contractor, or other party, whether such parties are working on behalf of the Company or not, without the authorization of CTO and only then if the sharing or transfer is secure, lawful, and fair. Personal data shared with third parties must be covered by a suitable written agreement to ensure compliance with the Data Protection Legislation. 


Personal data must be handled with care at all times and should not be left unattended or on view to unauthorized employees, agents, contractors, or other parties at any time. 


If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it. 


Where personal data held by the Company is used for marketing purposes, it shall be the responsibility of CTO to ensure that the appropriate consent is obtained and that no data subjects have opted out, whether directly or via a third-party service such as the TPS. 


All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must contain a combination of uppercase and lowercase letters, numbers, and symbols. [All software used by the Company is designed to require such passwords.] 


Under no circumstance As should any passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of the Company, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method. IT staff do not have access to passwords. 


Under no circumstances should any passwords relating to Company systems and/or personal data be saved on any computer or device [that is not Company-owned]. This includes saving passwords in internet browsers and in third-party password manager applications. 


Under no circumstances should any computer or device used for accessing or handling personal datMa be used without the correct security functions enabled including, as appropriate, passwords, PIN codes, biometric security (e.g. fingerprint), and any additional security software provided by the Company. 


All software (including, but not limited to, applications and operating systems) shall be kept up-to-date. The Company’s IT staff shall be responsible for installing any and all security-related updates not more than 1 day after the updates are made available by the publisher or manufacturer, unless there are valid technical reasons not to do so. 


No software may be installed on any Company-owned computer or device without the prior approval of the CTO. [Notwithstanding the above in 6.25, only the Company’s IT staff shall be permitted to install software updates. Users who are not part of the IT staff or do not have the authorization of the IT staff shall not install software updates themselves. Automatic updates (as enabled by the IT staff) are permitted.] 


If any computer or device used to access or store personal data, whether personal or Company-owned, is lost or stolen, the loss or theft must be reported to CTO as soon as possible, and all assistance required provided with any investigation. 


All employees, agents, contractors, or other parties working on behalf of the Company shall be made fLully aware of both their individual responsibilities and the Company’s responsibilities under the Data Protection Legislation and under all applicable Company policies, including (but not limited to) this Policy and the Data Protection Policy. 


Only employees, agents, contractors, or other parties working on behalf of the Company that need access to, and use of, personal data in order to carry out their assigned duties correctly shall have access to personal data held by the Company. 


All sharing of personal data shall comply with the information provided to the relevant data subjects and, if required, the consent of such data subjects shall be obtained prior to the sharing of their personal data. 


All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be appropriately trained to do so. 


All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be appropriately supervised. 


Methods of collecting, holding, and processing personal data shall be regularly evaluated and reviewed. 


All personal data held by the Company shall be reviewed periodically, as set out in the Company’s Data Retention Policy. 


The performance of those employees, agents, contractors, or other parties working on behalf of the Company handling personal data shall be regularly evaluated and reviewed. 


All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be bound to do so in accordance with the principles of the Data Protection Legislation and this Policy by contract. 


All agents, contractors, or other parties working on behalf of the Company handling personal data must ensure that any and all of their employees who are involved in the processing of personal data are held to the same conditions as those relevant employees of the Company arising out of this Policy and the Data Protection Legislation.

Where any agent, contractor or other party working on behalf of the Company handling personal data fails in their obligations under this Policy that party shall indemnify and hold harmless the Company against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure. 


European Data Privacy

Certain European Union residents have additional privacy rights as provided in the GDPR. For such residents, DarwinApps will collect, process, and store your personal information strictly in accordance with the GDPR. The GDPR further governs the transfer of subject personal information from the certain European Area countries outside of the European Union. DarwinApps is based in the U.S., the Site and Platform servers are hosted in the U.S., and many of DarwinApps’s suppliers and Sub-Processors are also based in the U.S. or otherwise outside of the European Union. In providing your Personal Information to DarwinApps, your Personal Information will be sent to the U.S. (or otherwise outside of the European Union). In such cases, DarwinApps will transfer such data in accordance with the GDPR and the following transfer mechanisms:

  • The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

DarwinApps participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view Our certification, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov.

DarwinApps is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. DarwinApps complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, DarwinApps is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that We have not addressed satisfactorily, please contact Our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield Website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

  • European Union Model Clauses. DarwinApps also enters into European Union Model Contractual Clauses, also known as Standard Contractual Clauses, with its Clients to meet the adequacy, privacy, and security requirements for Our Clients that operate in the European Union, and other international transfers of Client data.

Rights with Regard to Your Personal Information

In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over Our use of your Personal Information. DarwinApps respects your control over your information and, in the event that you have provided Personal Information to Us in your use of the Site, We will provide you with information about whether We hold any of your Personal Information as We detail below. You may access, correct, or request deletion of your Personal Information by contacting Us at privacy@darwinapps.com. We will respond to your request within a reasonable timeframe.

As a preliminary matter, when acting as a service provider of Our Clients, DarwinApps may have no direct relationship with the individuals whose Personal Information is provided to DarwinApps through the Platform and Services. An individual who is or was employed by one of Our Clients and who seeks access to, or who seeks to correct, amend, object to the processing or profiling of, or to delete their Personal Information in the Platform, should direct the query to their employer’s HR department if they cannot make the appropriate changes via its access to the Platform provided by the Client.

If located in the European Economic Area (“EEA”), you have the following rights regarding your Personal Information We control:

  • Right of Access. You can request details of your Personal Information We hold. We will confirm whether We are processing your Personal Information and We will disclose additional information including the types of Personal Information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your Personal Information but We may charge you a fee to cover Our administrative costs if you request further copies of the same information.
  • Right of correction. At your request, We will correct incomplete or inaccurate parts of your Personal Information, although We may need to verify the accuracy of the new information you provide to Us.
  • Right to be forgotten. At your request, We will delete your Personal Information if:
    • it is no longer necessary for Us to retain your Personal Information;
    • you withdraw the consent which formed the legal basis for the processing of your Personal Information;
    • you object to the processing of your Personal Information (see below) and there are no overriding legitimate grounds for such processing;
    • the Personal Information was processed illegally;
    • the Personal Information must be deleted for Us to comply with Our legal obligations.

We will decline your request for deletion if processing of your Personal Information is necessary: (i) for Us to comply with Our legal obligations; (ii) for the establishment, exercise or defense of legal claims; or (iii) for the performance of a task in the public interest.

  • Right to restrict processing. At your request, We will restrict the processing of your Personal Information if:
    • you dispute the accuracy of your Personal Information;
    • your Personal Information was processed illegally and you request a limitation on processing rather than the deletion of your Personal Information;
    • We no longer need to process your Personal Information, but you need your Personal Information in connection with the establishment, exercise or defense of a legal claim; or
    • you object to the processing of your Personal Information (see below) pending verification as to whether an overriding legitimate ground for such processing exists.

We may continue to store your Personal Information to the extent required to ensure that your request to restrict processing is respected in the future.

  • Right to data portability. At your request, We will provide you free of charge with your Personal Information in a structured, commonly used and machine readable format, if:
    • you provided Us with your Personal Information;
    • the processing of your Personal Information is required for the performance of a contract; or
    • the processing is carried out by automated means.
  • Right to object. Where We rely on Our legitimate interests (or that of a third party) to process your Personal Information, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless We have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims. We will always comply with your objection to processing your Personal Information for direct marketing purposes.
  • Right not to be subject to decisions based solely on automated processing. You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given Us your explicit consent or where they are necessary for the performance of a contract with Us.
  • Right to withdraw consent. You have the right to withdraw any consent you may have previously given Us at any time. In order to exercise your rights in this section We may ask you for certain identifying information to ensure the security of your Personal Information. To request to exercise any of the above rights, please contact Us at privacy@darwinapps.com. We will respond to your request within 30 days or provide you with reasons for the delay.

Usually, We will not charge you any fees in connection with the exercise of your rights. If your request is manifestly unfounded or excessive, for example, because of its repetitive character, We may charge a reasonable fee, taking into account the administrative costs of dealing with your request. If We refuse your request We will notify you of the relevant reasons.

In so far as practicable, We will notify Our Clients and third parties to whom We have disclosed your Personal Information with any correction, deletion, and/or restriction to the processing of your Personal Information. Please note that We cannot guarantee our Clients or other third parties will comply with your requests and We encourage you to contact them directly.

Please note that if you decide to exercise some of your rights, We may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the Site, Platform, and Services.

If you are not satisfied with Our response, you have the right to complain or seek advice from a supervisory authority and/or bring a claim against Us in any court of competent jurisdiction.

GDPR Data Representative in the European Union

VeraSafe has been appointed as Our representative in the European Union for data protection matters relating to Personal Information of persons located in the EU, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted only on matters related to the processing of Personal Information of persons located in the EU. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork T23AT2P

Ireland

Marketing

You may choose to opt in to receive occasional email and other communications from Us, such as communications relating to promotions. You may opt out of receiving such communications at any time by using the “Unsubscribe” link found in such emails, or by emailing Us at info@darwinapps.com. In the context of Us providing you marketing, We may analyze your preferences to make sure the information We provide you is relevant.

California Data Privacy

California residents have certain privacy rights as specified under California law, including the California Consumer Privacy Act of 2018 (“CCPA”). If you are a resident of California, you have the right to know what personal information has been collected about you, and to access that information. You have the right to request deletion of your personal information, though exceptions under the CCPA may allow DarwinApps to retain and use certain personal information notwithstanding your deletion request.

DarwinApps collects various categories of personal information when you or your employer use the DarwinApps Platform or Services, including location information, log data, tracking information, and personal information related to your employment. A more detailed description of the information DarwinApps collects and how we use it is provided above in the sections entitled: Information We Collect and Receive About You and How We Use It, Other Information, and How, and With Whom, Your Information Is Shared.

In addition to Our collection of your Personal Information, DarwinApps may engage certain third parties to perform a function or provide services to you on behalf of DarwinApps including hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer and account relationship management, database storage and management, and direct marketing campaigns. DarwinApps may share your Personal Information with these third parties, but only to the extent necessary to perform these functions and provide such services. DarwinApps requires these third parties to maintain the privacy and security of the Personal Information they process on our behalf.

DarwinApps does not sell your Personal Information when you use the DarwinApps Platform or when you use a DarwinApps Service and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law. DarwinApps does not offer financial incentives associated with the collection, use, or disclosure of your personal information.

DarwinApps will not discriminate against you for exercising any of your CCPA rights. To this end, unless permitted by the CCPA, DarwinApps will not:

  • Deny you access to the DarwinApps Platform or Services;
  • Charge you a different price or rate for the Platform or Services, including the granting of discounts or other incentives;
  • Provide a different or downgraded Platform or Service;
  • Suggest that you may receive a different price or rate for the DarwinApps Platform or its Services or a different or downgraded Platform or Service;

To exercise your rights under the CCPA please submit a verifiable consumer request to DarwinApps by either calling DarwinApps at 1-855-626-3591 by or emailing us at privacy@darwinapps.com. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access to your data twice within a twelve (12) month period. Your verifiable consumer request must:

  • Be made by a natural person;
  • Provide sufficient information to allow DarwinApps to reasonably verify your identity and that you are the person about whom we collected personal information, or you are an authorized representative;
  • Describe your request with sufficient detail that allows DarwinApps to properly understand, evaluate, and respond to your request.

In certain cases, DarwinApps collects and processes personal information on you at the contractual obligation of your employer. In order to respond to a verified request, DarwinApps may be required to provide notice to your employer of your request, and to follow your employer’s instructions as they relate to carrying out your request. DarwinApps cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable request does not require you to create an account, but we may ask you to verify your request by logging into your account if you have one. We will only use personal information provided by a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Changes to this Privacy Policy

DarwinApps may amend this Privacy Policy from time to time to reflect changes to applicable laws and regulations or other requirements applicable to us, changes in technology, or changes to Our information practices. Our use of Personal Information We collect is subject to the Privacy Policy in effect at the time such information is used. If We make material changes in the way We collect or use information, We will notify you by posting an announcement on Our Site or in Platform sending you an email prior to the changes becoming effective.

Contacting DarwinApps If You Have Questions or Concerns

If you have any questions or concerns regarding this Privacy Policy, please send Us a detailed message to privacy@darwinapps.com or at Our mailing address at 12110 Sunset Hills Rd #600, Reston, VA 20190. We will make every effort to resolve your concerns. You may also raise any concerns or complaints with your local Data Protection Authority.

Effective Date: January 1, 2020.

Contact