Privacy Policy Statement

GFI USA, LLC (the “Company”, “we”, “our”, or “us”) respects your privacy. This Privacy Policy Statement (“Privacy Policy”) describes the ways we collect information from and about you, what we do with the information, and your privacy rights. By accessing our website, or purchasing our products or services, you acknowledge the collection, use and disclosure of your information as described in this Privacy Policy.

Scope

This Privacy Policy includes the Company’s Privacy Policy Statement. It applies to personal data processed by us as a data controller in our business, including on our websites, mobile applications, and other online or offline offerings (collectively, the “Services”). Where we process personal data as a data processor on behalf of our customers our data collection, usage and sharing is principally governed by the contract with our customer and the customer's privacy policy will apply to the processing of that personal data (see Process Information on Behalf of Our Customers (as processors) below for further detail).

If we expressly agree with you or your organization in a writing signed by an authorized representative of the Company to different terms as a controller than are contained herein, we will honor such different terms as agreed.

Company’s Privacy Policy Statement

1.  Our Collection of your Information

Personal Data

The information we collect may include your personal data, such as your name, email, phone number, other contact information, IP addresses, product and service selections and other data that may identify you.  We collect personal data about you at several different points, including but not limited to the following:

  • when we correspond with you as a customer or prospective customer; 
  • when you visit our website or use the Platform;
  • when you use our software or services;
  • when you register as an end-user of our services and an account is created for you;
  • when you enroll in our newsletter or loyalty program;
  • when you decide to participate in a survey;
  • when you contact us for help;
  • when you attend our customer conferences or webinars;
  • when the websites or mobile apps send us error reports or application analytics data; and
  • when you provide content on our forums, blogs, or social media pages. Any content you provide on these channels will be considered “public”.

2.  Information Collected Automatically or From Others

Automatic Data Collection.  We may collect certain information automatically when you use the Services.  This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and other information about how you use the Services.  Information we collect may be associated with accounts and other devices. Our Services, such as those related to location data management, may collect precise geolocation information in accordance with applicable law.
In addition, we may automatically collect data regarding your use of our Services, such as the types of content you interact with and the frequency and duration of your activities.  Unless contrary to applicable law or contractual agreement, we may combine your information with information that other people provide when they use our Services, including, when the option is available, information about you when they tag you.

Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising technologies.  We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services.  Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.

  • Cookies.  Cookies are small text files placed in visitors’ computer browsers to store their preferences.  Most browsers allow you to block and delete cookies.  However, if you do that, the Services may not work properly.
  • Pixel Tags/Web Beacons.  A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about users’ engagement on that web page.  The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.

Web Analytics Services. We use Google Analytics, a service for the marketing analysis of the site provided by Google, Inc. Google Analytics uses cookies to allow us to see how you use our site, so we can improve your experience. Google’s ability to use and share information collected by Google Analytics about your visits to the site is restricted by the Google Analytics Terms of Use available at http://www.google.com/analytics/terms/us.html and the Google Privacy Policy available at http://www.google.com/policies/privacy/. You can prevent Google Analytics from recognizing you on return visits to the site by disabling cookies in your browser. If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.

Information from Other Sources. We may obtain information about you from other sources, including, but not limited to, Company affiliates, organizations with a relationship with Company (such as customers, prospects and suppliers), social media sites, organizations providing marketing contacts, publicly available databases, and through other third-party services and organizations to supplement information provided by you.  For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made public via your privacy settings.  Information we collect through these services may include your name, your user identification number, your user name, location, gender, birth date, email, profile picture, and your contacts stored in that service.  This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services.

The information in this section is further supplemented by the information in Section 7 (Our Use of Automatic Collection Technologies).

3.  Legal Basis for Processing your Personal Data (where required by applicable law)

With respect to personal data of individuals from the European Economic Area (“EEA”), the United Kingdom (“UK”) or Switzerland, our legal basis for collecting and using the personal data will depend on the personal data concerned and the specific context in which we collect it. Our Company will generally collect personal data from you or a third party only where: (a) we have your consent to do so, (b) where we need the personal data to perform a contract with you (e.g. to deliver the services you have requested), or (c) where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms).

Where required by applicable law, our Company (or the applicable controller) will obtain the consumer's consent before processing their “special category data” or “sensitive data”. Under GDPR, “special category data” is, unless an exemption applies, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Under the Virginia Consumer Data Protection Act, "sensitive data" means personal data (a) revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; (b) genetic or biometric data for the purpose of uniquely identifying a natural person; (c) collected from a known child; or (d) precise geolocation data.

4.  Our Use of your Personal Data

Our Company may use information that we collect about you to:

Fulfill our contract with you and provide you with our Services, such as:

  • delivering the products and services that you have requested;
  • managing your customer relationship and provide you with customer support;
  • communicating with you by email, postal mail, telephone or mobile devices about products or services that may be of interest to you either from us, or other third parties;
  • undertaking activities to verify or maintain the quality or safety of a service or device;
  • processing your financial information and other payment methods for products or Services purchased;
  • managing our business, and
  • allowing you to register for events

Analyze and improve our Services pursuant to our legitimate interest, such as:

  • detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
  • performing research and analysis about your use of, or interest in, our Services or content offered by others, and short-term, transient use, such as contextual customization of ads;
  • undertaking research for technological development and demonstration;
  • improving, upgrading or enhancing our Services or device or those of our Providers;
  • verifying your identity and preventing fraud;
  • debugging to identify and repair errors that impair existing intended functionality, and
  • enforcing our terms and conditions

Provide you with additional content and Services, such as:

  • developing and display content and advertising tailored to your interests on our websites or mobile applications;
  • auditing relating to interactions, transactions and other compliance activities;
  • verifying your eligibility and deliver prizes in connection with promotions, and
  • performing functions you consent to or that are otherwise described to you at the time of collection.

Contact Information. Your email and phone number may be utilized as described herein or for the purposes for which it was provided, including but not limited to, as a method to contact you, or a username to login to a product.

Use De-identified and Aggregated Information.  We may use personal data and other data about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create. Where required by applicable law, Company publicly commits to maintaining and using de-identified data without attempting to re-identify the data

Share Content with Friends or Colleagues.  Our Services may offer various tools and functionalities.  For example, we may allow you to provide information about your friends or colleagues through our referral services.  Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.

Process Information on Behalf of Our Customers (as processors).   Our customers may choose to use our Services to process certain data of their own, which may contain personal data.  The data that we process through our Services is processed by us on behalf of our customer, and our privacy practices will be governed by the contracts that we have in place with our customers, not this Privacy Policy, other than in respect of data transfer to the United States, as described in International Transfers of your Personal data.

If you have any questions or concerns about how such data is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this data.  Our customers control the personal data in these cases and determine the security settings within the account, its access controls and credentials.  We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them.  For a list of our sub-processors, contact us as described below.

5.  Our Disclosure of your Personal Data to Third Parties

We may share your personal data with third parties only in the ways that are described in this Privacy Policy.

Below is a list of categories of personal data (from the California Consumer Privacy Act) we have collected and disclosed about consumers for a business purpose in the past 12 months:

  • Category A: Identifiers;
  • Category B: Personal Data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e));
  • Category D: Commercial information;
  • Category F: Internet or other electronic network activity;
  • Category G: Geolocation data;
  • Category I: Professional or employment-related information;
  • Category K: Inferences drawn from other Personal Data to create a profile about a consumer.

The above list does not include information about personal data collected and disclosed while operating as a service provider to our customers.

We have not sold consumers’ personal information in the preceding 12 months.

In addition to any other disclosures described in this Privacy Policy, our disclosures to others may include:

  • Affiliates and Service Providers. we may provide your information to affiliated entities within our corporate group, as well as with vendors who perform functions on our behalf; such parties provide hosting and maintenance services, virtual infrastructure, payment processing, analysis and other services for us; 
  • Contractors. third-party contractors may have access to our databases.  Usually these contractors sign a standard confidentiality agreement;
  • Business Partners. we may share your data with any parent company, subsidiaries, joint ventures, other entities under a common control or third-party acquirers. We expect these other entities will honor this Privacy Policy;
  • Disclosure for Merger, Sale or Other Asset Transfer. we may allow a potential acquirer or merger partner to review our databases, although we would restrict their use and disclosure of this data during the diligence phase;
  • Disclosure to Protect Us or Others. as required by law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to our Company; or when we believe, in our sole discretion, that the disclosure of personal data is necessary to prevent physical harm or financial loss; to report suspected illegal activity or to investigate violations of our agreements or Company policies; to enforce our terms and conditions, to protect the security or integrity of our products and services,  and
  • Consent. other third parties when you give us permission to do so.

Please note that these third parties may be in other countries where the laws on processing personal data may be less stringent than in your country.

Potential for Other Users to Contact You

To the extent that a given application supports personal messaging functionality between and among end users, you may receive personal messages from other end users.  You can disable this functionality by using the unsubscribe and other disabling instructions in the given application.

6.  Our Security Measures to Protect your Personal Data

Our Company uses industry-standard technologies when transferring and receiving data exchanged between our Company and other companies to help ensure its security. This site has security measures in place to help protect information under our control from the risk of accidental or unlawful destruction or accidental loss, alteration or unauthorized disclosure or access. However, “perfect security” does not exist on the Internet.  Also, if this website contains links to other sites, our Company is not responsible for the security practices or the content of such sites.

7.  Our Use of Automatic Collection Technologies

  • Automatic Collection Technologies. We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies to automatically collect information through the Services. Our uses of these Technologies fall into the following general categories: 
    • Operationally Necessary.  This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
    • Performance Related.  We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services;
    • Functionality Related.  We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services.  This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
    • Advertising or Targeting Related.  We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party sites.
  • Cross-Device Tracking.  Your browsing activity may be tracked across different websites and different devices or apps.  For example, we may attempt to match your browsing activity on your mobile device with your browsing activity on your laptop.  To do this our technology partners may share data, such as your browsing patterns, geo-location and device identifiers, and will match the information of the browser and devices that appear to be used by the same person.
  • Notice Regarding Third-Party Websites, Social Media Platforms and Software Development Kits. Our Company websites and mobile apps may use third parties, including social media platforms, to present or serve the advertisements that you may see at their platforms and web pages and to conduct research about the advertisements and web usage, and we share personal data about you to enable them to show advertisements on their platforms and web-pages. This Privacy Policy does not cover any use of information that such third parties may have collected from you (unless collected through our Services) or the methods used by the third parties to collect that information. Except where expressly required by applicable law, we do not endorse, screen or approve and are not responsible for the privacy practices or content of such other websites or applications.  Visiting these other websites or applications is at your own risk.

    Our Services may include publicly accessible blogs, forums, social media pages, and private messaging features.  By using such Services, you assume the risk that the personal data provided by you may be viewed and used by third parties for any number of purposes.  In addition, social media buttons such as Twitter and LinkedIn (that might include widgets such as the “share this” button or other interactive mini-programs) may be on our site.  These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly.  These social media features are either hosted by a third party or hosted directly on our site.  Your interactions with these features apart from your visit to our site are governed by the privacy policy of the company providing it.

    We may use third-party APIs and software development kits (“SDKs”) as part of the functionality of our Services.  APIs and SDKs may allow third parties including analytics and advertising partners to collect your personal data for various purposes including to provide analytics services and content that is more relevant to you.  For more information about our use of APIs and SDKs, please contact us as set forth below.
  • US Website Usage Monitoring Consent. Your usage of this website is subject to monitoring by us and our service providers. In addition to traditional analytics collection, we may monitor your usage in other ways. We and/or our service provider(s) may track precise mouse movements or insert code to allow us to use or view session replays. We and/or our service provider(s) may make or receive transcripts of chat communications and service tickets.  We and/or our service provider(s) may utilize Facebook pixels or other technology, or pixels, of other advertising, marketing or social media companies, in order to facilitate or engage in advertising or marketing, and provide certain services.

    Session data may be shared with third parties by us, and our third-party service providers may be able to collect data on aspects of your session or communications without express notification, or collecting opt-in consent, on the web page where it happens.

    In the United States, when you agree to the website terms of use, or acknowledge this Privacy Policy, you consent to the collection, usage and disclosure of this information in accordance with our Privacy Policy, and/or where applicable, our service provider's privacy policy. If you wish to retract your consent and have this information deleted, please contact us via the email provided below.

8. Limiting Use, Disclosure, Retention   

Whenever applicable, our Company identifies the purposes for which the information is being collected before or at the time of collection. The collection of your personal data will be limited to that which is needed for the purposes identified by our Company. Unless you consent, or we are required by law, we will only use the personal data for the purposes for which it was collected. If our Company will be processing your personal data for another purpose later on, our Company will seek your further legal permission or consent; except where the other purpose is compatible with the original purpose.

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory and tax, accounting or other requirements.

In some circumstances you can ask us to delete your personal data (see Your Privacy Rights below).

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

9.  International Transfers of your Personal Data                                                                            

We are a global company. Information about you may be stored and processed in the European Economic Area, the United States or any other country in which our Company or agents or contractors maintain facilities. Such countries may have laws which are different, and potentially not as protective as the laws of your own country.

Whenever we share personal data originating in the EEA, the UK or Switzerland, or another country with restricted transfers, we will rely on lawful measures to transfer that data, such as the EU standard contractual clauses.

EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF")

GFI USA, LLC (the “Company U.S. Corporate Group”)  is officially certified under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF, as set forth by the U.S. Department of Commerce and in the Data Privacy Framework (“DPF”) certification of the US organizations of the Company U.S. Corporate Group. 

The Company U.S. Corporate Group relies on these certifications as its primary transfer mechanisms for transfers of personal data from the UK, EU and Switzerland to the US, adheres to the DPF principles for onward transfers of personal data to third parties and remains liable for damages caused by third parties under the DPF unless Company U.S. Corporate Group did not cause the event giving rise to damage. The U.S. Federal Trade Commission has jurisdiction over Company U.S. Corporate Group’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. If there is any conflict between the terms in this notice and the Data Privacy Framework (“DPF”) Principles, the DPF Principles shall govern in connection with personal data of the EEA, UK and Switzerland. To learn more about the DPF, your binding arbitration rights, and to view our certifications, please visit the DPF website at https://www.dataprivacyframework.gov/s/.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, the Company U.S. Corporate Group is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. 

Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to privacy@gfi.com. If requested to remove data, we will respond within a reasonable timeframe. 

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@gfi.com.  

In certain situations, Company U.S. Corporate Group may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

The Company U.S. Corporate Group’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Company U.S. Corporate Group remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Company U.S. Corporate Group proves that it is not responsible for the event giving rise to the damage. 

In compliance with the Data Privacy Framework Principles, Company U.S. Corporate Group commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact Company U.S. Corporate Group by email at privacy@gfi.com.  

Company U.S. Corporate Group  has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you. 

Further, Company U.S. Corporate Group commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on  the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See  https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.

10.  Accuracy of Personal Data

We do our best to ensure that the personal data we hold and use is accurate. We rely on the customers we do business with to disclose to us all relevant information and to inform us of any changes.

11. Your Choices

Marketing. You may manage your receipt of marketing and non- transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested.  We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms or this Privacy Policy).

We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists as required by applicable law.

Mobile Devices. We may send you push notifications through our mobile application.  You may at any time opt- out from receiving these types of communications by changing the settings on your mobile device.  We may also collect location-based information if you use our mobile applications.  You may opt-out of this collection by changing the settings on your mobile device.

“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers.  Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers except as required by applicable law.  Company endeavors to recognize opt-out mechanisms recognized by regulatory authorities to the extent required by applicable law..

Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits.  The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs.  You can access these and learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, https://youradchoices.ca/choices/, and www.aboutads.info/choices/.  To separately make choices for mobile apps on a mobile device, you can download DAA’s AppChoices application from your device’s app store.  Alternatively, for some devices you may use your device’s platform controls in your settings to exercise choice.

Please note you must separately opt out in each browser and on each device.  Advertisements on third-party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites.  These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.

12. Your Privacy Rights

Depending on where you reside, you may have the right to exercise additional rights available to you under applicable laws, including:

  • Confirm Processing. You may have the right to confirm our processing of your personal data as a controller.
  • Access. You may have the right to access your personal data or the categories of personal data that our Company processes.
  • Correct/Update. You may have the right to correct and/or update your personal data.
  • Erasure. You may have a broader right to erasure of personal data that we hold about you. For example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations, among other things.
  • Transparency. You may have the right to request additional information not contained in this Privacy Policy.
  • Object to processing. You may have the right to request that we stop processing your personal data, including the right to opt in or opt out of the sale of your Personal Data to third parties, or to stop sending you marketing communications.
  • Restrict processing. You may have the right to request that we restrict processing of your personal data in certain circumstances. For example, where you believe that the personal data we hold about you is inaccurate or unlawfully held. You may also be able to opt-out of targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects as required by an applicable law.
  • Data portability. In certain circumstances, you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer the personal data to another data controller without hindrance.
  • Sale of Personal Data. You may have the right to opt out of the sale of personal data.
  • Cross-contextual behavioral advertising. You may have the right to opt out of the “sharing” of personal data in connection with cross-contextual behavioral advertising.
  • Withdraw your Consent to Processing Personal Data. Please note that your withdrawal will only take effect for future processing and will not affect the lawfulness of processing before the withdrawal.
  • Accessibility: You may have the right to additional assistance with your privacy rights. If you are unable to reasonably access this Privacy Policy due to a disability, please contact us via the contact information below so that we may determine how to provide you with alternate notice.

If you would like to exercise any of the above rights, please contact our support team or contact our Data Protection Officer (see our contact details in the “Contacting Us” Section below). We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

Company will not discriminate against a data subject for exercising any of its data protection rights.

For reconsideration of our response to your request under any applicable law that provides for an appeal, please request an appeal within the time frame for the appeal notice set forth in the applicable law (or in the event no time frame is provided, then fifteen days) by utilizing the contact information published below.

If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

If you are an individual in the EU / EEA, you  have the right to make a complaint to the relevant Supervisory Authority. A list of EU / EEA Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.  If you are in the UK, you have a right to make a complaint to the UK Information Commissioner's Office. You can visit their website at www.ico.org.uk.

13.  Additional California Privacy Rights (United States only)

Disclosures concerning the California Consumer Privacy Act, as amended, are made above.

California Civil Code Section 1798.83 permits you to request certain information regarding our disclosure of personal data to third parties for the third parties’ direct marketing purposes. To make such a request, please contact us by sending an email to privacy@gfi.com.

Our site, products, and services are not intended to appeal to minors. However, if you are a California resident under the age of 18, and a registered user of our Site or Service, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to privacy@gfi.com. We will process your request in compliance with applicable law.

Under California law, California residents who have an established business relationship with us may opt-out of our disclosing personal data about them to third parties for their marketing purposes.

14. Notice to End Users of Customers

Most of our services are intended for use by organizations. Where the services are made available to you through an organization (e.g. your employer), that organization is the administrator of the services and is responsible for the accounts and/or service over which it has control. Please direct your data privacy questions to your administrator, as your use of the services is subject to that organization's policies. We are not responsible for the privacy or security practices of an administrator's organization, which may be different from this policy.

Administrators may be able to:

  • help you exercise the rights described in “Your Privacy Rights” Section (if applicable);
  • allow you to reset your account password;
  • restrict, suspend or terminate your access to the services;
  • access information in and about your account;
  • access or retain information stored as part of your account;
  • change your information, including profile information associated with your account; and
  • allow you or restrict your ability to edit, restrict, modify or delete information.

Please contact your organization or refer to your administrator’s organizational policies for more information.

15.  Children’s Privacy

Because of the nature of our business, our services are not designed to appeal to minors. We do not knowingly attempt to solicit or receive any information from anyone under the age of 17 (or other age as required by local law).  If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us immediately. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.

16.  Linking to Third Party Properties

  • Website Links. We may create links to other websites. We will make a reasonable effort to link only to sites that meet similar standards for maintaining each individual’s right to privacy. However, many other sites that are not associated with or authorized by our Company may have links leading to our site. Our Company cannot control these links and we are not responsible for any content appearing on these sites. Since this website does not control the privacy policies of third parties, you are subject to the privacy practices of that third party. We encourage you to ask questions before you disclose any personal data to others.
  • App Links. A given application may provide you with an advertising link to other, third-party sites and applications.  Such third-party sites will have their own data collection practices and policies.  Please review the privacy policy for such sites and exercise caution in providing information that personally identifies you.  We have no responsibility, access, or control over the data collection practices and policies of such third-party sites and applications.  You will use such sites and applications at your own risk and outside of the scope of this Privacy Policy.  The provision of such advertisements is done on an “As Is” basis, with no endorsements or representations.

17.  Changes to our Privacy Policy

Our Company may amend this Privacy Policy at any time by posting a new version. It is your responsibility to review this Privacy Policy periodically. Except where applicable law expressly requires further opt-in consent, your continued use of this website and our products and services represents your acknowledgement to the then-current Privacy Policy.

18.  Contacting Us

GFI USA, LLC
2028 E Ben White Blvd, Ste 240-2650
Austin Texas 78741 USA
E-mail:
privacy@gfi.com 

Last Updated: December 29, 2023