Effective date: 20 January 2020
Collected and Received Personal Data through the Platform
Layerise might receive or collect Personal Data which is stored in or transmitted via the Platform by, or on behalf of, our Customers. This may include Personal Data such as contact information of our Customers Individual Users (first and last name, email or physical address, telephone number), purchase history, correspondence between End Users and their Individual Users. This Personal Data may be provided to us directly by our Customers or through third-party services such as connections and/or links to third party websites and/or services that Layerise enables Customers to integrate with and access through the Platform, including, without limitation, via application programming interfaces, workflows or webhooks (“Third-Party Applications”).
We also collect Personal Data from Customer Individual Users such as name, email address, phone number, address, profile image and data about Customer Individual Users use of our Platform. This Personal Data may be received or collected by us directly from our Customers and Customer Individual Users, through Third-Party Applications or by automated means, such as cookies (e.g. essential cookies) and web beacons through our use of sub-processors.
Our Use of the Personal Data
We use the data we collect in accordance with our Customer Agreements, to operate and provide the Platform and for related internal purposes, including: (a) enabling Customer Individual Users to access and use the Platform; (b) providing information about the Platform, responding to inquiries, complaints, and requests for support; (c) as we believe necessary or appropriate to comply with applicable law, enforce the terms and conditions that govern the Platform, protect our rights, privacy, safety or property, and/or that of you or others, and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity; and (d) improving our Platform, including by using aggregated and/or de-identified data.
Personal Data Sharing
We share the Personal Data we collect with (a) our Customers and End Users, to the extent the Personal Data pertains to End Users and Customer’s Individual Users; (b) sub-processors that help us provide, manage, secure and improve the Platform (you can see our list of third party sub-processors in our Data Processing Addendum); and (c) Third-Party Applications that you have set up for integration.
End Users that install or access any Third Party Applications may be required to accept privacy notices provided by those Third Party Applications. Please review those notices carefully, as Layerise does not control and cannot be responsible for these Third Party Applications’ privacy or information security practices.
We may also share Personal Data with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Platform; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity, in the event of active or prospective litigation or arbitration, for regulatory compliance efforts and/or audit.
The Process We Use to Secure and Protect Personal Data
The security of Personal Data is important to us. Layerise uses generally accepted physical, electronic, and procedural safeguards to protect Personal Data submitted to us (both during transmission and once it is received) from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction in accordance with applicable law to protect the Personal Data.
Customers must prevent unauthorized access to End users’ account and Personal Data stored in the Platform by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account. We also recommend that our Customers take steps to protect against unauthorized access to any devices, networks and applications (including Third Party Applications) connected to, or integrated with, the Platform.
We endeavor to protect the privacy of End User accounts and the Personal Data we store in the Platform. Unfortunately, we cannot guarantee that any safeguards or security measures will be sufficient to prevent a security problem. See the data security section on our website and the Customer Agreements for additional information regarding Layerise’s information security practices.
We retain Personal Data so long as Layerise’s contractual obligations remain with our Customers. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in aggregated and/or de-identified data but not in a way that would identify Customer, End User or Individual Users.
Customers are the data controllers of Individual Users’ Personal Data. As such, Customers are responsible for receiving and responding to requests from their Individual Users and other individuals to exercise any rights afforded to them under applicable data protection laws. If requested to remove Personal Data by a Customer, we will respond within a reasonable timeframe and in accordance with the Customer Agreements.
Because we may only access a Customers’s data upon their instructions, if Layerise receives a data subject request directly from a Customer Individual User using our data subject access request page, Layerise will inform the Customer Individual User to contact the Customer directly about any request relating to his/her Personal Data such as access or deletion, and to the extent that the applicable data protection law does not prohibit Layerise from doing so, we will refer their request to the Customer they specify in their request. Layerise will not further respond to a data subject request without Customer’s prior consent and will assist Customers in responding to such requests as set forth in the Customer Agreement.
We only use your Personal Data as permitted by law. Our legal grounds for our collection and processing of the types of Personal Data is based on one or more of the following: (a) Consent: the consent you provide to us when you share or submit your Personal Data with or to us; (b) Legitimate Interest: our “legitimate interest,” as defined by GDPR, or the legitimate interest of a third party, including you. For example, we may use your Personal Data to administer and conduct our business with you, and to respond to your requests, inquiries and complaints; (c) Contract: our performance of a contract; and (d) Legal Obligation: our compliance with a legal obligation that we are or may be subject to.
|Category of data||Source of data||Purpose of processing||Grounds for processing||Retention period or criteria|
|End Users||From the Platform and Third-Party Applications||To provide the Platform, communicate with the Customer & comply with an applicable law||Contractual, legal obligation, legitimate interest & consent||5 years or until no longer applicable, whichever occurs first|
|Individual Users||The Platform||To provide the Platform & comply with an applicable law||Contractual, legal obligation, legitimate interest & consent||5 years or until no longer applicable, whichever occurs first|