FatStax LLC Privacy Policy – UPDATED May 18, 2018

  1. Our Commitment to Privacy.

This notice describes the Privacy Policy (the “Policy”) for FatStax, LLC, an Indiana limited liability company (“FatStax,” “we,” “us,” or “our”). FatStax is committed to respecting the privacy and protecting the information of our Customers and their Prospects. This Policy is designed to advise you about our practices regarding the collection, use, disclosure and protection of the information we collect from and about Customers and their Prospects when using our web-based and mobile applications and websites. FatStax will never sell or otherwise transfer any Personal Information (as hereafter defined) to any third parties for monetary gain or in violation of applicable laws.

By using the FatStax® Application Platform and accompanying services (“the Services”), you are accepting the practices described in this Privacy Policy.

Please take the time to review this Policy and, if our Policy or procedures change, we will immediately post those changes to our website and any such changes will be effective immediately upon being posted, unless otherwise stated in the change.

Any changes that may be made to this Policy will comply with applicable laws and FatStax’s commitment to respect your privacy and protect your information.

There are two primary roles that interact with or through the FatStax service:

  1. FatStax’s Customer and their authorized user, typically the Company and its sales representatives or agents (the “Customer”) who is viewing and making content available to the Prospect through the FatStax service.
  2. The Customer’s potential buyer (the “Prospect”) who is receiving specific information from the Customer through the FatStax service in respect of a potential business transaction with the Customer.

FatStax provides customer-generated product information and digital materials to Customer’s Prospects. Delivery of this information is initiated by our Customer using our app. We collect activity event information from Customers and their Prospects for the purpose of delivering product information and tracking that activity for Customer reporting purposes. This event information includes the type of action conducted as well as the information used to send the information (email address) and may include name, address, ip address or other profile information (non-sensitive information as defined by GDPR). We may act as a processor of this information under the direction of our Customers, who act as the data controller. Personal information is not processed or used for any other purpose than processing and delivery of product information for the benefit and under the control of our Customer.

Our Customer chooses which Prospects to interact with through the FatStax service and thus whose personal information is collected. In this way, the Customer is acting as the controller as defined by the European Union’s General Data Protection Regulation (GDPR). This means that FatStax is processing the personal information for and on behalf of the Customer, who assumes the role and responsibilities of the controller as defined under GDPR. The Customer is responsible for obtaining the Prospect’s consent to the use of their personal information in compliance with the provisions of GDPR.

Our goal is to provide Customers and Prospects with complete protection of their personal information in compliance with all pertinent data protection regulations including the GDPR. This privacy policy summarizes FatStax’s proactive measures to ensure the protection of this data. Keep in mind that, because FatStax is acting as a processor for our Customers, any compliant privacy policy of that organization will have priority over our policy. This privacy policy under no circumstances shall mean that FatStax is assuming the role or responsibilities of a controller or undertaking responsibilities of its Customers.

  1. What Information is Collected.

(a) Information Provided to Us. The types of information we collect will depend on the Services you use, how you use them and what you choose to provide. We collect information during use of FatStax’s site or apps, or that is provided to FatStax in any other way. For example, to set up an account, Customers may be required to provide a login name, a password, name and billing address. When emailing product information to a Prospect, Customers will be required to provide the Prospects email address and can choose to enter additional contact information. Customers can choose not to provide certain personal information, but this may prevent being able to take full advantage of FatStax’s services and features. Any information that the Customer, or any person with access to their login and password, uploads into our servers remains our Customer’s sole and exclusive property including, without limitation, any files, contact information, industry knowledge, or financial information. No sensitive personal data as defined by GDPR (e.g. medical information, biometrical information, racial information, social security information, criminal information) will be collected or processed by or through the Services without prior written authorization by Prospects and Customer implementation of processes within GDPR guidelines.

(b) Information we collect automatically. When a Customer visits a website, they disclose certain information, such as their Internet Protocol (IP) address and the time of visit. This site, like many other sites, records this basic information about visits to our site and usage of the Services. In order to improve the user experience and provide our Customers with information about how they are using the Services, we may also record the manner in which information is accessed on the site or the Services are used. This includes, recording information on emails sent, or other contacts made, using the Services.

(c) Cookies. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which web pages of the Services you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels are small electronic tags with a unique identifier embedded in websites and/or email, and that are designed to provide usage information like email open rates, measure popularity of the Services, and to access user cookies. As we adopt additional technologies, we may also collect information through these methods.

Most browsers are set up to accept cookies, but the Customer can change their settings to have their browser notify them when they receive a new cookie or to refuse to accept cookies. FatStax may use cookies to identify the Customer and allow them to access the website without having to log in again.

  1. How and When Information is Used.

The information FatStax collects is used for administering our business activities and creating and running our Services. FatStax employees must adhere to this Policy if their business activities require accessing personal information. Any personal information is used to provide Prospect service and to improve the user experience. In addition, FatStax may occasionally use the personal information to notify Customers about changes to our website, new services or special offers.

In the event FatStax needs to disclose personal information to any independent contractors or vendors in order to provide our services, any such independent contractor or vendor is required to follow this Policy, applicable laws, and keep all personal information confidential.

Information collected about an individual user of the Services may be shared with the Customer of FatStax who authorized access to the services. We may aggregate / anonymize and /or de-identify information collected through our services so that such information can no longer be linked to the Customer, the Prospect or any specific device. We may use aggregated/anonymized/de-identified information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties.

  1. How We Protect Your Information.

(a) Third Party Access. The privacy and protection of personal information is important to FatStax. Unless otherwise authorized in this Policy or applicable laws, FatStax will not make any personal information available to third parties without the permission of the Customer, the Prospect, and then pursuant to applicable laws.

(b) Password Protection. The Customer’s access to services and content is password protected using modern encryption methods. We advise that Customers do not disclose their password to anyone. In addition, we recommend that they sign out of password-protected services and clear browser history at the end of their session, where possible. It is the Customer’s responsibility to keep their login name and password confidential.

(c) Secure Connection. FatStax uses a secure, encrypted connection with a current certificate (“SSL Connection”) for all webpages where the Customers transmit personal data including, without limitation, the Personal Information. All data that is uploaded or downloaded from the website will be done over the SSL Connection.

(d) Servers. FatStax stores the Customer’s data in secure servers using a reputable, globally recognized data service provider. Data is continuously backed up and protected.

(e) Internal Protections. In addition to our security software and secure data centers used to protect the confidentiality of the Customer’s information, our business practices are reviewed periodically for compliance with policies and procedures governing the security and confidentiality of our information and compliance with applicable laws. Our business practices limit employee access to confidential information (including the personal information) and limit the use and disclosure of such information to authorized persons. In the event a Customer contacts any FatStax employee and is asked to disclose personal information, such personal information will only be used to address their inquiry and will not be recorded or used for any other purpose without their permission. Please note, FatStax will never contact a Customer through an unsolicited phone call, email or letter to request any personal information. Customers should immediately contact FatStax if they receive any such inquiry.

(f) Advertisers. Customer content contained within FatStax may contain links to various other third party websites. Please keep in mind that each third party website has a different privacy policy and the privacy practices of other websites the Customer may visit are not covered by this Policy.

(g) Data Retention and Destruction. FatStax retains personal information for the sole purpose of providing services to its Customers. Consequently, all personal information for currently active Customers and/or Prospects who have not authorized retention or requested deletion of their personal information will be retained but not accessed according to the following circumstances and for record retention purposes only.

  • Once a Customer or Prospect becomes inactive, FatStax will retain the personal information related to event activity and providing product information for a period of two (2) years from the date FatStax is notified that the Customer or Prospect is no longer active.
  • Aggregated/ Anonymized/ De-identified data related to the business processes of the Customer or FatStax will be retained for seven (7) years .

At the end of the retention period, FatStax will delete and destroy all copies of personal information retained by our system. Paper copies, if any, will be destroyed by shredding. Electronic copies in the possession of FatStax will be permanently deleted from the storage media and wiped from any electronic storage device managed by FatStax.

(h) Data Breach

In the event of a data breach with the Application Platform or Services, FatStax will notify the relevant data protection authority and the Customer and the affected Prospects within 72 hours of a) being notified of the breach by an external entity or b) discovering the breach independently through our own data security systems. FatStax may not be immediately certain which breaches are likely to result in a risk for the rights and freedoms of the individual as specified by GDPR; consequently, our policy is to promptly report all data breaches to affected individuals. Upon discovery, we will immediately implement diagnostic procedures and repair and remedy the conditions leading to the breach of the Services.

 

  1. How You Can Access Your Information.

A Customer or Prospect can request access to, correction, amendment or deletion of any or all of the Customer’s or Prospect’s personal information. The FatStax point of contact for all such requests is

Mark Walker, President, FatStax, LLC

6507 Carrollton Ave, Indianapolis, IN 46220

317-517-9389

mark.walker@fatstax.com

Please keep in mind, it is the Customer’s responsibility to ensure that all such personal information is kept up to date with FatStax.

To the extent the Customer, in its use of the Services, does not have the access to correct, amend, block or delete personal information, as required by data protection legislation, FatStax will comply with any commercially reasonable request by the Customer and Prospects to facilitate such actions to the extent FatStax is legally permitted to do so. To the extent legally permitted, the Customer may be responsible for any costs arising from FatStax’s provision of such assistance.

FatStax will, to the extent legally permitted, promptly notify Customer if it receives a request from a Prospect for access to, correction, amendment or deletion of that person’s personal information.  FatStax will provide Customer with commercially reasonable cooperation and assistance in relation to handling of a Prospect’s request for access to that person’s personal information, to the extent legally permitted and to the extent Customer does not have access to such personal information through its use of the Services.  If legally permitted, Customer may be responsible for any costs arising from FatStax’s provision of such assistance.

 

  1. Email Policies.

(a) Spamming. FatStax does not permit spamming or violation of US email laws (e.g. Can-Spam Act) by our Customers. Please contact us to report any incident of spamming and, in its discretion, FatStax will investigate and resolve the matter. Please keep in mind that FatStax has limited influence over the online or offline activities of our account holders or other third parties, particularly with respect to their use of social media, newsgroups, or forums. While any complaints should be reported to give FatStax the opportunity to investigate, we will not provide information to third parties about our Customers or Prospects (unless we receive their permission or we are required to do so by law) and we encourage people to communicate and attempt to resolve disputes with each other directly.

(b) Advertisements. Occasionally, FatStax may advertise its services, special offers, or changes to its website through email. On every unsolicited email an individual receives from FatStax, they will have the opportunity to “unsubscribe” from FatStax mailing list. Any emails generated by FatStax will comply with the CAN-SPAM Act, FTC guidance, and other applicable laws as may be amended from time to time.

  1. Consent.

FatStax requires that all Customers, authorized users and Prospects subject to GDPR regulatory authority provide affirmative consent to the collection, storage, and use of their information. The Customer is responsible for obtaining the Prospect’s consent as a prerequisite for the use of FatStax’s Services to collect personally identifiable information.

FatStax is in the process of automating the collection of the Prospect’s affirmative consent for the collection, storage, and use of any personal information. Until the automated method is fully operational, FatStax has implemented procedures that enable Customers to comply with GDPR consent requirements for Prospects.

Prospects will be required to provide consent for a Customer to collect, store, and use personally identifiable data using the FatStax Platform. This consent opt-in from Prospects occurs prior to receiving any information from the Customer via the Fatstax Platform. When the Prospect opts-in and consents, FatStax will keep a record of their response. If the Prospect does not opt-in, FatStax may anonymize personal data collected from the record of the event. Prior consent can be withdrawn at any time by the Prospect contacting the FatStax or Customer with their request. Once the Customer or Prospect has communicated this request to FatStax, we will delete all personally identifiable information related to the Prospect and notify the Customer and Prospect upon completion.

  1. Do Not Track.

Various browsers — including Chrome, Internet Explorer, Firefox, and Safari — offer a “do not track” or “DNT” option that sends a signal to web sites’ visited by the Customer about the Customer’s browser DNT preference setting. We do not currently commit to responding to browsers’ DNT signals with respect to our web sites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting Customer intent.

 

  1. Mobile Applications.

Without limiting the generality of this Privacy Statement, in addition to information gathered through our Web sites or submitted to our Services, we may obtain information through applications (“Mobile Applications”) that Customers or their Prospects download to, and run on, their mobile devices (“Devices”). Mobile Applications provided by us may obtain information from, or access data stored on, Customer’s Devices to provide services related to the relevant Mobile Application.

Mobile Applications transmit information to and from Devices to provide the Mobile Application services.

Mobile Applications may provide us with information related to a Customers’ use of the Mobile Application services, information regarding a Customers’ computer systems, and information regarding a Customers’ interaction with Mobile Applications, which we may use to provide and improve the Mobile Application services, or as described in the Terms of Use. For example, all actions taken in a Mobile Application may be logged, along with associated information (such as the time of day when each action was taken). We may also share anonymous data about these actions with third party providers of analytics services.

Information accessed or obtained by the Mobile Application on an individual user’s device may be accessible to the Customer that authorized the user to access the Services, depending on the Customer’s implementation of the Mobile Application.

  1. Effective Date.

This Privacy Policy is effective as of May 25, 2018 and has been updated to incorporate GDPR and other legal requirements for Customers and Prospects that are within the regulatory authority of the GDPR. FatStax complies with all applicable federal, state, and local laws, rules, regulations, and ordinances, and all provisions required thereby to be included herein are hereby incorporated by reference. The enactment or modification of any applicable state or federal statute or the promulgation of rules or regulations thereunder after the effective date will be reviewed by FatStax to determine whether the provisions of this Privacy Policy require formal modification.  Please continue to check this Policy and, if our Policy or procedures change, we will immediately post those changes to our website. Any such changes will be effective immediately upon being posted, unless otherwise stated in the change. If you have questions about this policy or the statements contained within, please contact

Mark Walker, President, FatStax, LLC

6507 Carrollton Ave, Indianapolis, IN 46220

mark.walker@fatstax.com

  1. Summary of Individual’s Rights

Under the GDPR, individuals impacted by those rules have the right to:

  • information about the processing of your personal data;
  • obtain access to the personal data held about you;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased when it’s no longer needed or if processing it is unlawful;
  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
  • request the restriction of the processing of your personal data in specific cases;
  • receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
  • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.
  1. Summary of FatStax Data Processing

The type and amount of personal data FatStax may process depends on the reason FatStax is processing it (legal reason used) and what FatStax wants to do with it. FatStax respects several key rules, including

  • personal data will be processed in a lawful and transparent manner, ensuring fairness towards the individuals whose personal data FatStax is processing (‘lawfulness, fairness and transparency’).
  • FatStax will have specific purposes for processing the data and FatStax will indicate those purposes to individuals when collecting their personal data. FatStax won’t simply collect personal data for undefined purposes (‘purpose limitation’).
  • FatStax will collect and process only the personal data that is necessary to fulfil that purpose (‘data minimization’).
  • FatStax will ensure the personal data is accurate and up-to-date, having regard to the purposes for which it’s processed, and correct it if not (‘accuracy’).
  • FatStax won’t further use the personal data for other purposes that aren’t compatible with the original purpose of collection.
  • FatStax will ensure that personal data is stored for no longer than necessary for the purposes for which it was collected (‘storage limitation’).
  • FatStax will install appropriate technical and organizational safeguards that ensure the security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technology (‘integrity and confidentiality’).