PRIVACY POLICY

Date: 28.09.2022

Person responsible for processing: PRIDATECT S.L. 

Purposes of processing:

  • Providing information via the website. 
  • Management of queries through forms, or the website chat. 
  • Free download of training material(s).
  • Attendance and viewing of online training sessions. 
  • Management of the contracting of licences for the Software owned by Pridatect S.L.
  • Management of legal service contracts. 
  • Access to the Pridatect Management and Pridatect Advance Platform, owned by Pridatect S.L. (from now on, the “Platform”)
  • Access to the private area Pridatect Platform (formerly: “Userdesk”), property of Pridatect S.L.
  • Access to the private area of the Academy (materials and video platform). 
  •  

Legal Bases For Processing

  • Express consent of the interested party. 
  • Execution of a contract or implementation of pre-contractual measures. 
  • Legitimate interest in data processing. 
  • Compliance with legal obligations. 

Data Retention

  • The data will be kept for the time strictly necessary to fulfil the purposes it was collected for, provided that the data subject does not revoke his consent. Exceptions will, as well, be made for the fulfilment of legal obligations. 

Target Group

  • Personal data collected through the website will not be transferred to third parties. Without prejudice to those third parties that provide services to Pridatect S.L. with the aim of managing the provision of services, the contractual and/or pre-contractual relationship with the interested parties or processing requests made by them. 

Rights of the Interested Parties

  • Access, rectification, opposition, deletion (‘right to be forgotten’), limitation of treatment, portability and not being the subject of automated decisions. 

Websites:

Further Information

  • Additional and detailed information on data protection can be found in the attached clauses below:

ADDITIONAL INFORMATION ON DATA PROTECTION

In accordance with the provisions of Articles 13 and 14 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR“), and relevant national data protection laws – specifically the Data Protection Act 2018 (UK), the Organic Law 3/2018 of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (Spain) & the Bundesdatenschutzgesetz (BDSG) of Germany – which regulate the right to information in the collection of data, we wish to inform you of the following points:

The personal data that you have provided to us through the website and in any other communications with you will be subject to the Register of Processing Activities for which PRIDATECT S.L. is responsible.

Our postal address is:

Pridatect, S.L. 

Carrer de Tarragona 161, Planta 11ª 

08014 Barcelona, Spain

The contact email of our Data Protection Officer (DPO) is:

dpo@pridatect.com.

Pridatect S.L, has the following profiles in the main social networks of the Internet: Twitter, LinkedIn and Facebook. 

Pridatect S.L. acknowledges that it is responsible for processing the data of its users, followers, or persons who make comments through them. Likewise, Pridatect S.L. is exonerated from any type of responsibility derived from comments made by users and followers on its social networks. Pridatect S.L. may use the profiles described above to inform its users of topics it considers of interest. 

A visit to the website by the user must be made in a responsible manner and in accordance with current legislation and good faith. The website provides a wide range of information, services and data. The user assumes responsibility for correct use of the website. 

The use of any of the contents of the website for purposes that are or could be illicit is totally prohibited, as well as the carrying out of any action that causes or could cause damage or alterations of any kind not consented to by Pridatect S.L., to the website or its contents.

The company reserves the right to make any changes it deems appropriate to its website without prior notice, and may change, delete or add both the content and services provided through it and the way in which they are presented or located on its servers.

Depending on the purpose, we will need to process various types of data, which in general will be the following:

  • The website provides informative information regarding the services of Pridatect S.L. 
  • Pridatect S.L. offers users the possibility of directly contacting the company through the contact forms provided for this purpose. The collection and automated processing of data that is made through the form ‘Request your free trial’ of Pridatect S.L. are only collected in order to manage your free trial request.
  • The website is fully informative about the services offered by Pridatect S.L. The data may be processed to respond to requests for information about these services. 
  • The collection and automated processing of data that is carried out through the form or chat on the website to request a demonstration or a free trial is collected in order to allow for the possibility of contacting us for legitimate commercial purposes. 
  • Similarly, personal data is collected and processed through forms for registration in online training sessions as well as to allow the users to download various teaching resources.
    • In addition, the online training sessions are recorded to be available to all users on the Pridatect website. Questions asked by participants during the session and the corresponding answers are also recorded and reproduced when the session is made available to users via the website. Statistical data is collected during and after the training session. 
    • If you participate in a webinar, in addition to your registration data, we receive information about the duration of participation, interest in the webinar, questions asked and/or answers given in order to further support the customer or improve the user experience. 
  • The website incorporates a link that facilitates access to the platform through which Pridatect S.L. provides a number of its services through a private area of the website called the “Pridatect Platform”. The personal data incorporated in the aforementioned private area will be processed with the aim of effectively providing the service contracted in accordance with this privacy policy as well as in accordance with the contractual terms and conditions agreed between Pridatect and its clients.

The website incorporates components from third parties. You can consult the complete information on these in the “To whom is your data communicated?” section of this privacy policy. 

Pridatect S.L. provides a number of its services through its private area: the “Pridatect Platform”, or “Platform”. The access to the website requires the acquisition of the consent of the user through privacy and cookie policies. In case of disagreement with this policy, you must refrain from using the Pridatect Platform. In this case you can request both the cancellation of the service and the elimination of any registered user data. 

 

The user is informed, and accepts, that access to the Pridatect Platform is necessary for the provision of the service contracted and, therefore, for the development of the commercial relationship with Pridatect S.L. Usage of the Platform implies consent to the current Privacy Policy.

 

In order to effectively provide the service, and prior to signing, we will need to process the data for different purposes: 

  • The collection and automated processing of data that is carried out through the login form allowing access to the private area of the Platform for clients of Pridatect S.L is collected in order to access the account in the private area. This is a commercial and contractual purpose.
  • The website is fully informative about the legal documentation and/or other documents required for effective compliance with data protection regulations. 
  • The website facilitates the management of the contractual relationship between Pridatect S.L. and its clients. Likewise, the website processes the data with the aim of facilitating communication between Pridatect S.L. and Pridatect S.L. customers. 
  • The data may also be processed to respond to requests for information about the aforementioned services. 

The Pridatect Platform, and the rest of the Pridatect website and offering, may include software components supplied by third parties that are used with the permission of the respective licensors and/or copyright holders on the terms provided by those parties. In this sense, Pridatect S.L. informs you that it communicates data to external suppliers, such as data processors, to carry out certain services. This can be found in the ‘To which recipients is your data communicated to’ section.

You are responsible for maintaining the confidentiality of your password and account, and are fully responsible for all activities that occur through the usage of your password or account. 

Despite having taken all the security measures available to us, given the characteristics of the technology and networks, Pridatect S.L. cannot guarantee zero risk with respect to hacking and theft of user data. Therefore, the user accepts this inherent risk, exonerating Pridatect S.L. from any responsibility for any possible damages derived from said risks. 

In order to minimise any possible damage, the user agrees to (a) inform Pridatect, S.L. immediately when they detect any unauthorised use of their password or account, as well as any breach of security, and (b) to ensure that they leave the Platform once their session is over. Pridatect S.L.. can not, and will not, be liable for any loss or damage arising from the breach of these obligations.

The data incorporated in the Private Area will be kept for the duration of the contractual relationship that is the object of its use, with the sole objective of effectively managing compliance with regulations that are the object of a separate main commercial client contract. Information on user accesses, screens, user interaction, blocking and exceptions may also be processed with the aim of introducing improvements in future versions of the Platform. 

The personal data that the user may provide:

  • Identification details: Name and surname
  • Contact details: Telephone number and e-mail address. 
  • Employment data: Company, job position
  • User name and password.
  • IP address, date and time of access to Pridatect services. 
  • Data on the access device. 
  • Device data, such as device identification number, type, location, operating system, browser type and version, language used, pre-defined consent preferences and also internet provider, if applicable.
  • Tracking data, such as Internet Service Provider, Unique device identifier, Geographic location, Operating system of the device, Date and time of visit, Duration of visit, Referrer URL, Videos viewed, IP address, Browser information, Device information, Mouse movements, Pages visited, Screen resolution, Clicks
  • Any other information or data you decide to share with us through the Pridatect Platform (E.g. pre-existing security policies).

In some cases, it is compulsory to fill in a form to access certain services, such as downloading the training material. Likewise, not providing the personal data requested or not accepting this data protection policy may mean that it is impossible to contact us through the website. 

The personal data obtained through any of the channels of the website will form part of the Register of Processing Activities (RoPA) owned by Pridatect S.L. This will be updated periodically in accordance with the provisions of the GDPR; Pridatect S.L. has adopted all the relevant security measures in this regard. 

The user is informed of the possibility of withdrawing his or her consent if it has been given for a specific purpose, without this affecting the lawfulness of the previous processing based on consent prior to withdrawal. 

The processing of your data can be based on the following legal bases: 

  • Express consent by users to complete the forms for sending commercial communications and information adapted to the user’s profile. 
  • Application of pre-contractual measures for the execution of contracts of sale and supply of licenses and/or professional services. 
  • Application of contractual measures for the provision of the services agreed between Pridatect S.L. and its clients.
  • Legitimate interest in relation to the following purposes: 
  • Creation of profiles by means of navigation on the website by a client or user registered on the platform, as well as all those users who have provided us with data for any other purpose. 
  • Creation of profiles for sending information on promotions, latest news and personalised information adapted to the user’s profile.
  • The legitimate interest of Pridatect S.L. is to be able to guarantee that our website remains secure, as well as to help us understand the needs, expectations and level of satisfaction of our users and, therefore, improve our services and products. All actions are carried out with the aim of improving the level of user satisfaction and ensuring a unique browsing experience and commercial product. 
  • Compliance with legal obligations to prevent fraud, ensure collaboration with public authorities and/or avoid possible claims from third parties. 

The processing of data for the purposes described will be maintained for the time necessary to comply with the purpose of their collection, as well as to comply with the legal obligations arising from the processing of the data. Without prejudice to the fact that the conservation is necessary for the formulation, exercise or defence of potential claims; whenever permitted by the applicable legislation. 

 

The default standard retention period for Pridatect S.L. records are 6 years. This is defined as 6 years after the last entry in a record followed by first review or destruction to be carried out. This is in accordance with Spanish Law in accordance with the provisions of Article 30 of the Royal Decree of August 22, 1885, Commercial Code.  For tax purposes, the accounting books and other records where user data may be contained will be kept for 4 years in accordance with Articles 66 to 70 of Law 58/2003, of 17 December, on General Taxation. This is in line with the principles of the UK’s ‘Generally Accepted Accounting Practice’ guidelines (GAAP)

 

Records must only be retained beyond the default Pridatect S.L. retention period if their retention can be justified for statutory, regulatory, legal or security reasons or for their historic value. The disposal periods for records retained for extended duration must be included within line of business retention schedules.

 

The maximum retention period for any Pridatect S.L. records identified as having historic value is defined as 20 years after the last entry in the record, with an additional one calendar year for final review and transfer or destruction.

 

Pridatect S.L., undertakes to cease the processing of personal data when the conservation period has expired, as well as to erase them properly in our database(s). 

In general, Pridatect S.L. will not pass on personal data to third parties, except in those situations in which the data may be passed on to collaborators who provide services to Pridatect S.L., with the aim of managing the provision of services, the contractual and/or pre-contractual relationship with the interested parties or processing requests made by them. In these cases, we ensure that the recipients respect confidentiality and have the appropriate measures in place to protect personal data. 

Pridatect S.L., tries to guarantee the security of personal data when it is sent outside the company. The third parties with which Pridatect. S.L. contracts are obliged to guarantee that the information is treated in accordance with current data protection regulations. 

In those cases where the law may require the disclosure of personal data to public bodies or other parties, only what is strictly necessary for the fulfilment of such legal obligations will be disclosed. 

 

Pridatect, S.L. is part of the Borneo Group – a company headquartered in Singapore, which has made a uniform commitment to comply with the GDPR standard and has implemented necessary data protection requirements. As there are data transfers within the Borneo Group for the purpose of standard business operations, where such data transfers are necessary and legally permissible, the Borneo Group has decided to implement binding internal data protection rules (“Binding Corporate Rules” as defined in Art. 46(2)(b), 47 GDPR). These data protection regulations ensure the protection of personal data within the scope of our internal company data transfers. If you would like further information on this, please contact us at any time at the following e-mail address: dpo@pridatect.com.ç

 

Pridatect S.L. gives personal data to: 

  • Intercom: Pridatect S.L. uses intercom chat as a means of communication with clients and potential clients.   https://www.intercom.com/legal/terms-and-policies
  • Slack: Pridatect S.L. uses Slack as a method of internal communication and for communication with course participants. https://slack.com/intl/es-es/legal 
  • Foxize: Pridatect S.L. uses Foxize as a virtual classroom for the training provided. https://www.foxize.com/politica-privacidad 
  • Salesforce: Pridatect S.L. uses the Salesforce application to keep customer and potential customer information up to date. https://www.salesforce.com/es/company/privacy/ 
  • Holded: Pridatect S.L. uses the Holded application for internal business management. https://www.holded.com/es/privacidad 
  • Stripe: Pridatect S.L. uses the Stripe application to process customers’ online payments. https://stripe.com/es/privacy 
  • Zapier: Pridatect S.L. uses Zapier to transmit the information received to all other applications used. https://zapier.com/privacy/ 
  • Cloudconvert: Pridatect S.L. uses Cloudconvert as a tool to allow the download of documents in .doc format. https://cloudconvert.com/privacy 
  • Amazon Web Services (AWS): Pridatect S.L. works in the AWS cloud for the management of all information. https://aws.amazon.com/es/privacy/?nc1=f_pr 
  • Hotjar: Pridatect S.L. uses Hotjar’s tool to understand the behaviour of web users. https://www.hotjar.com/legal/policies/privacy/ 
  • Active Campaign: Pridatect S.L. uses Active Campaign to send commercial marketing communications as well as to send communications to its clients. https://www.activecampaign.com/legal/terms-of-service 
  • Typeform: Pridatect S.L. uses Typeform to conduct surveys through forms https://admin.typeform.com/to/dwk6gt/ 
  • Lead Forensics: Pridatect S.L. uses Lead Forensic to analyse the users that visit our website https://www.leadforensics.com/privacy-policy/ 
  • GoToWebinar and GoToMeeting from LogMeIn Ireland Limited: Pridatect S.L. uses the services of LogMeIn Ireland Ltd. to conduct online training sessions or webinars. To register, LogMeIn Ireland Ltd. provides us with a registration link. You can view LogMeIn’s privacy policy here
  • SurveyMonkey Europe UC: Pridatect, S.L. employs this software on occasion for cloud-based survey development. Their privacy policy can be found at the following link: https://www.surveymonkey.com/mp/legal/privacy-policy/
  • MixPanel: Pridatect, S.L. employs this software on the Pridatect Platform for the purpose of analytics that further enables our process development. These analytics improve the user experience for clients, as we are able to optimise the service. You may opt out of these analytics at any time by withdrawing consent via the cookie banner. Their privacy policy can be found at the following link: https://mixpanel.com/legal/privacy-policy/ .

The physical server that stores the personal data of the Pridatect S.L. Platform is located in Germany. For more information you can access the following link: https://www.amazon.es/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=201909010 

It is important to note that Aircall, SalesForce, Stripe, Calendly, Google, Facebook, MixPanel & Zapier – as processors – have either a headquarters in the United States, are affiliated with a United States office, or process data in the United States. Information we collect from you might be processed in the United States, and by using these services you acknowledge and consent to the processing of your data in the United States. The United States has not yet received a finding of “adequacy” from the European Union under Article 41 of the GDPR, which means your data might not receive equal protection under the GDPR

Until further developments are achieved in this matter, we rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, we collect and transfer to the U.S. personal data only: with your consent and / or to perform a contract with you. We and our processors endeavour to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with us and the practices described in this Privacy Policy

Please note that transfers to the US are limited, and in particular, transfers from large cloud companies (Google, Youtube, etc.) could be declared illegal in court. Therefore, this paragraph should not be understood as a disclaimer that may protect the company in case of inspection, but rather, as a gesture of good faith or transparency that allows users to make a better decision.

The bulk of user data is stored in Germany, within the European Union (EU). In order to guarantee a sufficient level of protection for data sent to third countries outside the EU, Pridatect S.L. will take sufficient technical and organisational measures. When appropriate, other transfer mechanisms will be employed in order to safeguard your personal data. This could include the use of the new EU Standard Contractual Clauses (SCCs).

You can address your communications and exercise your rights by sending written communication to the following e-mail address: dpo@pridatect.com 

 

By virtue of what is established in the regulations on data protection you can request: 

 

  • Right of access: you can ask for information about the personal data we have about you. 

 

  • Right of rectification: you can communicate any change in your personal data. 

 

  • Right to delete and forget: you can request the deletion of your personal data after they have been blocked. 

 

  • Right to limit processing: this involves restricting the processing of personal data. 

 

  • Right to oppose: you may withdraw your consent to the processing of your data by opposing future processing. 

 

  • Right to portability: in some cases, you can request a copy of the personal data in a structured, commonly used, machine-readable format for transmission to another service.

 

  • Right not to be subject to individual decisions: you can request that decisions not be taken on the basis of automated processing alone, including profiling, which produces legal effects or significantly affects the data subject. 

 

In some cases, the request may be refused if you ask for the deletion of data necessary for the fulfilment of legal obligations. Also, if you have a complaint about the processing of your data, you can make a complaint to the competent data protection authority. 

We only process applicant data for the purpose of, and within the scope of, the application procedure in accordance with legal requirements. The processing of applicant data is carried out to fulfil our (pre)contractual obligations within the scope of the application procedure within the meaning of Art. 6 para. 1 lit. b. GDPR. Art. 6 para. 1 lit. f. GDPR is applicable insofar as the data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, Section 26 BDSG also applies).

 

The application procedure requires that applicants provide us with applicant data. The necessary applicant data is limited if we offer an online form via a job board (e.g., LinkedIn, Xing), and otherwise will collect relevant information that may generally include personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. In addition, applicants can voluntarily provide us with additional information. 

 

By submitting an application to us, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy. If applicants submit their data through a job board (e.g., LinkedIn, Xing) then their data will be processed by the respective platform during transfer to us. The LinkedIn privacy policy providing more information about how they handle your personal data can be found at the following link: https://www.linkedin.com/legal/privacy-policy

 

When special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily provided within the scope of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) lit. b GDPR (e.g. health data, such as severely disabled status). When special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants in the context of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) a GDPR (e.g. health data, if this is necessary for the exercise of the profession).

 

Furthermore, applicants can send us their applications via e-mail. Please note, however, that e-mails are generally not encrypted and applicants must ensure that contents containing their personal data are encrypted themselves. We cannot therefore accept any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend instead using a secure online form or sending by post. 

 

The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a vacancy is unsuccessful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

 

Subject to a justified withdrawal by the applicant, deletion takes place after the expiry of a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

 

  • Handling of applicant data


    We offer you the opportunity to apply to us (e.g. by e-mail or via an online form on a job posting board such as LinkedIn). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated as strictly confidential.

 

  • Scope and purpose of data collection


    When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given us consent – Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.


    If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 6 Para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

 

  • Retention period of the data


    If we are unable to make you a job offer, if you reject a job offer or if you withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.


    Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations prevent deletion.

The user is solely responsible for the validity and correctness of the data included on the website, exonerating Pridatect S.L. from any responsibility in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated as and when changes occur. The user agrees to provide complete and correct information in the contact or subscription form.

Pridatect S.L. is not responsible for the validity of the information that is not of its own elaboration and of which another source is indicated, and therefore it does not assume any responsibility for hypothetical damages that could arise from the use of this information.

 

Pridatect S.L. reserves the right to update, modify or eliminate the information contained in its web pages and may even limit or not allow access to this information. Pridatect S.L. is exonerated from any responsibility for any damage or harm that the user may suffer as a result of errors, defects or omissions in the information provided by Pridatec S.L., provided that this information comes from sources other than Pridatec S.L. 

Pridatect S.L. has adopted the legally required levels of security for the protection of personal data, and attempts to employ all those means or additional technical measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of personal data provided to Pridatect. S.L. Nevertheless, the user must be aware that security measures on the Internet are not impregnable. 

 

Therefore, Pridatect S.L. is not responsible for any hypothetical damage or harm that may arise from interference, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operation of this electronic system, caused by reasons beyond the control of Pridatect, S.L. Delays or blockages in the use of this electronic system caused by deficiencies or overloading of telephone lines or overloading of the Data Processing Centre, the Internet system or other electronic systems, as well as damage that may be caused by third parties through illegitimate interference are to be considered beyond the control of Pridatect, S.L. 

The Pridatect S.L. website and Social Networks use cookies to optimise and personalise your browsing experience. Cookies are physical information files that are stored in the user’s own computer or other browsing device. The information collected through cookies serves to facilitate the user’s navigation of the portal and to optimise the browsing experience. The data collected through cookies may be shared with Pridatect S.L., but in no case will the information obtained by them be associated with personal data or data that can identify the user. However, if the user does not wish to have cookies installed on his or her hard drive, he or she has the possibility of configuring the browser in such a way as to prevent the installation of these files. For more information, see our Cookie Policy. 

Security breaches can be caused by employees, third parties or computer errors. Therefore, we are legally obliged to notify data subjects if their personal data has been seriously affected within a maximum of 72 hours. In addition, users will be notified as soon as the security breach is resolved. Furthermore, the supervisory authority (ICO) will be contacted if the breach is significant and requires notification.

As we do not have an establishment in the United Kingdom (“UK”), we have appointed a representative who you may address if you are a UK-based customer and wish to raise any issues or queries you may have relating to our processing of your personal data and/or this privacy and cookies policy.

 

Our UK representative is:

The DPO Centre, 50 Liverpool Street, London EC2M 7PY, UK

Our UK representative can be contacted directly:

+44 (0) 203 797 1289

Advice@dpocentre.com

This privacy policy is subject to change. We encourage you to review the privacy policy from time to time.