GDPR PRIVACY ADDENDUM
Last revised: February 28, 2023
2. Data Controller, Data Protection Officer, and Representative
Direqt is the data controller of your Personal Data. Direqt has appointed a Data Protection Officer and a representative in the United Kingdom in compliance with the General Data Protection Regulation and the UK Data Protection Act and UK-GDPR. Direqt, its Data Protection Officer, or its representative may be contacted in any manner set forth below in the “Contact Information” Section of this GDPR Privacy Addendum.
3. Information We Collect About You and How We Collect It
The Personal Data we collect from you is required to enter into a contract with Direqt, for Direqt to perform under the contract, and to provide you with our products and services. If you refuse to provide such Personal Data or withdraw your consent to our processing of Personal Data (when appropriate), then in some cases we may not be able to enter into the contract or fulfill our obligations to you under it.
4. Lawful Basis for Processing Your Personal Data
The processing of your Personal Data is lawful only if it is permitted under the GDPR. We have a lawful basis for each of our processing activities (except when an exception applies as described below):
• Legitimate Interests. We will process your Personal Data as necessary for our legitimate interests. Our legitimate interests are balanced against your interests and rights and freedoms and we do not process your Personal Data if your interests or rights and freedoms outweigh our legitimate interests. Our legitimate interests are to: facilitate communication between Direqt and you; detect and correct bugs and to improve our Website; safeguard our IT infrastructure and intellectual property; detect and prevent fraud and other crime; promote and market our business; and develop our product and services.
• To Fulfill Our Obligations to You under our Contract. We process your Personal Data in order to fulfill our obligations to you pursuant to our contract with you to deliver our goods and services to you, to the extent applicable.
• As Required by Law. We may also process your Personal Data when we are required or permitted to by law; to comply with government inspections, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.
5. Special Categories of Information
We do not ask you to provide, and we do not knowingly collect, any special categories of Personal Data from you.
6. Automated Decision Making
We do not currently use your Personal Data with any automated decision-making process or technologies including profiling, which may produce a legal effect concerning you or similarly significantly affect you. Any changes pertaining to the use of Personal Data with automated decision-making will be updated in this GDPR Privacy Addendum.
7. How We Use Your Information
8. Disclosure of Your Information
9. Your Rights Regarding Your Information and Accessing and Correcting Your Information
• Access and Update. You may contact us through the Contact Information below if you wish to review or change any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
• Restrictions. You have the right to restrict our processing of your Personal Data under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Data is determined to be unlawful, or if we no longer need your Personal Data for processing but we have retained it as permitted by law.
• Portability. To the extent the Personal Data you provide Direqt is processed based on your consent and that we process it through automated means, you have the right to request that we provide you a copy of, or access to, all or part of such Personal Data in structured, commonly used and machine-readable format. You also have the right to request that we transmit this Personal Data to another controller, when technically feasible.
• Withdrawal of Consent. To the extent that our processing of your Personal Data is based on your consent, you may withdraw your consent at any time by closing your account. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your Personal Data.
• Complaints. You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
• How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods listed under Contact Information below. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee subject to a maximum set by applicable law.
10. Consent to Processing of Personal Data In Other Countries Outside the European Economic Area or the United Kingdom
In order to provide our Website, products, and services to you, we may send and store your Personal Data outside of the EEA or the United Kingdom, including to the United States. Accordingly, your Personal Data may be transferred outside the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data. Your information may be processed and stored in the United States and United States federal, state, and local governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your information through the laws of the United States. By using our Website, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where you reside or are located, including in the United States.
11. Data Retention Periods
Direqt will retain your Personal Data for the entire time that you keep your account open or until you request us to delete your Personal Data (subject to the above). After this period, we may retain your Personal Data for 3 years, or for any of the reasons listed below, whichever is longer:
• for as long as necessary to comply with any legal requirement;
• on our backup and disaster recovery systems in accordance with our backup and disaster recovery policies and procedures;
• for as long as necessary to protect our legal interests or otherwise pursue our legal rights and remedies; and
• for data that has been aggregated or otherwise rendered anonymous in such a manner that you are no longer identifiable, indefinitely.
12. Changes to This GDPR Privacy Addendum
We may change this GDPR Privacy Addendum at any time. It is our policy to post any changes we make to our GDPR Privacy Addendum on this page. If we make material changes to how we treat our users’ Personal Data, we will notify you through a notice on the Website home page. The date this GDPR Privacy Addendum was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this GDPR Privacy Addendum to check for any changes.
13. Contact Information
To Contact Direqt (Controller)
800 5th Ave, #101-326
Seattle, WA, 98104
To Contact Our Representative
12 Northbrook Road.
To Contact Our Data Protection Officer