How GPS.cards Protects your Personal Information.
GPS.cards is a division of ElectroFlip LLC, the parent company.
- Only collecting personal information required to provide you with the best experience possible and protecting it with the best technology and business practices available.
- Only using personal information to process your orders and providing a personalized, rewarding customer experience.
- NEVER selling, renting, or giving away your personal information at any capacity.
Information We Collect
While using our website, we may ask you to provide us with certain personal data that can be used to contact or identify you (“Personal Data”). Personal Data may include, but is not limited to:
- Email Address
- First name and Last name
- Phone Number
- Address, State, City, Province, ZIP/Postal code, Country
- Job title, Profession
- GPS brand, model, tracking data, you provide
- Pictures, Videos, or Reviews you provide
Information Collected Automatically
- Log & Device data. When you visit our website, we may automatically record information (“log data”), including information that your browser sends whenever you visit our website. This log data may include your web address you came from or are going to, your device model, operating system, browser type, unique device identifier, IP address, mobile network carrier, and time zone or location.
- Our third party service providers may provide us information that tells us how our marketing ads, often placed on third party websites, performed and who clicked on them. This information does not identify any specific individual. If we were to associate it with you we would treat it as personal data.
Use of Cookies
- Analytics: These cookies collect information about who is visiting our website and how users engage with our website. This information does not identify any individual user. It is aggregated and anonymous. Examples of information included: number of visitors to our website, referring website, pages visited, time of day visited, repeat visitations, and other aggregated trends. This information is used to help us understand website usage, which allows us to improve services and maintain security monitoring. Please see ‘Sharing and Disclosure’ below for a listing of our analytics providers.
- Advertising cookies: Based on your browsing history and with our permission, we use third-party advertising partners to display to you relevant ads on external sites. Within these cookies, we may also know your location such as latitude, longitude, GeoIP, and other location specific information. Please see ‘Sharing and Disclosure’ below for your choices on cookies in the use of advertising.
- Essential cookies: These cookies help run our website and make your experience better. These include cookies that allow you access to members-only sections or make our website load quickly. These cookies are only used to provide you with these services.
- Functionality cookies: These cookies allow the website to remember preferences you have selected, such as login status or shopping cart selections. These are designed to make the website easier to to use.
- Social Media cookies: We use social media tools on our website and these cookies allow the social media network to record when you have liked or engaged with a social media tool on our website. In some situations, the social network may send us data that you have set to share. If you do not want the social media network to share information with us, please check your privacy settings with the social media network. Please see below for a list of integrated social media services.
- E-Mail cookies: To help us make e-mails more useful and interesting, we often receive a confirmation when you open e-mail from us if your computer supports such capabilities. You can opt out of receiving emails from us. Please see the Your Choices section below.
- Pixel tagging: We might also use a pixel tag which is a small graphic file that allows us and third parties to monitor the use of the website and provide us with information based on your interaction with the website. These tags may collect the IP address from the device which you loaded the page, the browser type. Pixel tags are also used by our third parties to collect information when you visit our website, the links and other actions you take on our website, and we may use this information in combination with cookies to display targeted advertisements.
- Other data technologies may be used that collect comparable information for security and fraud detection purposes.
Use of Your Information—Grounds for Using Your Personal Data
Our Direct Business Interests:
- To provide you with information requested from us relating to our products or services.
- To provide information on other products which we feel may be of interest to you, if you have consented to receive such information. If you are an existing customer, we may contact you with information about goods and services similar to those you purchased previously.
- To notify you about any changes to our Website, such as improvements or service changes, that may affect our service to you.
- Performance of Contract: To meet our contractual commitments to you and in performance of contractual obligations to you.
- We may use your data, or permit selected third parties to use your data, so that you can be provided with information about unrelated goods and services which we consider may be of interest to you.
- We may contact you about these goods and services by any of the methods that you consented to at the time your information was collected.
- If you are a new customer, we will contact you or allow third parties to contact you only when you have provided consent, and only by those means you provided consent for.
- If you do not want us to use your data for ourselves or third-parties, you will have the opportunity to withhold your consent when you provide your details to us on the form on which we collect your data.
Sharing and Disclosure
With third party service providers, agents, or contractors. We use other companies, agents or contractors (“Service Providers”) to perform services on our behalf or to assist us with providing services to you. For example, we engage Service Providers to process credit card transactions and other payment methods. We may also engage Service Providers to provide services such as marketing, advertising, communications, infrastructure and IT services, to provide customer service, to collect debts, and to analyze and enhance data (including data about users’ interactions with our service). These Service Providers may have access to your personal or other information in order to provide these functions. In addition, some of the information we request may be collected by third party providers on our behalf. We do not authorize them to use or disclose your personal information except in connection with providing their services on our behalf to you.
With third party analytics providers: We use Google Analytics, which is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our services. This data is shared with other Google Services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
- You can opt-out of having made your activity on the Google Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
- For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/
- Google also recommends installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout) for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
- You may opt out of the use of the DoubleClick Cookie for interest-based advertising by visiting the Google Ads Settings web page: http://www.google.com/ads/preferences/
- We use third-party Service Providers to show advertisements, which may include targeted advertisements on a third party website after you have visited our website. We and the third party service providers use cookies to inform, optimize, measure performance serve ads based on your previous visits to our website. Any tracking that a third party website performs is subject to their own privacy notice.
With Social Media: We use Twitter.
- You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
- For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page at http://www.google.com/intl/en/policies/privacy/
- You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950
- To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
- To see more about Facebook’s participation in the Digital Advertising Alliance please visit the Choices section of this notice.
- For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation
- We may participate in Facebook.com’s Custom Audience or LinkedIn’s Audience program, which enables us to display personalized ads to persons on our email list when they visit Facebook or LinkedIn respectively.
- We provide Personal Information such as your email address and phone number to this social media provider to enable it to determine if you are a registered account holder. You may opt-out of participation in this program by contacting us as noted below. You may also opt out of receiving these ads from the social media network directly.
Business Transfers. We may engage in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding that involves the transfer of the information described in this Policy. In such transitions, customer information is typically one of the business assets that is transferred or acquired by a third party. In the unlikely event that we or substantially all of our assets are acquired or enter a court proceeding, you acknowledge that such transfers may occur and that your personal information can continue to be used as set forth in this privacy policy.
Storing Your Personal Data/Transfer of Data
This website is operated in the United States. If you are located in another jurisdiction, please know that your information will be transferred to, stored, and processed in the United States. By using this website and providing us with information, you consent to this transfer, processing and storage of your information in the United States. It is important to note that the privacy laws in the United States may not be as comprehensive as those in other countries such as the European Union. Our service providers use appropriate safeguards to transfer your personal data securely to the United States.
- We may transfer data that we collect from you to locations outside of headquarters for processing and storing. In addition, it may be processed by staff operating outside the office area who work for us or for one of our suppliers. For example, such staff may be engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all reasonable steps to make sure that your data is treated securely and in agreement with this privacy policy.
- Data may be securely accessed from our United States servers by employees overseas for customer service or service enhancement purposes. These employees, and their activity, are bound by the same policies dictated in this Privacy Policy.
- Data may be securely accessed from our United States servers by organizations contracted by us to do work on these systems. These contract workers are bound by the same policies dictated in this Privacy Policy for the duration of their work with us, and retain no information after contracted relationships are terminated.
- Data that is provided to us is stored on our secure servers. Details relating to any transactions entered into via our website will be encrypted to ensure its safety.
- The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain areas of our website, you are responsible for keeping this password confidential.
Third Party Links
We may have links on our website to other sites that we do not operate. If you click on a third-party link, you will be taken directly to that website which is governed by its own privacy notice. We strongly encourage you to read that privacy notice. We do not control that website and assume no responsibility for the content, policies or its practices.
Choices and Individual Rights
We aim to take reasonable steps, so you can correct, amend, delete or limit the use of your Personal Data. We outline your choices below:
E-mail. As described above, if you do not wish to receive promotional e-mails from us, you may opt out at any time. If you opt out of a promotional e-mail, we may still send you transactional and administrative emails about this privacy notice or about the products or services you have purchased.
Cookies. Your browser’s help function should contain instructions on how to set your computer to accept all cookies, to notify you when a cookie is issued, or to not receive cookies at any time.
Advertising. You can opt out of online targeted advertising by opting out within the advertisement itself or by visiting Digital Advertising Alliance, the Digital Advertising Alliance of Canada in Canada or the European Interactive Digital Advertising Alliance in Europe. You can also opt out of the Digital Advertising Alliance using your mobile device settings.
Your rights under certain circumstances. To initiate any of these actions please contact us at [email protected].
- To receive a copy of the Personal Data we hold about you
- To rectify any Personal Data held about you that is inaccurate
- To request the deletion of Personal Data held about you
- You have the right to data portability for the information you have provided to us. You can request to obtain a copy of this information in a commonly used electronic format so that you can manage and move it. We will need to verify your identity before being able to respond to such requests. Please note that in some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Right to Lodge a Complaint. For European Union residents, if you feel that our processing of your personal data infringes on data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state where you habitually reside, your place of work or the location of the alleged infringement. If you are located outside of the European Union, you may have rights under privacy laws in the jurisdiction where you live.
Security
We use reasonable administrative, logical, physical and managerial measures to safeguard your personal information against loss, theft and unauthorized access, use and modification. Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information.
Sensitive Data
We request that you do not send us any sensitive data such as social security or national identification numbers, information related to racial or ethnic origin, political opinions, religious beliefs, health data, biometrics or genetic, criminal background or trade union membership information. If you do send us this information, then you are consenting to its processing in accordance with this privacy notice. To avoid processing of sensitive data, do not submit it.
Our Policy on Children’s Information
Our website is not directed to children under 18. If you learn that your minor child has provided us with personal information without your consent, please contact us.
GDPR Readiness at GPS.cards
In December 2016, the EU Parliament and Council agreed upon the EU General Data Protection Regulation (GDPR), first proposed in 2012, to go into effect on May 25, 2018.
GDPR offers a new framework for data protection with increased obligations for organizations. GDPR focuses on protecting personal data and handing control of it back to the subject of the data.
We’ve been receiving a lot of questions from our Customers, Vendors, Prospects, and Partners. So we’ve provided some more information in the following areas:
- Customer GDPR Roll-Out
- Governance Structure and GPS.cards Data Protection Officer
- Data Mapping
- Information Security
- Privacy Impact Assessments
- Responding to Subject Access Requests / Rectification / Deletion
- Data Breach Reporting
- Cookies & Privacy Policy Update(s)
- Who to Contact
- Customer GDPR Roll-Out
Where customers are processing personal data with GPS.cards, as this is against third party data sources, we are asking our customers to advise us on the lawful processing condition for using our products/services. This ‘reason’ why will need to be determined by our customer, as they are the Data Controller. GPS.cards is the Data Processor who acts under their instruction.
There are six lawful processing conditions:
- Compliance with a legal obligation
- Performance of a contract
- Legitimate interest
- Public interest
- Vital interest
- Consent
- Governance Structure and GPS.cards Data Protection Officer
Data privacy is discussed throughout GPS.cards with regular presentations to all of our Employees, the Executive Team, and members of our Board of Directors.
GPS.cards named Data Protection Officer is Daniel Sachs (COO).
Daniel Sachs leads the Privacy and Data Compliance initiative, where each Department Head has a core focus on the products GPS.cards delivers, helping embed data privacy into operations whilst also monitoring activity on an ongoing basis.
- Data Mapping
GPS.cards has completed Article 30; our Data Mapping exercise. We know what data we have, where it’s held, how we access it, the classification of the data, records for transfer and flowcharts to show how it moves between systems, processes and countries.
- Information Security
Led by our COO, the Operations Team is focused on maintaining an information security program which covers everything you would expect and more.
This includes technical security measures (e.g. intrusion, detection, firewalls, monitoring), restricted access to personal data, protection of our physical premises and hard assets, maintaining security measures for our team members (e.g. pre-screening), a data-loss prevention strategy and regular testing of our security posture across our product family: GPS.cards, ElectroFlip.com, and our GPS product platform.
- Privacy Impact Assessments
Where appropriate, a Privacy Impact Assessment will be completed and evidence gathered, such as copies of privacy notices, a due diligence questionnaire, periodic testing.
- Responding to Subject Access Requests / Rectification / Deletion
GPS.cards has a process in place to manage these requests and sees no issue responding within the new GDPR required timescale of 30 days.
- Data Breach Reporting
The ICO or Information Commissioner’s Office has a Blog that clears up a lot of myths around data breach reporting. Art. 33 (2) states as data processor, GPS.cards obligation is to notify data controllers without undue delay after becoming aware of it. WP29 have provided some guidance on this which states:
“The GDPR does not provide an explicit time limit within which the processor must alert the controller, except that it must do so “without undue delay”. Therefore, WP29 recommends an immediate notification by the processor to the controller, with further information about the breach provided in phases as information becomes available. This is important in order to help the controller to meet the requirement of notification to the supervisory authority within 72 hours.”
GPS.cards position is, the regulation states without “undue delay”, therefore this is what we will abide by. However, we recognize that for our Customer, the Data Controller, the clock will only start ticking when they become aware there has been an incident.
- Cookies & Privacy Policy Update(s)
GPS.cards is happy to protect the privacy of all data subjects across the Globe. We have updated our Privacy Policy and Cookies Policy to provide users transparency.
- Who to Contact
You can reach our Compliance team via email for any GDPR related questions at: [email protected]
Updated: April 6th, 2020