Privacy Policy
Last updated: May 23, 2022
We take your privacy very seriously. Our business is to help you protect and preserve your most valuable asset: your data. We do not sell ads. We do not sell your personal information. We do not have any ability to access user data stored on our devices, or access your passwords, or break our device encryption keys.
Please read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use, and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.
We collect, use and are responsible for certain personal information about you. When we do so we are subject to various laws in the United States.
-
Key Terms. It would be helpful to start by explaining some key terms used in this policy:
We, us, our, Controller, iodyne iodyne, LLC., whose principal place of business is at 35 Miller Ave #175 Mill Valley, CA, 94941-1903 Our data protection officer Jason Williams Contact details for our data protection officer [email protected] -
Personal Information We Collect About You. We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
Categories of Personal Information Specific Types of Personal Information Collected - Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers)
Real name; billing address; postal address; email address; telephone number; account name(s); Internet Protocol (IP) address; logged in username (provided via one or more audit or support logs). - Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Real name; billing address; postal address; email address; telephone number; account name; credit card number. - Characteristics of protected classifications under California or federal law.
Information related to personal titles, e.g., Mr. Mrs. and Ms. - Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
History of products or services purchased from iodyne by you. - Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement)
IP address(es) of your computer(s) that you use to connect to the iodyne websites or cloud services; incoming uniform resource locators (URLs) that sent you to an iodyne website; your browsing activity on the iodyne website(s); the web browser type (e.g., Safari, Firefox, Chrome) of the browser that you used to browse the iodyne website(s); - Geolocation data
Geographic location related to location of iodyne Device, where the iodyne Device is a managed iodyne Device This personal information is required to provide products and/or services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing products and/or services to you.
-
How Your Personal Information is Collected. We collect most of this personal information directly from you—in person, by telephone, or email, and/or via our website. However, we may also collect information:
- From publicly accessible sources;
- Directly from a third party;
- From a third party with your consent;
- From cookies on our website; and
- Via our IT systems, including:
- Automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications systems, and email.
-
How and Why We Use Your Personal Information. Under data protection laws and regulations, we can only use your personal information if we have a proper or legitimate reason for doing so. As described further in Section 6 below, when we need to share your personal information for limited reasons described in this Section 4, we only share your personal information (as necessary) with the third parties specified in Section 6. Finally, we might process the data of European customers for the performance of contract (e.g. in connection with products purchased on our website) and transfer the data to the US.
Some examples of how we use your personal information are as follows:
- To comply with our legal and regulatory obligations;
- For the performance of our obligations to you under any agreements that we have with you or to take steps at your request before entering into an agreement with you;
- For our legitimate interests (explained below); or
- Where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your personal information for and our reasons for doing so:
What we use your personal information for Our reasons To provide products and/or services to you For the performance of our obligations to you under any agreements that we have with you or to take steps at your request before entering into an agreement with you. (Legal basis: art. 6 (1) (b) GDPR)
To prevent and detect fraud against you or iodyne For our legitimate interests, i.e., to minimize fraud that could be damaging for us and for you (Legal basis: art. 6 (1) (f) GDPR)
- Conducting checks to identify our customers and verify their identity
- Screening for financial and other sanctions or embargoes
- Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator
To comply with our legal and regulatory obligations (Legal basis: art. 6 (1) (c) or (f) GDPR)
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies To comply with our legal and regulatory obligations. (Legal basis: art. 6 (1) (f) GDPR)
Ensuring business policies are adhered to, e.g. policies covering security and internet use For our legitimate interests, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you. (Legal basis: art. 6 (1) (f) GDPR)
Operational reasons, such as improving efficiency, training and quality control For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service for you at the best value price. (Legal basis: art. 6 (1) (f) GDPR)
Ensuring the confidentiality of commercially sensitive information - For our legitimate interests, i.e., to protect trade secrets and other commercially valuable information.
- To comply with our legal and regulatory obligations.
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures For our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service for you at the best value price. (Legal basis: art. 6 (1) (f) GDPR)
Preventing unauthorized access and modifications to systems - For our legitimate interests, i.e., to prevent and detect criminal activity that could be damaging for us and for you.
- To comply with our legal and regulatory obligations.
Updating and enhancing customer records - For the performance of our obligations to you under any agreements that we have with you or to take steps at your request before entering into an agreement with you
- To comply with our legal and regulatory obligations
- For our legitimate interests, e.g., making sure that we can keep in touch with our customers about existing orders and new products
Statutory returns To comply with our legal and regulatory obligations Legal basis: art. 6 (1) (c) or (f) GDPR)
Ensuring safe working practices, staff administration and assessments - To comply with our legal and regulatory obligations
- For our legitimate interests, e.g., to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
Marketing our services to: - existing and former customers;
- third parties who have previously expressed an interest in our services;
- third parties with whom we have had no previous dealings.
For our legitimate interests, i.e., to promote our business to existing and former customers as far as legally permitted. Otherwise, we only process your data if we have your consent. Legal basis: art. 6 (1) (a) or (f) GDPR)
External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts - For our legitimate interests, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards
- To comply with our legal and regulatory obligations
Registration of the iodyne device (the serial number is automatically transmitted to a data center when the device is started for the first time to indicate the first date it was powered on. Iodyne does not store or combine the serial number together with any other personal data from the customer) - For the performance of our obligations to you under any agreements that we have with you
- To deliver services to our customers
-
Promotional Communications. We may use your personal information to send you updates (by email, text message, telephone or postal mail) about our products and/or services, including exclusive offers, promotions or new products and/or services.
We have a legitimate interest in processing your personal information for promotional purposes (see above “How and why we use your personal information”). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal information with the utmost respect and never sell share it with other organizations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
- Contacting us at [email protected]; or
- Using the “unsubscribe” link in emails or “STOP” number in texts; or
- updating your marketing preferences in your iodyne account.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.
-
Who We Share Your Personal Information With. We routinely share personal information with:
- Service providers we use to help deliver our products and/or services to you, such as payment service providers, warehouses and delivery companies;
- Other third parties we use to help us run our business, such as marketing agencies or website hosts;
- Third parties approved by you or third-party payment providers; and
- Our bank.
We will generally only disclose your personal information to the aforementioned third parties in accordance with the applicable data protection laws and inform you of the disclosure in accordance with legal requirements.
We will always try to have our service providers process and/or store your personal information (to the extent that they need to store any of your personal information) in your country or region (e.g., the European Union, the European Economic Area, etc.) of residence.
We only allow our service providers to handle and process (e.g., processing according to Article 28 GDPR) your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you and only in accordance with applicable national laws and regulations (including European Regulations). Accordingly, processing is only permitted to the extent necessary to perform the services on our behalf or to comply with legal requirements. It is specified by us in advance which rights and obligations the service providers have regarding personal information.
We may also share personal information with external auditors.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. We will typically de-identify information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
We will not share your personal information with any other third party.
-
Personal Information We Sold or Disclosed for a Business Purpose. In the preceding 12 months, we have not sold to a third party any of your personal information (as defined above) and we will not sell any of your personal information.
In the preceding 12 months, we may have disclosed for a business purpose to one or more third parties the following categories of personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household: Categories A, B, C, D, E, and F (defined Section 2).
The business purpose may include processing transactions that you have requested. For example, we may share your name, email address, and billing address to with third parties, such as credit card companies and shipping companies, in order to process your transactions, e.g., the purchase of products and/or services from us and/or the delivery of your purchased products to you). The business purpose may also include providing technical support or warranty support to you once you receive your product. The business purpose may also include sharing information with third-parties, e.g., cloud service providers, in order to enable us to provide you with the purchased products and services.
-
Where Your Personal Information is Held. Information may be held at our offices and those of our service providers, representatives and agents as described above (see above: “Who We Share Your Personal Information with”). We will always try to store your personal information in your country or region (e.g., the European Union, the European Economic Area, etc.) of residence.
-
How Long Your Personal Information Will Be Kept. We will keep your personal information while you have an account with us or while we are providing products and/or services to you. Thereafter, we will keep your personal information for as long as is necessary:
- To respond to any questions, complaints or claims made by you or on your behalf;
- To show that we treated you fairly; or
- To keep records required by applicable national laws and/or regulations including European Regulation.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods may apply for different types of personal information.
When it is no longer necessary to retain your personal information, we will delete, de-identify, otherwise anonymize it, or restrict its processing.
-
Your rights. You have the right to exercise free of charge the rights listed in the following table.
Disclosure of Personal Information We Collect About You
You have the right to know:
The categories of personal information we have collected about you;
The categories of sources from which the personal information is collected;
Our business or commercial purpose for collecting or selling personal information;
The categories of third parties with whom we share personal information, if any; and
The specific pieces of personal information we have collected about you.
Please note that we are not required to:
Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
Re-identify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
Provide the personal information to you more than twice in a 12-month period.
Your Right of Access
You have the right to ask us for copies of your personal information.
Your Right to Rectification
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your Right to Restriction of Processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Right to Information
If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this turns out to be impossible or requires a disproportionate effort. We will inform the applicable recipients upon your request.
Your Right to Data Portability
You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.
Personal Information Used for a Business Purpose
In connection with any personal information disclose to a third party for a business purpose, you have the right to know:
The categories of personal information that we disclosed about you for a business purpose.
Right to Deletion
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
Delete, de-identify, or aggregate your personal information from our records; and
Direct any service providers to delete, de-identify, or aggregate your personal information from their records.
Please note that we may not delete your personal information if it is necessary to:
Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
Debug to identify and repair errors that impair existing intended functionality;
Comply with the California Electronic Communications Privacy Act;
Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
Comply with an existing legal obligation; or
Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Your Right to Object to Processing
You have the right to object to the processing of your personal information in certain circumstances. The consequence of the objection is that we no longer process the personal information relating to you, unless we can demonstrate a compelling legitimate reason for the processing which overrides your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Protection Against Discrimination
You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:
Deny goods or services to you;
Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
Provide a different level or quality of goods or services to you; or
Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Right to withdraw given consent
If you have given your consent, you can withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
Right to Lodge a Complaint
Without affecting any other administrative or judicial appeals, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes applicable data protection laws.
-
Keeping Your Personal Information Secure. We have appropriate physical, technical and administrative security measures in place to prevent personal information from being accidentally lost, altered, used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality and are contractually obligated to not use your personal information for purpose that has not been authorized by us. Because the security of your data is important, your entire visit is handled over a secure connection. If personal information is collected, the data transfer is also encrypted. The encryption process protects your data from unauthorized access on its way through the internet. We continually test our systems. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
-
How to Exercise Your Rights. If you would like to exercise any of your rights as described in this Privacy Policy, please:
- Complete a data subject request form available on our website at
https://iodyne.com/privacyrequest ; - Call us (toll-free in US), at +1.888.228.0507; or
- Email us at [email protected].
If you choose to contact directly by website, email, or phone, you will need to provide us with:
- Enough information to identify you (e.g., your full name, address and customer or matter reference number);
- Proof of your identity and address; and
- A description of what right you want to exercise and the information to which your request relates.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.
Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.
- Complete a data subject request form available on our website at
Changes to This Privacy Notice. We may change this privacy notice from time to time – when we do, we will inform you via our website or other means of contact such as email.
How to Contact Us. Please contact us by postal mail, email or telephone if you have any questions about this privacy policy or the information we hold about you.
Our contact details are shown below:
Our contact details Jason Williams Contact address 35 Miller Ave #175 Mill Valley, CA, 94941-1903 Contact email address [email protected] Contact telephone number +1.888.228.0507 Any data subject may contact our data protection officer directly at any regarding all questions or suggestions concerning data protection.
Do You Need Extra Help? If you would like this notice in another format (for example: audio, large print, braille) please contact us (see “How to contact us” above).