2. WHAT PERSONAL INFORMATION WE COLLECT
PI is data that can be used to identify or contact a single person. You may be asked to provide your PI anytime you are in contact with us. You are not required to provide PI that we have requested, but not doing so may frustrate our ability to respond to any queries you may have. Examples of the types of PI we may collect include without limitation the following:
- Name, address, telephone and fax numbers, email address, professional information, geolocational data, communication preferences, and other similar information;
- Browsing activities, cookies and similar data, and platform or mobile-application-use data;
- User IDs and passwords for the Systems, Systems activity, user statistics, and viewing activity records; and
Personal information collected from surveys, contests, and research efforts from anyone participating.
We do not knowingly collect PI from individuals under the age of 18. If you believe we might have any PI from or about an individual under the age of 18, please contact us at firstname.lastname@example.org, and we will delete that PI.
3. SOURCE OF YOUR PERSONAL INFORMATION IF NOT COLLECTED FROM YOU
We may receive your PI from other persons or entities, including without limitation the manufacturers of Items and marketing entities. If you are a candidate for employment with Starfish, we may receive your PI from applicant-tracking systems, recruiters, or external websites. We will use PI we receive to contact you about a potential opportunity or in evaluating your candidacy for a job with us. If you did not provide us your PI directly, upon request, we will inform you of the source of that information, all provided such information is available to us and we are legally permitted to disclose it.
4. COLLECTION AND USE OF NON-PERSONAL INFORMATION
We may collect data in a form that does not independently permit direct association with any specific individual. We may collect, use, transfer, and disclose non-PI for any purpose. This information, if collected, is aggregated and used to help us provide more useful information to our clients and to understand which parts of the Systems and Items are of most interest and how to best communicate with you and our candidates and clients. Aggregated data is considered non-PI for the purposes of this Policy. If we do combine non-PI with PI, the combined information will be treated as PI for as long as it remains combined.
5. PROTECTION, INTEGRITY, AND RETENTION OF PERSONAL INFORMATION
We assess our need to collect PI and if we establish a relevant need, we only retain that PI for the shortest possible time unless a longer retention period is required. To the extent legally permitted, we may retain information for as long as is reasonably necessary or has a reasonable likelihood of becoming necessary in the future. We may retain cached, backed-up, and archived copies of PI. We may retain aggregated data that is anonymized or pseudonymized indefinitely. We may be required to retain some data longer due to various laws and regulations or because of contractual obligations.
6. HOW WE USE YOUR PERSONAL INFORMATION
To the extent legally permitted and for client data as permitted by our client agreements, you agree that we may use your collected PI:
- To operate the Systems and protect the security and integrity of the Systems and our business;
- To market, sell, and deliver Items;
- To fulfill business requests such as completing client purchases;
- To communicate about Items and possible promotions;
- To respond to reviews, comments, or other feedback provided;
- To support and personalize the Systems and various marketing and advertising efforts;
- For researching, conducting surveys, benchmarking, data analysis, audits, and improving our professional services;
- To satisfy our contractual obligations, comply with legal requirements and our policies, and protect against criminal activity, claims, and other liabilities;
- To evaluate your candidacy and to contact you about employment opportunities; and
- For any other lawful purpose.
To the extent legally permitted, we may use, process, transfer, and store data about individuals and clients or partners in an anonymous or pseudonymous and aggregated manner. We may combine PI with other information, collected however, including information from third-party sources. We may also use PI in other ways with consent or as legally permitted. To the extent legally permitted, we may collect data in an automated manner and make automated decisions, including using algorithms, about users of the Systems for website optimization, security, analytics, and all other lawful purposes.
7. SHARING OF INFORMATION INCLUDING TO SERVICES PROVIDERS AND OTHERS
To the extent legally permitted, we may share and disclose PI as set forth herein. For clients, we may share PI with our clients and their service providers and other platforms that may assist those clients. For affiliates and agents, we may share PI with our affiliates or any business partners or agents acting on our behalf. For vendors and suppliers to Starfish, we may share PI to support and advertise the Systems and our business. We share PI with such third parties to the minimum extent necessary for those third parties to provide various goods and services to us and pursuant to binding obligations. We may also disclose PI for other purposes or to other third parties when an individual has consented to or requested such disclosure, and for client data, with such client’s authorization.
It may be necessary pursuant to various legal requirements or requests from public and governmental authorities within or outside your country of residence for us to disclose your PI. In addition to situations in which we need to disclose your PI to enforce our terms and conditions or protect our operations, we may disclose PI to public or governmental authorities about you if we determine in our sole discretion that for purposes of national security, law enforcement, or other issues of public importance, disclosure is mandatory or appropriate. We may share, disclose, or transfer PI to a buyer, investor, new affiliate, or other successor if Starfish or any affiliate, portion, group or business unit thereof, undergoes or contemplates a business transition, such as a merger, acquisition, consolidation, reorganization, divestiture, liquidation, dissolution, or a sale or other transfer of all or a portion of any assets of Starfish or any affiliates. We may share PI if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of any person.
8. THIRD-PARTY SITES AND SERVICES
9. COOKIES AND OTHER TECHNOLOGIES
- Strictly necessary cookies required for the operation of the Systems;
- Analytical or performance cookies that collect information about how you use the Systems (occasionally placed by third-party providers of web-traffic-analysis services);
- Functionality cookies that remember choices you make and recognize you when you return; and
- Targeting cookies that collect information about your browsing habits such as the pages you have visited and the links you have followed (often placed by third-party advertising networks).
10. COMMUNICATION PREFERENCES, CHOICES, AND OPT-OUT
If you are a Starfish client, you may make requests about your contact preferences and changes to your PI by contacting your relationship manager. If you opt out of promotional emails, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations, if applicable. If after providing us with your PI, you change your mind about receiving information from us, you may request access to your data or that your data be changed or deleted, provided that we are legally permitted to do so.
11. REGION-SPECIFIC DISCLOSURES
California: If you are a California resident, the California Consumer Privacy Act allows California consumers to obtain information about your PI, if any, that we collect, use, and disclose.
Massachusetts: If you are a Massachusetts resident, 201 CMR 17.00 establishes minimum standards to be met in connection with the safeguarding of PI contained in both paper and electronic records that apply to all persons, which includes Starfish, who possess or license PI about a resident of the Commonwealth. Starfish does not license your PI.
Nevada: If you are a resident of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered PI that a website operator has collected or will collect about or from you. Starfish does not sell your PI.
European Privacy Statement: The following European Privacy Statement applies to residents of the European Union, the European Economic Area, and Switzerland. We process data for the purposes as set forth in this Policy. To fulfill these purposes, we may access data, including personal data (“Personal Data”), as defined by the General Data Protection Regulation (“GDPR”), to provide access to the Systems or in response to contractual requirements. Our legal justifications for the processing (“Processing”), as defined by the GDPR, of Personal Data are consent or any other applicable legal bases. If you are a resident of the EU or a country with materially similar legislation regarding Personal Data protections, you may have one or more of the following additional rights:
- Requesting a copy of the Personal Data we have collected about you;
- Requesting and receiving your Personal Data we have collected in a commonly used, machine-readable form;
- Requesting restriction of Processing of Personal Data about you for certain reasons;
- Requesting that we correct or delete any of your Personal Data that is inaccurate or unnecessary;
- Objecting to your Personal Data being Processed for direct-marketing purposes;
- Withdrawing your consent without affecting the legality of our Processing based on such consent before it was withdrawn, including Processing related to existing contracts for our Items, when applicable; and
- Lodging a complaint with your local, supervisory, data-protection authority.
We will process any requests in accordance with applicable law and within a reasonable period of time. We may need to verify the identity of the individual submitting a request before we can address such request. For Starfish clients, certain information may be reviewed, corrected, and updated by contacting your Starfish relationship manager and making the appropriate change request. We may be required to disclose Personal Data in response to legal requests by public authorities. For more information on exercising your PI rights, please contact us at email@example.com and provide sufficient details.
We may update this Policy to reflect changes to our PI and privacy practices. We will post any updated Policy on the Systems, or with notice to individuals only if required by applicable law. Continued use of the Systems after any such changes constitutes your acceptance to any such amended Policy. The date of last revision is shown at the “Last Updated” legend at the base of this web page.
13. YOUR PRIVACY RIGHTS
Upon request, for PI we hold and can access, we will provide you with that PI data set to request corrections for any inaccurate data or to delete the data if Starfish is not required to retain it for legal or legitimate business purposes. We may decline to process requests that are unreasonable, compromise the privacy of others, are extremely impractical or unduly burdensome, or for which access is not otherwise required by law. We may decline aspects of deletion or access requests if we believe doing so would undermine our legitimate use of data for anti-fraud and security purposes. Access, correction, restriction, deactivation, or deletion requests can be made by contacting firstname.lastname@example.org. When you make a request, we retain the right to verify your identity and to establish the legitimacy of your request.
14. QUESTIONS AND COMPLAINTS
If you have any questions about this Policy, you can contact us by email at email@example.com. Except as otherwise expressly provided herein, or as otherwise required by applicable law, you agree that the exclusive jurisdiction of any actions for claims relating to the Policy, PI, or Personal Data, which shall be in an individual capacity and not via a class action or representative proceeding, arising out of, relating to, or in any way connected with this Policy shall be in the state or federal courts, as applicable, located in the Commonwealth of Massachusetts, U.S.A.
LAST UPDATED: September 7, 2021