This document explains how we use your personal data.
When you sign up to use this service provider’s services, you do so through software provided by us, WaiverKing.
We are committed to ensuring the privacy of all users of our software and services and other visitors to our website. In this policy we explain how we hold, process and retain your personal data.
In respect to the account data, waiver data, and payment data (as defined below) that you provide to us, we are acting as a data processor on behalf of the service provider, who will be acting as the data controller in respect to such data. We will never store or control this data. You should direct any requests or queries you have regarding this data to the data controller, your service provider.
1. How we use your personal data
1.1. This section provides you with information about:
a) what personal data we hold and process;
b) in respect of personal data that we did not collect from you directly, where we obtained that data from, and what types of data we have collected;
c) the purposes for which we may process your personal data; and
d) the legal grounds on which we process your data.
Members and end users of our services
1.2. Account data. We may process information about you that you provide to us when you first sign up with a service provider ("account data"). This account data may include your name, address, telephone number, email address, date of birth, gender, employment details, and a photograph of you. We may use this data to create your account with the service provider when you sign up. This account data may be updated each time you complete a document through our software. We do not process your account data in any other way, or have access to it in any way.
The legal basis for this processing is our legitimate interests in providing our services to our clients, and ensuring that your account is updated each time that you complete a document through our software.
1.3. Waiver data. If you are using our software in order to sign documents such as a waiver, health form, contract, or questionnaire, we may process information that you put into such documents (“waiver data”). This waiver data may include your name, signature, date of birth, email address, information about your health and medical history, and any other information that you are required or requested to put into the document.
Once you have completed the document, we will process it, convert the document into a different format, and send it to your account with the service provider in order for it to be stored. We will never store your data permanently on our systems (although it may be stored in your account with your service provider).
The purpose for our processing your data in this way is to maintain and administer a complete and accurate record of the documents that you have signed and completed for your service provider. The legal basis for our processing your waiver data (to the extent that such waiver data does not class as a special category of personal data), will be our legitimate interests in providing our services to our clients who have asked you to complete the document in question, in order to ensure that a complete and accurate record of your signing and completing the documents is maintained and administered.
1.4. Sensitive Personal Data. During the course of using our software and services and providing us with information in order for us to provide our services to you, you may provide us with sensitive information about yourself (“sensitive data”). This sensitive data may include your health and medical history. We may use this data for providing our services to you. However, we will only process this sensitive data if you consent to us doing so.
[The consent to use this information needs to be provided by the parent for children under the age of 13. Anyone over the age of 13 can provide consent for use of their data under GDPR]
Other processing that we may carry out
1.5. Website data. We may process data about your use of our website and services ("website data"). The website data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the website data is our analytics tracking system. This website data may be processed for the purposes of analyzing the use of the website and services.
The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
We may also process this data for the purposes of diagnosing any issues we detect in relation to the use of our products or services. This data may be collected by our error-tracking software which is provided by Rollbar. We always try to ensure that any such data is anonymized so that you cannot be identified before it is stored in our records.
The legal basis for this processing is our legitimate interests in monitoring and improving our products and services.
1.6. Enquiry data. We may process information contained in any enquiry you submit to us regarding our products or services ("enquiry data"). The enquiry data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you.
The legal basis for this processing is our legitimate interests, namely dealing with and responding to your enquiry appropriately.
1.7. Notification data. We may process information that you provide to us for the purpose of subscribing to our blog and press releases ("notification data"). The notification data may be processed for the purposes of sending you newsletters.
Where you are a corporate customer, the legal basis for this processing is our legitimate interests, namely the marketing of relevant products and services to you.
1.8. Correspondence data. We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping.
The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
1.9. Payment data. We do not process payment information relating to goods and services that you purchase from the service provider. However, we do capture certain data relating to your payments and use them to update your account with the service provider ("payment data"). The payment data may include your contact details, your card details and the transaction details. The payment data may be processed for the purposes of updating your account with the service provider. The legal basis for this processing is our legitimate interests, namely our interest in the proper administration of our software and ensuring your account with the service provider is updated.
1.10. Other processing activities. In addition to the specific purposes for which we may process your personal data set out above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2. Providing your personal data to others
2.1. To our clients and partner service providers. The only third parties that we will disclose your personal data to are our clients (your service provider) who is the data controller in respect to the account data, waiver data, and payment data that we collect about you, and MINDBODY Inc. (“MINDBODY”), who provide software services to service providers in conjunction with the WaiverKing software. Your accounts are created by WaiverKing in the MINDBODY software on behalf of our clients.
2.2. Our insurers/professional advisers. We may disclose your personal data to our insurers, legal counsel, and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
2.3. Where we provide your personal data to any third party. Where we share your personal data with any of the third parties referred to above, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.
2.4. To comply with legal obligations. In addition to the specific disclosures of personal data detailed above, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation we have to comply with, or in order to protect your vital interests or the vital interests of another individual. This may include disclosing your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
2.5. We take reasonable and appropriate steps to ensure that third-party agents and service providers process your personal data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under certain circumstances and pursuant to applicable laws, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of your personal data that we transfer to them.
3. Transfers of your personal data outside of the European Economic Area
As further detailed below, we may transfer your personal data to our servers based in the US, as we are part of the Privacy Shield. Otherwise, where your personal data is transferred outside of the EEA, we will ensure that either (a) The European Commission has made an "adequacy decision" with respect to the data protection laws of the country to which it is transferred, or (b) we have entered into a suitable data processing agreement with the third party situated in that country to ensure the adequate protection of your data. In all cases, transfers outside of the EEA will be protected by appropriate safeguards.
4. Retaining and deleting personal data
4.1. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Details about members of our clients (your service provider) and end users of our services, including the account data, waiver data and sensitive personal data, will not be stored by WaiverKing.
4.2. Unless we contact you and obtain your consent for us to retain your personal data for a longer period, we will retain and delete your personal data as follows:
a) Website data will be retained for 12 months following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
b) Enquiry data will be retained for 12 months following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
c) Notification data (other than Notification data that is also Contact data) will be retained for 12 months following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
d) Correspondence data will be retained for 12 months following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
4.3. We may retain your personal data where such retention is advisory and/or necessary for compliance with a legal obligation to which we are subject (such as with regard to applicable statutes of limitations, litigation or regulatory investigations), or in order to protect your vital interests or the vital interests of another natural person.
5. Your rights
5.1. You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
a) your request not being found to be unfounded or excessive, in which case a charge may apply; and
b) the supply of appropriate evidence of your identity (for this purpose, we will usually accept a notarized photocopy of your driver’s license and/or passport and an original copy of a utility bill showing your current address).
5.2. We may withhold personal information that you request to the extent permitted by law.
5.3. You may instruct us at any time not to process your personal information for marketing purposes.
5.4. In practice, you will usually expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
5.5. Your right to access your data. You have the right to ask us to confirm whether or not we process your personal data and, to have access to the personal data, and any additional information. That additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. You may request a copy of your personal data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.
5.6. Your right to correct. If we hold any inaccurate personal data about you, you have the right to have these inaccuracies corrected. Where necessary for the purposes of the processing, you also have the right to have any incomplete personal data about you completed.
5.7. Your right to erasure. In certain circumstances you have the right to have personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following: (1) it is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed; (2) you withdraw your consent to any processing which requires consent; (3) the processing is for direct marketing purposes; and/or (4) the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims.
5.8. Your right to restrict processing. In certain circumstances you have the right for the processing of your personal data to be restricted. These circumstances include the following: (1) you do not think that the personal data we hold about you is accurate; (2) your data is being processed unlawfully, but you do not want your data to be erased; (3) it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and/or (4)you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
5.9. Your right to object to processing. You can object to us processing your personal data where our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
5.10. Your right to object to direct marketing. You can object to us processing your personal data for direct marketing purposes. If you make an objection, we will stop processing your personal data for this purpose.
5.11. Your right to data portability. Where you have given us consent to process your personal data, or where we are processing your personal data for the performance of a contract, you have a legal right to receive a copy of the personal data we hold about you in a structured, commonly used and computer readable format. When a data request is made of us we will make available all applicable personal data to you in a computer readable format and will transmit your personal data to the appropriate third party pursuant to your instruction. We will not process your data in this way if we believe that it may pose a threat to the security of the data.
5.12. Your right to object for statistical purposes. You can object to us processing your personal data for statistical purposes on grounds relating to your particular situation, unless the processing is necessary for performing a task carried out for reasons of public interest.
5.13. Automated data processing. To the extent that the legal basis we are relying on for processing your personal data is consent, and where the processing is automated, you are entitled to receive your personal data from us in a structured, commonly used and computer-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.
5.14. Complaints to a supervisory authority pursuant to the GDPR. If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. This provision is only applicable if you are subject to the protections of the GDPR.
5.15. Complaints if you are not subject to the protections of the GDPR. If you think that our processing of your personal data infringes data protection laws you may contact us via email at email@example.com or mail at: WaiverKing, Inc. 340 S Lemon Ave # 2018 Walnut, California 91789.
5.16. Right to withdraw consent. To the extent that the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
5.17. Exercising your rights. You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified above.
5.18. Point of Contact Data. PARAGRAPHS 5.1 – 5.17 SHALL NOT APPLY TO ACCOUNT DATA, WAIVER DATA, OR PAYMENT DATA OBTAINED OR PROCESSED BY WAIVERKING. IN RESPECT OF SUCH DATA:
a) WAIVERKING IS ACTING AS A PROCESSOR OF THAT DATA AND THE MAIN CONTRACTOR IS THE CONTROLLER;
b) YOU SHOULD CONTACT THE SERVICE PROVIDER TO EXERCISE THE RIGHTS SET OUT IN THIS PARAGRAPH 5
We are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as, Apple, Google, Microsoft, or any other operating system provider, wireless service provider or device manufacturer, including any personal data you disclose to other organizations through or in connection with WaiverKing’s services.
7. Security of Your Information. The security of personal data is a high priority at WaiverKing. We seek to use reasonable technical, administrative and physical safeguards to protect personal data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity, and privacy of any and all information and data exchanged between you and us through the website cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party.
8. IP Addresses and Cookies. Cookies are very small text files that are stored on your computer when you visit some websites.
9. Your California Privacy Rights: Notice to California Customers and Opt-Out Information. Residents of the State of California, under certain provisions of the California Civil Code, have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personal data, as defined under California law, during the preceding year for third party direct marketing purposes. You are limited to one request per calendar year. In your request, you must supply appropriate evidence of your identity and attest to the fact that you are a California resident and provide a current California address for our response. You may request the information by writing to firstname.lastname@example.org
Some web browsers incorporate a “Do Not Track” feature that signals to websites that you visit that you do not want to have your online activity tracked. California residents are entitled to know how WaiverKing, Inc. responds to “Do Not Track” signals. How browsers communicate the Do Not Track signal is not yet uniform, so a standard technological response has not yet been developed by the appropriate technology communities. For this reason, we do not respond to Do Not Track signals currently. To opt out of direct advertising on our website, please send a request to the address above. The effect of an opt-out will be to stop direct advertising, but it will still allow the collection of usage data for certain purposes (e.g., research, analytics, and internal online services operation purposes).
10. Privacy Shield Framework
10.2. In compliance with the Privacy Shield Principles, WaiverKing commits to resolve complaints about our collection or use of your personal information. Any individual(s) with inquiries or complaints regarding our Privacy Shield policy should contact us at: email@example.com
10.3. WaiverKing Inc. has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
10.4. You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with WaiverKing Inc. and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see U.S. Department of Commerce's Privacy Shield Framework: Annex I (Binding Arbitration).
10.5. For purposes of enforcing compliance with the Privacy Shield, WaiverKing is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.
10.6. WaiverKing, Inc. is controlled and operated by us from the United States. Except where you are a resident of a Member State of the EU, in which case paragraphs 2 and 3 above will apply, your personal data may be stored and processed in any country in which we engage service providers, and by using WaiverKing’s services you understand that your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data. Regardless of where your information is processed, we apply the same protections described in this policy.
12. Our details
12.1. This website and software is owned and operated by WaiverKing Inc.
12.2. We are registered in the state of California under registration number C3518177, and our registered office is at 340 S Lemon Avenue, # 2018 Walnut, California 91789.
12.3. You can contact us:
a) by mail, using the postal address given above;
b) using our website contact form;
c) by telephone, on the contact number published on our website from time to time; or
d) by email, using the email address published on our website from time to time.
13. Data protection officer
Our data protection officer may be contacted via email: firstname.lastname@example.org, or telephone: +1 (888) 211-6693.