Privacy Policy of Double Atelier Inc. - August 2021
Last Revised on 12/28/2018. Changed and published on 09/13/2021.
1. Scope of this Policy
This policy describes how Double Atelier, Inc. collects, uses, consults or otherwise processes an individual's personal data in the context of providing executive assistants tools and services (hereafter the "Service").
This policy includes a description of your data protection rights, including a right to object to some of the processing activities we carry out.
In this privacy policy, Double, "we" or "us" also refers to its affiliates. We are a company registered in the state of Delaware, having its registered seat in Brooklyn and its office at 20 Jay Street, Suite 1002, Brooklyn NY 11201, +1 212 884 9916, [email protected].
We will process your personal data as a data controller.
This policy is to be read as consistent with the terms and conditions and specific agreements relating to the Service where relevant.
For the purpose of this policy, the following term "Data Protection Legislation" shall mean the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR"), as well as any legislation and/or regulation implementing or created pursuant to the GDPR and the e-Privacy legislation, or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to processing of personal data and privacy that may exist under applicable law.
For the purpose of this policy, "controller", "processor", "third party", "supervisory authority", "personal data", "processing", "data subject", shall have the meanings set out in the applicable Data Protection Legislation.
2. Who processes what personal data about you?
In the context of the Service, your personal data is processed as detailed hereafter. To maintain, provide and personalize the Service:
| Processed data categories | Source of data | Legal basis | Recipients of data |
|---|---|---|---|
| Directly from you through the use of the Service or through direct communication (emails, forms completed online) | For the performance of the agreement between you and us | IT service providers, to host the data on a cloud platform (located in US East) and Business Intelligence tool |
To communicate using our tools:
| Processed data categories | Source of data | Legal basis | Recipients of data |
|---|---|---|---|
| Directly from you through the use of the Service | For the performance of the agreement between you and us | IT service providers, to host the data on a cloud platform (located in US East) and Business Intelligence tools |
To process payment for the service:
| Processed data categories | Source of data | Legal basis | Recipients of data |
|---|---|---|---|
| Directly from you through our third-party payment processor | For the performance of the agreement between you and us | Payment processors |
To identify users in the United States and prevent fraud where applicable:
| Processed data categories | Source of data | Legal basis | Recipients of data |
|---|---|---|---|
| Directly from you through the use of our service or our third-party HR and background check systems | For the purposes of our legitimate interests which prevails your individual interests given that it is in Double’s interest to identify unique users and prevent related fraud, and to provide with the legal obligation of providing revenue forms to contractors |
|
To communicate with you regarding our Service upon your request:
| Processed data categories | Source of data | Legal basis | Recipients of data |
|---|---|---|---|
| Email address | Directly from you through our website | Your consent obtained during the sign-up process | IT service providers, to host the data on a cloud platform (located in US East) and Business Intelligence tools |
In order for us to provide the Service to you, we rely on the following organisations to process your personal data on our behalf:
| Organisation (data processor) | Processed data categories | Instructions | Source of data |
|---|---|---|---|
| IT service providers (located in US East) and Business Intelligence tools |
| To host the data on a cloud platform | Directly from you through the use of the Service |
| Payment Processor |
| To process payments from customers | Directly from you |
| HR and background check provider |
| To process payments and legal forms to contractors and to verify criminal records of applicants | Directly from you |
In order to improve our Service, we may from time to time change the service providers with which we work.
3. Is your personal data used for direct marketing communications?
If you have explicitly consented, we may, from time to time, contact you with information about our Service.
If you no longer want to receive such communications, please let us know by sending an email to us at [email protected]. You can also unsubscribe from our marketing emails by clicking on the unsubscribe link in the emails sent to you.
4. How long is your data stored for?
We retain your Personal Data for as long as is required to fulfil the activities set out in this Privacy Policy, for as long as otherwise communicated to you or for as long as is permitted by applicable law. For example, we may retain your Personal Data if it is reasonably necessary to comply with any legal obligations, meet any regulatory requirements, resolve any disputes or litigation, or as otherwise needed to enforce this Policy and prevent fraud and abuse.
To determine the appropriate retention period for the information we collect from you, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the Personal Data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
5. How is your personal data shared with third parties?
We only share or disclose information as described herein, including with third parties.
Your personal data will also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the data controller(s) legitimate interests in compliance with applicable laws.
6. Is your personal data transferred outside of the EEA?
In the context of the provision of the Service and for the purposes described in this policy, your personal data will be transferred outside the EEA, notably to countries that do not provide an ‘adequate’ level of data protection. However, when such a transfer happens, we ensure that it takes place in accordance with this policy and that the necessary safeguards are put in place, ensuring that the transfer is (i) either regulated by standard contractual clauses approved by the European Commission as ensuring an adequate protection or (ii) done to an organisation that complies with the EU-US and Swiss-US Privacy Shield Framework as implemented by the U.S. Department of Commerce in case the transfer is made to the United States of America.
7. What are your rights?
Once you have provided your personal data, several rights are recognized under the Data Protection Legislation, which you can in principle exercise free of charge, subject to statutory exceptions. In particular, you have the following rights:
- Right to withdraw consent: if your personal data is processed on the basis of your consent, you have the right to withdraw your consent at any time you choose and on your own initiative. You can do so by emailing us at [email protected]. The withdrawal of your consent will not affect the lawfulness of the collection and processing of your data based on your consent up until the moment where you withdraw your consent.
- Right to access, review, and rectify your data: you have the right to access, review, and rectify your personal data. You may be entitled to ask us for a copy of your information, to review or correct it if you wish to review or rectify any information like your name, email address, passwords and/or any other preferences, you can easily do so by emailing us at [email protected]. You may also request a copy of the personal data processed as described herein by sending an email to [email protected]. You can access and review this information and, if necessary, ask to rectify your information.
- Right to erasure: you have the right to erasure of all the personal data processed by as described herein in case it is no longer needed for the purposes for which the personal data was initially collected or processed, in accordance with the Data Protection Legislation.
- Right to object or restriction of processing: under certain circumstances described in the Data Protection Legislation, you may ask for a restriction of processing or object to the processing of your personal data.
- Right to object to processing for direct marketing: where your personal data is processed for direct marketing purposes, you may object to such processing.
- Right to data portability: you have the right to receive the Personal Data processed in a format which is structured, commonly used and machine-readable and to transmit this data to another service provider.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below.
If you have unresolved concerns, you have the right to lodge a complaint with an EU data protection authority where you live, work or where you believe a breach may have occurred.
8. What security measures are put in place?
Appropriate technical and organisational measures are implemented in order to ensure an appropriate level of security of your personal data.
In the event personal information is compromised as a result of a security breach and where the breach is likely to result in a high risk to the rights and freedoms, we will make the necessary notifications, as required under the Data Protection Legislation.
9. What rules apply to children?
The Service is not intended for use by anyone under the age of 18.
We do not knowingly collect of solicit personal data from anyone under the age of 18 or knowingly allow such persons to register for the Service.
10. Does this policy apply to third-party websites?
If you click on a link to a third party website, you will be taken to a website we do not control. This policy is only in effect for the Service and not for any third party website and you are subject to the terms of use and privacy and other policies of such third party website. Read the privacy policy of other websites carefully. We are not responsible or liable for the information or content on such third party websites.
11. Changes to this policy
We reserve the right to modify and update this privacy policy from time to time. We will bring these changes to your attention should they be indicative of a fundamental change to the processing or be relevant to the nature of the processing or be relevant to you and impact your data protection rights.
12. How can we be contacted?
Questions, comments, remarks, requests or complaints regarding this Privacy Policy are welcome and should be addressed to:
[email protected]
Double Atelier, Inc – Attn: Legal Team
20 Jay St, Suite 1002, Brooklyn NY 11201
+1 212 884 9916