Crowd Factor® Privacy Policy

Effective Date: September 1, 2019

1. IMPORTANT Policy Statement:  BC United LLC dba Crowd Factor® ("BC United", “Crowd Factor®”, “we”, “us”, “our”) provides a variety of message, website, and software services (collectively, the “Service”, “Services”) . The purpose of this Privacy Policy (the “Privacy Policy” or “Policy”) is to inform our website visitors and customers/end-users, and our Clients’ customers (collectively, “user”, “users”, “end users”, “you”, “your”) of our policies and practices regarding the collection, storage, processing, use, and disclosure of any Personal Information we obtain about you based upon your use of our Services.

This Privacy Policy contains a set of information and principles which shall apply across all media and interaction between you and Crowd Factor®.

This Privacy Policy does not apply to the practices of companies that Crowd Factor® does not own or control, nor to people who Crowd Factor does not employ or manage. This includes any companies from whom you may have ordered services or products that are transmitted over Crowd Factor®’s services and any companies from whom you may be purchasing other services.

Your California Privacy Rights

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit the CCPA Privacy Notice.

If you have any concerns, or if you would like to make a request to exercise your legal rights, please use the Contact Us information provided below or you may email us directly at privacy@crowdfactor.com with the subject line “Privacy Concerns.” We will respond promptly within 45 days from receipt.

2. Definitions

2.1 “Client” means an individual client of Crowd Factor®. The term also includes any representative, supplier, contractor or any third party and employee where Crowd Factor® has obtained his or her Personal Information from such Client as part of its interaction with Crowd Factor® either as a part of a business relationship or use of its systems.

2.2 “Customer” is an individual customer (or “user”) of Crowd Factor®, or a Crowd Factor® Client. For example, if a user subscribes to a Crowd Factor® direct service, the user is a Crowd Factor® customer. If a second user subscribes to a Crowd Factor® Client service, that user is a Client Customer.

2.3 “Personal Information” or “Personal Data” is information about you that is personally identifiable to you, such as your name, address, e-mail address, phone number, past transactional behaviour, information about your devices and other non-public information that is associated with the foregoing. For certain services, we also collect credit card or payment account information.

2.4 “Data Controllers” are the people who, or organizations and processes which determine the purposes for which, and the manner in which, any Personal Information is processed. We are the Data Controller of all Personal Information used in our business for our own commercial purposes. We are not the Data Controller for your Personal Information that we process as part of you using a service provided by a client of ours.

2.5 “Processing” or “Process” or “Processor” is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Personal Information to third parties. We are the Data Processor for any of your Personal Information collected by a client of ours and used by you to access the services provided by our client.

2.6 “Sensitive Personal Information” includes information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life, or about the commission of, or proceedings for, any offense committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings. Sensitive Personal Information can only be processed under strict conditions, including a condition requiring the express permission of the person concerned. Crowd Factor® may process some Sensitive Personal Information regarding you which have been collected by the Data Controller.

2.7 “Third Party” is any indvidual or entity that is not Crowd Factor®, a Crowd Factor® employee, contractor, or other representative of ours.

3. Services and Choice

Crowd Factor® as Data Controller

Crowd Factor® provides some services directly to end-users. For example, you may subscribe to our “snow reporting” text message service, in which Crowd Factor® is your Data Controller (and subsequently, your Data Processor).

For all text message services in this case, you can opt-out immediately by texting STOP to the short code from which you received a message. For full terms and opt-out options, please see our Terms & Conditions.

For other services in this case including email and phone communications, should you decide to stop receiving communications from us, you will have the opportunity to opt-out by following the unsubscribe instructions provided in the communication, or at the time of initial subscription.

If at anytime you wish to unsubscribe from any communication from us, or have us delete your Personal Information, you may do so by contacting us at privacy@crowdfactor.com.

Crowd Factor® does not disclose Personal Information to third parties for any purpose materially different from the purpose(s) for which it was originally collected. However, should that change in the future, Crowd Factor® will provide individuals with the option to opt-out of having that information disclosed.

Crowd Factor® as Data Processor

Crowd Factor® is not responsible for the collection of your consent to use your Personal Information when acting as a Data Processor for a Crowd Factor® Client. For any questions or concerns relating to your choice regarding your Personal Information, please contact your provider of services. Crowd Factor® commits to only processing your Personal Information as per the instructions received from your provider of services.

Crowd Factor® also provides solutions whereby clients can create and manage digital campaigns, including marketing messaging. In this case, our Client (and your Data Controller, Data Processor, and provider of services) is responsible for the set up (including choice and consent options) of this service. For any questions or concerns relating to your choice regarding your Personal Information, please contact your provider of services.

4. Data Integrity and Purpose Limitation

4.1 PURPOSE LIMITATION – We are committed to processing Your Personal Information fairly and lawfully. We process Personal Information that (I) we collect directly from our customers, (ii) we collect directly from our Clients, and (iii) that we collect from our Clients in our role as a service provider for the following business purposes, without limitation:

Maintaining and supporting our products and services, delivering and providing the requested products and services, and complying without contractual obligations related thereto (including managing transactions, reporting, invoices, renewals, and other operations related to providing services to Client);

- Storing and processing data, including Personal Information, in computer databases and servers located in the United States and elsewhere in the world; - Verifying identity and age requirements; - And as otherwise required by Applicable Laws.

4.2 DATA ACCURACY – Where Crowd Factor® is the Data Processor, we are not responsible for maintaining the accuracy of your Personal Information. Please contact your provider of services for further information regarding the accuracy of your Personal Information.

4.3 Crowd Factor® END USER INFORMATION

As part of Crowd Factor®’s services, we may receive information from wireless carriers, operators, or our clients, such as an end user’s phone number, carrier, and mobile device properties. In some limited instances, additional information such as a user’s geographic location or a mailing address is also provided. Additionally, we process message content from our clients which may contain personal information on behalf of an end user. Crowd Factor® does not create this content nor is it responsible for the content sent or received by our clients or any end user; we are simply the passive conduit through which the content is sent. Regardless, our agreements with our clients ensure that our client has the ultimate responsibility to obtain any and all required “opt-ins” or other consent(s) from end users prior to such information being sent. Any user information collected pursuant to the above is governed by this Policy as well as Crowd Factor®’s internal policies regarding confidential and personally identifiable information. We also include specific provisions in the contracts with our clients to ensure that responsibility for compliance-related obligations and message content is within their control. If you have questions or would like more information, please contact privacy@crowdfactor.com.

5. Recourse, Enforcement and Data security

5.1 Data Security – Your Personal Information is processed in accordance with our Data Security Policy. We are committed to protecting the security of Your Personal Information. We have adopted commercially reasonable security measures consistent with industry practice that are designed to assist in protecting against the loss, misuse and alteration of Your Personal Information which We process. No security system or system of transmitting data be guaranteed to be 100% secure.

5.2 Internal Recourse – The Data Protection Officer is responsible for ensuring compliance with Applicable Law and with this Policy. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to the Data Protection Officer at the following address: privacy@crowdfactor.com or via mail at to the attention of the Data Protection Officer, BC United LLC PO Box 100322 Denver, CO 80250

6. Disclosure and limitation on application of principles

6.2 We may be required to disclose your Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements of the countries in which we operate.

6.3 You may choose to directly disclose Personal Information through public message boards available. Information shared on the message boards will be accessible to the general public and Your information may be collected and used by others.

7. Dealing with subject access requests

7.1 When Crowd Factor® is the Controller of your Personal Information – You may request, correct, update, suppress or otherwise modify any of Your Personal Information or object to the use or processing of such Personal Information by Us. You must do so via a formal request by writing to Us at privacy@crowdfactor.com.

7.2 Although Crowd Factor® makes good faith efforts in providing You with access to Your Personal Information, We reserve the right to limit or deny such access where (i) the burden or expense of providing access would be disproportionate to the risks to Your privacy; (ii) where the legitimate rights of any third party would be violated as a result of Your request or (iii) where granting full access would reveal confidential information or breach a legal or other professional obligation.

7.3 Where Crowd Factor® is the data Processor, then Crowd Factor® is not in a position to respond to Your access request. We will pass Your request onto the relevant Data Controller.

8. Changes to this policy

8.1 We may revise this Policy at any time in our sole discretion. Any changes to this Privacy Policy will be effective immediately upon posting. You should check this page periodically for changes to the Policy. If You object to such changes, You must cease using our products and services immediately. Continued use or our products and services following notice of any such changes shall indicate Your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

9. Responsibility and management

9.1 RESPONSIBILITY – All our employees who handle Personal Information are required to comply with this Policy; any breach of this policy may result in disciplinary sanctions.

9.2 All Third Parties handling Personal Information are obliged to comply with this Policy when processing Personal Information on our behalf. Any actual breach of this policy may result in contractual or legal action.

9.3 CONTACT DETAILS – You can contact our Data Protection Officer at: privacy@crowdfactor.com.

This privacy policy was last updated on January 21, 2020.

© 2020 Crowd Factor® All Rights Reserved    |    Terms & Conditions    |    Privacy    |    Contact