IPO Prophet® GDPR Compliance

Last Modified: October 4, 2023

IPO Prophet® GDPR Privacy Addendum

Introduction

This GDPR Privacy Addendum supplements the information contained in our Privacy Policy and applies solely to the users of our Website and/or Mobile App who are located in the European Economic Area, the United Kingdom, or Switzerland. We adopt this GDPR Privacy Addendum to comply with the European Union's General Data Protection Regulation, and any laws implementing the foregoing by any member states of the European Economic Area, the United Kingdom (including the UK Data Protection Act and the UK-GDPR), and or Switzerland (collectively, the “GDPR”). Unless otherwise defined in this GDPR Privacy Addendum, any terms defined in the GDPR or our Privacy Policy have the same meaning when used in this GDPR Privacy Addendum. When this GDPR Privacy Addendum is applicable to you, it takes precedence over anything contradictory in our Privacy Policy.

Information We Collect About You and How We Collect It

The Personally Identifiable Information (“PII”) we collect and the ways in which we collect it is described in our Privacy Policy.

Data Controller, Data Protection Officer, and Representative

IPO Prophet® is the data controller of your PII. At this time, IPO Prophet® is not required to appoint a Data Protection Officer or representatives in either the European Union or the United Kingdom, and has elected not to do so. IPO Prophet® may be contacted in any manner set forth below in the Contact Information section of this GDPR Privacy Addendum.

Lawful Basis for Processing Your PII

The processing of your PII is lawful only if it is permitted under the GDPR. We have a lawful basis for each of our processing activities (except when an exception applies as described below):

  • Consent. By using our Website or Mobile App, you consent to our collection, use, and sharing of your PII as described in our Privacy Policy and this GDPR Privacy Addendum. If you do not consent to the terms of our Privacy Policy and this GDPR Privacy Addendum, please do not use the Website or Mobile App;

  • Legitimate Interests. We will process your PII as necessary for our legitimate interests. Our legitimate interests are balanced against your interests and rights and freedoms and we do not process your PII if your interests or rights and freedoms outweigh our legitimate interests. Our legitimate interests are to: facilitate communication between IPO Prophet® and you; detect and correct bugs and to improve our Website or Mobile App; safeguard our IT infrastructure and intellectual property; detect and prevent fraud and other financial crime; promote and market our business; and develop our product and services.

  • To Fulfill Our Obligations to You. We process your PII in order to fulfill our obligations to you pursuant to our Terms of Use to deliver our products and services to you.

  • As Required by Law. We may also process your PII when we are required or permitted to by law; to comply with government inspections, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.

Special Categories of Information

IPO Prophet® does not ask you to provide, and we do not knowingly collect, any special categories of PII from you.

Automated Decision Making

IPO Prophet® does not use your PII with any automated decision-making process, including profiling, which may produce a legal effect concerning you or similarly significantly affect you.

How We Use Your PII

We use your PII as described in our Privacy Policy.

Disclosure of Your PII

We do not share or otherwise disclose your PII for purposes other than to the entities and for the purposes described in our Privacy Policy.

Accessing, Correcting, and Deleting Your PII

The GDPR provides you with certain rights with regards to our processing of your PII. These rights replace the similar rights provided in our Privacy Policy or are supplemental to such rights.

  • Access and Update. You can access, review, correct, and/or update your PII by logging into the Website or Mobile App and visiting your Profile page. You may also notify us through the Contact Information below to ensure your PII is complete, accurate, and as current as possible. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

  • Restrictions. You have the right to restrict our processing of your PII under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your PII is determined to be unlawful, or if we no longer need your PII for processing but we have retained it as permitted by law. To restrict use of any PII, please contact us through the Contact Information below.

  • Portability. To the extent the PII you provide IPO Prophet® is processed based on your consent and that we process it through automated means, you have the right to request that we provide you a copy of, or access to, all or part of such PII in structured, commonly used, and machine-readable format. You also have the right to request that we transmit this PII to another controller, when technically feasible.

  • Withdrawal of Consent. To the extent that our processing of your PII is based on your consent, you may withdraw your consent at any time by closing your account. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your PII.

  • Right to be Forgotten. You have the right to request that we delete all of your PII. We cannot delete your PII except by also deleting your user account. We may not accommodate a request to change or delete information if we believe the change or deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your PII as set forth in this GDPR Privacy Addendum.

  • Complaints and Dispute Resolution. You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.

  • How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods listed under the Contact Information section below. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your PII, you may be charged a fee subject to a maximum set by applicable law.

Consent to Processing of PII in Other Countries Outside the European Economic Area or the United Kingdom

In order to provide our Website or Mobile App, products, and services to you, we may send and store your PII outside of the EEA or the United Kingdom, including to the United States. Accordingly, your PII may be transferred outside the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your PII. Your information may be processed and stored in the United States and United States federal, state, and local governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your information through the laws of the United States. By using our Website or Mobile App, you represent that you have read and understood the above and hereby consent to the storage and processing of PII outside the country where you reside or are located, including in the United States.

Your PII may be transferred by IPO Prophet to another country, only if it is required or permitted under the GDPR and provided that there are appropriate safeguards in place to protect your PII. To ensure your PII is treated in accordance with our Privacy Policy and this GDPR Privacy Addendum when we transfer it to a third party, IPO Prophet® uses data protection agreements between IPO Prophet® and all other recipients of your data that include, where applicable, the standard contractual clauses adopted by the European Commission and/or the Information Commissioner's Office in the United Kingdom (collectively, the “Standard Contractual Clauses”). The European Commission and the Information Commissioner's Office in the United Kingdom have determined that the transfer of PII pursuant to the Standard Contractual Clauses provides for an adequate level of protection of your PII, however, the Standard Contractual Clauses may need to be supplemented in some cases with additional measures on a case-by-case basis after an analysis that such supplemental measures can provide you with an essentially equivalent level of protection as afforded in the EEA and/or the UK. When, as a result of this analysis, we believe this to be appropriate and necessary, the Standard Contractual Clauses have been supplemented in this way. Under these Standard Contractual Clauses, you have the same rights as if your PII was not transferred to such third country. You may request a copy of the Data Protection Agreement by contacting us through the Contact Information below.

Retention of PII

IPO Prophet® shall retain PII in accordance with our privacy and information security policies, which establish general standards and procedures regarding the retention, handling, and disposition of our records, including PII. PII will be retained for five (5) years before being automatically destroyed, or as long as necessary to meet legal and regulatory requirements. Retention may be extended if we are required to preserve personal information in connection with litigation, investigations, and proceedings.

Changes to this GDPR Privacy Addendum

We may change this GDPR Privacy Addendum at any time. It is our policy to post any changes we make to our GDPR Privacy Addendum on this page. If we make material changes to how we treat our users' PII, we will notify you by email to the email address specified in your account. The date this GDPR Privacy Addendum was last revised is identified at the top of the page. You are expected to and responsible for ensuring we have an up-to-date active and deliverable email address for you, and for regularly reviewing this GDPR Privacy Addendum to check for any changes. Your continued use of our Website or Mobile App following the posting of changes constitutes your acceptance to such changes.

Contact Information

If you have any questions or concerns regarding our Privacy Policy or the ways in which we collect and use your PII described in this Privacy Policy, have any requests related to your PII pursuant to applicable laws, or otherwise need to contact us, you may do so at the contact information below, or through the “Contact Us” page on our Website or Mobile App.

IPO Prophet® Software LLC
1500 N. Grant Street, Suite 4128
Denver, CO 80203
United States
info@ipoprophet.com