Updated as of April 2019
General Data Protection Regulation
We do not knowingly advertise in or market our Services to residents of the European Union (EU). However, our Website and/or App do not restrict visitors from the EU. In other words, we do not have in place any geolocation fences to prevent EU residents from accessing our Website and/or App. As a result, we provide the foregoing disclosure to EU data subjects.
Our Company’s processing of Personal Information, such as the name, address, email address, or telephone number of a data subject (“Personal Information” or “Personal Data”) that is voluntarily supplied by you, or supplied by an authorized third party, shall always be in line with the General Data Protection Regulation (“GDPR”), and in accordance with the country-specific data protection regulations applicable to the Company.
Legitimate Business Interest under the GDPR. Our use of your Personal Information is based on the legitimate business grounds that:
- The use is necessary in order to fulfill our commitments to you under our Terms of Service or other agreements with you or is necessary to administer your account – for example, in order to enable access to our Website on your device or charge you for our Services;
- The use is necessary for compliance with a legal obligation;
- The use is necessary in order to protect your vital interests or those of another person or entity;
- We have a legitimate interest in using your information – for example, to provide and update our Website or Services, to improve our Website or Services so that we can offer you an even better user experience, to safeguard our Website or Services, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Services, and to personalize your experience; and/or
- You have given us your consent.
Your Privacy Rights under the GDPR. The GDPR includes the following rights for you, as an EU data subjects, if you provide Personal Information to the Company in connection with accessing the Services or visiting our Website:
- The right to be informed about how we store, use, or share your data;
- The right to access your data;
- The right to rectify your data;
- The right to have us erase your data;
- The right to prevent us from processing your data;
- The right to request copies of your data from us in a commonly-used and machine-readable format, free of charge, for the purposes of transfer to a third party, where technically feasible;
- The right to object to use or sharing of your data; and
- The right not to be subject to automated decision-making, including profiling.
Data Controller. The Company is the “data controller,” as defined under the GDPR, or the legal entity which determines the purposes and means of the processing of Personal Information of the customers of the Company and visitors to its Website. The Company is responsible for collecting your consent, managing consent-revoking, enabling right to access, etc. If you wish to revoke consent for us to store, use, or share your Personal Information, you may contact us at WaferNet.
Data Processor. The Company is the “data processor,” as defined under the GDPR, or the legal entity which processes your Personal Information. The Company has not retained any third-party service provider to process your Personal Information. Any processing of Personal Information shall be done solely by the Company. The Company maintains records of any processing activities it performs, and is able to show how the Company complies with the data protection principles under the GDPR. It has effective policies and procedures in place. If you have questions regarding the processing of your Personal Data, you may contact us at WaferNet.
Breach. The Company has reasonable internal policies and procedures in place to effectively detect, report, and investigate a data breach. The GDPR defines a Personal Information breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information.” The Company will notify you of a Personal Information breach where the Personal Information breaches are likely to present a risk to data subjects to data protection authorities (“DPAs”) without undue delay, and within 72 hours if feasible, after becoming aware of the breach; and communicate high-risk breaches to affected data subjects without undue delay. The Company will provide you with: (i) contact details of the Data Protection Officer (DPO) or other contact person, (ii) a description of the nature of the breach, (iii) likely consequences of the breach, (iv) measures the organization has taken or proposes to take to address the breach, and (v) advice on steps data subjects can take to protect themselves.
Data Protection Officer. The Company is not formally required to designate a Data Protection Officer (“DPO”) because it is not: (1) a public authority; (2) an organization that carries out regular and systematic monitoring of individuals on a large scale; or (3) an organization that carries out large scale processing of special categories of data, such as health information or information about criminal convictions. Nonetheless, the Company voluntarily elects to appoint Frank Chang, the Director of Operations of the Company, as the DPO for this Company. Mr. Chang is responsible for data protection compliance and can answer any questions you may have about your Personal Information. He may be reached here.
Our Response to Your Requests. If you make any requests regarding your Personal Information, we will not charge you for compliance with the request. The Company will respond and comply within one month. The Company reserves the right to refuse or charge for requests that are manifestly unfounded or excessive. If we refuse your request, we will tell you why we are refusing your request. You have the right to complain to the relevant supervisory authority and to a judicial remedy, but you must do so within one month of our refusal.
Complaints. Without prejudice to any other administrative or judicial remedy, every EU data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement of the data subject considers that the processing of Personal Information relating to him or her infringes this Regulation.
Data Protection Impact Assessment (DPIA). Please note: the Company is not required to undergo a DPIA because data processing is not likely to result in a high risk to data subjects, such as in cases where: (1) new technology is being deployed; (2) profiling operations may significantly affect individuals; or (3) processing is on a large scale and involves special categories of data. If you have any questions regarding this matter, please contact Mr. Chang, our Data Protection Officer.
Use and Sharing of Personal Information, Generally
- To respond to your inquiries and your requests regarding our Website or Services.
- To send you information regarding our services and changes to our terms, conditions, and policies.
- To complete your Website registration, process your payments, and communicate with you regarding your purchase of our Services.
- In connection with our other legitimate business purposes, as described above, including but not limited to data analysis, audits, fraud monitoring and prevention, developing or enhancing new and existing products and/or services, expanding our business activities, etc., or with our Company’s authorized service providers, business affiliates, and business partners, for business purposes, as necessary.
We will not use and/or share your Personal Information:
- To run interest-based advertising campaigns that collect Personal Information such as email addresses, telephone numbers, and credit card numbers.
- To use or associate Personal Information with remarketing lists, cookies, data feeds, or other anonymous identifiers.
- To use or associate targeting information, such as demographics or location, with any Personal Information collected from the ad or its landing page.
- To share any Personal Information with Google or third party companies through our remarketing tag or any product data feeds which might be associated with our ads.
- To send Google or third party companies precise location information without obtaining your consent.
However, we reserve the right to disclose Personal Information that we believe, in our sole discretion, to be necessary or appropriate in the following circumstances:
- As required by law, such as to comply with a subpoena, or similar legal process.
- When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
- To enforce our Terms and Conditions.
- To allow us to pursue available remedies or limit the damages that we may sustain.
Website Tracking Technologies
We may, either directly or through third party companies and individuals we engage to provide services to us, also track your use of our Website and access to our Services for purposes of our own customer support, analytics, research, product development, fraud prevention, risk assessment, regulatory compliance, investigation, etc. Specifically, the Company may use the foregoing technologies to track your activity on our Website:
Cookies. When you visit our Website or otherwise interact with the Service, we may send one or more “cookies” to your computer or other devices. Cookies are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your web experience. Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content, allowing third parties to provide social sharing tools, and serving images or videos from third party websites. Some features on this site will not function if you do not allow cookies. We may link the information we store in cookies to any Personal Information that you submit while visiting our Website.
We may use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies enable us to track and target the interests of our users to enhance the experience on our site.
Functional cookies, persistent and session type, store information to enable core site functionality, such as Live Chat and Client ID remembrance.
Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site and our marketing campaigns.
Advertising cookies may be set through our Website by our advertising partners. Data may be collected by these companies that enable the companies to serve up advertisements on other sites that are relevant to your interests.
If you reject cookies, you may still use our site, but some features on the site will not function properly.
Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Service, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third party service provider, is active only while you are connected to the Service, and is deactivated or deleted thereafter.
ETag, or entity tag. A feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash and/or HTML5 cookies.
Do Not Track
The Children’s Online Privacy Protection Act of 1998 (COPPA) and its accompanying FTC regulation protects the privacy of American children aged 13 and under, who are using the Internet. The GDPR sets the age at which a EU child can give their own consent in order to process their Personal Data at 16 years of age.
The Website and our related Services are not intended for anyone under 16, and we do not knowingly collect information from anyone under the age of 16. Anyone aged 16 or under should not submit any Personal Information without the permission of their parents or guardians. Parents or guardians may, on behalf of their children, submit their children’s Personal Information. By using the Website and our related Services, you are representing that you are at least 16 years old and that you have the relevant legal authority to submit your Personal Information or that of a third-party minor, to the Company or on the Company’s Website.
Links to Other Websites
We maintain reasonable and appropriate, although not infallible, security precautions. However, we cannot guarantee that hackers or unauthorized personnel will not gain access to your Personal Information, despite our reasonable efforts. You should note that in using the Website, app, and/or our related Services, your information will travel through third-party infrastructures which are not under our control. Please feel free to raise any questions, concerns or specific directions you may have regarding the privacy and security of your information to WaferNet.
We will retain your Personal Information for four (4) years, or as long as needed to provide the applicable Services. Our data retention period may change in the future if a longer retention period is required or permitted by law.
Your California Privacy Rights
Under California Civil Code Section 1798.83, California customers are entitled to request information relating to whether a business has disclosed Personal Information to any third parties for the third parties’ direct marketing purposes. This code applies to businesses with 20 or more full or part-time employees.
We do not disclose your Personal Information to third parties for their marketing purposes. Nevertheless, as a courtesy, you may request and obtain from us once a year, free of charge, certain information about the Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of Personal Information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to WaferNet.
Incorporation into Terms of Service
If, at any time after registering, you change your mind about receiving information from us or about the use of information volunteered by you, or if you prefer that we do not share your Personal Information with third parties for marketing purposes, please contact us at WaferNet.
If you have any questions or concerns relating to our use of your Personal Information, please email WaferNet. Additionally, you may reach us by postal mail at: Wafernet, Inc., 2142 Paragon Drive, San Jose, CA 95131.