Recent changes in privacy laws, particularly in the European Union (“EU”) with the introduction of the General Data Protection Regulation (“GDPR”), have caused us to review our policies and procedures for communicating with those living in the EU, and others whose “Personal Data” (defined below) may be subject to the GDPR, as we export data for processing within the EU, but primarily at the Advion headquarters, located in the United States. We have not significantly changed our practices and policies as many of the GDPR’s requirements are current best practices that we already adhere to, and apply to Data Subjects and individuals in all countries. We generally do not process special categories of Personal Data, and where there are exceptions to this rule, we will not further process such data except as we may notify you from time to time. Our organization follows strict compliance with the California Online Privacy Protection Act, the US CAN-SPAM policy, and the GDPR across all platforms of communication.
Under the GDPR, “Personal Data” means any information relating to an identified or identifiable “Data Subject;” specifically including, but not limited to, name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. A Data Subject is an identifiable natural person, i.e., one who can be identified, directly or indirectly, in particular, by reference to Personal Data. Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Process” and “processed” have a corresponding meaning.
The GDPR prohibits the processing of “special categories” of Personal Data unless certain exceptions apply, because this type of data could create more significant risks to a Data Subject’s fundamental rights and freedoms. For example, an unauthorized disclosure of “special categories” of Personal Data may put Data Subjects at risk of unlawful discrimination. For this purpose, processing of “special categories” of Personal Data includes processing of: (i) Personal Data that reveals; (A) racial or ethnic origin, (B) political opinions, (C) religious or philosophical beliefs, or (D) trade union membership; or (ii) (A) genetic data, (B) biometric data for the purpose of uniquely identifying a natural person, (C) data concerning health; or (D) data concerning a natural personal’s sex life or sexual orientation.
- What information we collect about you
- How and why we process your information, including how we share your information and with whom
- How we protect your information
- How we store your information
- Our legal bases for processing your information
- Privacy management (how you can exercise your rights under applicable law)
What information we collect about you
We may collect and process data from the following sources:
- Information provided by you: When ordering, registering or subscribing from forms on our site, as appropriate, you may be asked to enter your name, email address, phone number or other details to help you with your experience.
- Outside sources: We may collect information offline from sources such as conferences, advertising, and individual relationships.
How and why we process your information, including why we share your information and with whom
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, or browse the website in the following ways:
- To provide you with Advion product materials to fulfill your request (including digital literature such as brochures, application notes, product notes, etc.).
- To send periodic emails regarding your order or other products and services.
- To follow up with you after correspondence (live chat, email or phone inquiries).
- To offer updated legal and privacy information regarding your Personal Data.
Advion maintains the majority of the information, however we reserve the right to share your information if necessary to do so to fulfill a contractual obligation or to direct your inquiry to the appropriate individual. In this regard, we may share your information with our business partners, distributors and payment processors. All third-party agreements will meet or exceed the standard set by the GDPR. We may transfer data to countries other than the country in which the information was collected; however, the data is managed through secure platforms which are listed below in the “How we store your information” section.
How we protect your information
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our website as safe as possible. These include:
- Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
- A variety of security measures are implemented when users enter, submit, or access their information to maintain the privacy and security of personal information.
- All transactions are processed through gateway providers and are not stored or processed on our servers.
- No third-party disclosure, links, products or services are offered. We do not sell, trade or otherwise transfer your Personal Data to outside parties.
How we store your information
Compliance with the GDPR, the EU-US Privacy Shield, and US CAN-SPAM mandates are all strictly adhered to.
- Customer Relationship Management (CRM) platform: Our CRM platform allows access to limited Personal Data to provide customer fulfillment, marketing opportunities, and individual follow up. This data is stored on external third-party servers that exceed compliance standards. Read more about our CRM third-party security policy here.
- Demographics and Interests Reporting via Google Analytics: We, along with third-party vendors such as Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together track visitor demographics, time on site, and page views.
Our legal bases for processing your information
Under the GDPR, Advion must have a legal basis for processing Personal Data. We have determined that we will use one of three lawful bases for processing Personal Data where the GDPR is triggered:
- Consent – in some cases Advion may request your consent to collect and process your Personal Data. You may later withdraw your consent by contacting us as described in the “Privacy Management” section.
- Contractual – in some cases processing of Personal Data may be necessary for legal compliance or for execution of a contractual obligations. You may not be able to opt-out of this processing, or if you do we may not be able to fulfill our legal or contractual obligations.
- Legitimate interests – Advion may collect and process your Personal Data based on the legitimate interests of Advion in communicating with you about our products and services. You will be offered clear opt-out at the point of collection as well as in every message we send, and you may opt-out at any time as described in the “Privacy Management” section.
Privacy Management- Your Rights:
- In certain specific circumstances, you have a right to:
- request a copy of any Personal Data that we hold about you,
- ask us to make corrections to inaccurate or incomplete data about you,
- ask to receive your Personal Data in a machine-readable format and for Advion to transmit that data to another data controller of your choice,
- request the erasure of your Personal Data,
- seek restriction of the processing of your Personal Data, and/or
- object to the processing of Personal Data about you.
- If you would like to exercise any of these rights, or to opt-out of any further communications from us, you can email us at email@example.com follow the ‘opt-out’ instructions that will be included with all direct marketing communications.
- Marketing outreach: Based on your regional data privacy laws and regulations, we inform contacts, as appropriate, prior to collecting your data if we intend to use your data for marketing purposes. You may opt-out at any time.
- Data breach: In accordance with fair information practices and the GDPR we will notify you via email within 1 business day if we determine a reportable data breach involving your information has occurred.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
61 Brown Rd., Suite 100
Ithaca, NY 14850
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
You can change your personal information:
- By emailing us at firstname.lastname@example.org
- By calling us at 607-266-9162
Last Edited on 2019-09-09