- Scope and Applicability
- Data Controller and Data Protection Officer
Email address: firstname.lastname@example.org
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
- The Information we collect from all Users
This is the information that you choose to provide and/or that enables Users to be personally identified.
Other Webform Data (information collected when you engage with us through our webforms, surveys and questionnaires, blogs, discussion forums, or live chat).
The type of data we may collect from Registered Users and are:
- Identity Data, which includes [first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender].
- Contact Data, which includes [billing address, delivery address, email address and telephone numbers].
- Financial Data, which includes [bank account and payment card details].
- Transaction Data, which includes [details about payments to and from you and other details of products and services you have purchased from us].
- Technical Data, which includes [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website].
- Profile Data, which includes [your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses].
- Usage Data, which includes [information about how you use our website, products and services].
- Marketing and Communications Data, which includes [your preferences in receiving marketing from us and our third parties and your communication preferences].
- Aggregated data
- Special Categories of Personal Data
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and/or information about criminal convictions and offences
- Failure to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
- Our Uses of Personal Information
We use Registered User Information to:
- Operate and provide you with the Services: We use information to improve our products and services. We may use your information to make our website, apps and products better. We might use your information to customize your experience with us.
- Communicate with you and send you marketing communications: We may use information to respond to your requests or questions. For example, we might use your information, such as your email address, to respond to your customer questions or feedback.
- We may use information for security purposes. We may use information to protect our company, a client, and/or our website and apps.
- Analyze your preferences, interests and behavior in order to provide you with tailored content and the most relevant content and communications;
- To determine demographics of platform usage
- We may use information for promotional purposes. For example, we might provide you with information about new features, updates, new products or special offers from time to time.
- Lawful Basis for Processing.
Depending on your circumstances and your relationship with us, we may process your Personal data on the following lawful bases:
- CONSENT: where you have given consent to the processing of his or her Personal Information for one or more specific purposes;
- CONTRACT: where the processing is necessary for the performance of a contract with you (e.g., to deliver the service you have requested);
- LEGAL OBLIGATION: where processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., for compliance with securities laws); and
- LEGITIMATE INTERESTS: where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, not overridden by the interests or fundamental rights and freedoms of the data subject, (e.g., for product development and analytics purposes).
- How We Share Personal Data
Atriom shares and discloses Personal Information to other parties as needed to provide our Services and operate our business. The categories of other parties (third parties) with whom we may share information include:
- Affiliates and Subsidiaries— Atriom may share your Personal data with affiliates and subsidiaries.
- Service Providers—We may share the personal data that you have provided us with certain third-party services, including payment processors, web services providers, developers, security and storage service providers, analytics service providers, and providers used to analyze our websites’ and applications’ functionalities.
- Business Services—We may share any category of Personal Data with our business services providers in the operation of our business and facilitation of the Services, including agents, auditors, financial institutions, and professional advisors.
- Corporate Activities—We may share any category of Personal Data with other companies or entities as part of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock. In such case your Personal Data may be transferred to the potential or actual acquirer, successor, or assign.
- Government and Legal—We may share any category of Personal Information with other parties, including public authorities, as may be required by applicable law, regulation, or legal process.
Note that Atriom will not rent, sell, or share information about you with other people or non-affiliated companies.
- Data Retention and Disposal
We will only retain personal information on our servers for as long as is reasonably necessary as long as we are providing Services to you. Your information is kept on our servers after you close your Account to the amount required to meet regulatory requirements and for monitoring, detecting, and preventing fraud. Where we retain your personal information, we do it in accordance with any applicable legal limitations periods. We may retain your personal data for a longer period:
- In the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
- To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
- Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
- In some circumstances you can ask us to delete your data: see your legal rights below for further information.
- In some circumstances, we will anonymise your personal data so that it can no longer be associated with you for research or statistical purposes, in which case we may use this information indefinitely without further notice to you
- Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- The Services are not intended for Children.
Our Services are meant for use by adults only. We do not knowingly collect personally identifiable information from children under 13 without permission from a parent or guardian. If you are a parent or legal guardian and you think your child under 13 has given us information, you can email us. You can also write to us at the address listed at the end of this Policy. Please mark your inquiries “COPPA Information Request”.
- Log Files
Atriom follows a standard procedure of using log files. These files log visitors when they visit our website or app. All hosting companies do this and this is a part of hosting services analytics. The information collected by log files include your Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.
- Cookies and Web Beacons
Like any other website, Atriom uses 'cookies'. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.
- Third Party Privacy Policies
- The Services are not intended for Children.
Our Services are meant for use by adults only. We do not knowingly collect personally identifiable information from children under 13 without permission from a parent or guardian. If you are a parent or legal guardian and you think your child under 13 has given us information, you can email us. You can also write to us at the address listed at the end of this Policy. Please mark your inquiries “COPPA Information Request”
- Third-Party Sites, Blogs, and Social Media
Our website offers a publicly accessible blog. Information you provide in relation to blogs, including comments, may be displayed publicly and read, collected, and used by others who access them. To request removal of your Personal Information from our blog, contact us at email@example.com. In some cases (e.g., comments made on a Deal page that must be retained by law), we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.
- Third Party Policies.
- Transfers of Personal Data.
We may need to transfer your Personal Data outside of the country from which it was originally provided. This may be Atriom or third parties that we work with who may be located in jurisdictions outside Nigeria, the EEA, Switzerland and the UK which have no data protection laws or laws that are less strict compared with those in Europe. Whenever we transfer Personal Data outside of the EEA, Switzerland or the UK, we take legally required steps to make sure that appropriate safeguards are in place to protect your Personal Data. Such transfers will be made pursuant to the standard data protection clauses adopted by the Commission (EU Standard Contractual Clauses (Processors). In the event that EU authorities or courts determine that the transfer mechanism above is no longer an appropriate basis for transfers, Atriom and customer shall promptly take all steps reasonably necessary to demonstrate adequate protection for the Personal Data, using another approved mechanism.
- Data incident Notifications.
In cases where we are a data controller over data accessed in an unauthorized manner, we will notify the affected users directly. When we are solely a processor of data, we will notify event organizers we determine to be most likely in contact with that individual around the time of a data incident involving the unauthorized access of that individual’s Personal Data.
- General Data Protection Regulation(GDPR) Data Protection Rights.
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access - You have the right to request copies of your personal data. We may charge you a small fee for this service.
- The right to rectification - You have the right to request that we correct any information you believe is accurate. You also have the right to request that we complete the information you believe is incomplete.
- The right to erasure - You have the right to request that we erase your personal data, under certain conditions.
- The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability - You have the right to request that we transfer the data we have collected to another organization, or directly to you under certain conditions.
- If you make any request, we have a month to respond to you. If you would like to exercise any of these rights, please contact us.
The GDPR requires us to tell you about the legal ground we're relying on to process any personal data about you. The legal grounds for us processing your data include:
- You provided your consent;
- It is necessary for our contractual relationship.
- The processing is necessary for us to comply with our legal or regulatory obligations; and/or
- The processing is in our legitimate interest to fulfill our service as an event organizing, content providing, and ticketing platform( for example, to provide you with customer service, and to protect the security and integrity of our systems, etc.)
- For Nigerian Users.
We shall comply with the provisions of the Constitution of the Federal Republic of Nigeria 1999 (as amended), the Nigeria Data Protection Regulation 2019, The Federal Competition and Consumer Protection Act 2019, Cybercrimes (Prohibition, Prevention) Act 2015, National Identity Management Commission Act, 2007, National CyberSecurity Policy and Strategy 2021 and all other relevant laws, legislations and regulations in collecting, storing, using and sharing data of organizers, consumers and visitors of Atriom.
- Privacy Shield.
We comply with the EU-US Privacy Shield regarding the collection, use and retention of personal information transferred from the EU and Switzerland. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. As participating in the Privacy Shield, we are subject to the jurisdiction and enforcement powers of the US Federal Trade Commission. We may be liable for the onward transfer of personal data to a third-party agent, as described in the Privacy Shield Principles. Under certain circumstances, we may be required to disclose personal information to public authorities, for law enforcement purposes. To learn more about the Privacy Shield framework please visit: https://www.privacyshield.gov/.
- California Users.
For purposes of this Section 16 only, the terms “personal information,” “collection,” “sell,” “business purpose” and “commercial purpose” have the meaning given to them under the California Consumer Privacy Act of 2018 (the “CCPA”). If you reside in California, you have certain rights set forth below. These rights are in addition to any other rights you may have under this Policy. If you have any questions about these rights or how to exercise them, please contact us. Please note that we may disclose your personal information for business or commercial purposes as described in this Policy.
Disclosure and deletion requests: You have the right to request that we disclose to you what personal information about you we collect, use, disclose and sell. Subject to certain limitations in the CCPA, you also have the right to request that we delete your personal information. You may submit such a request by contacting us. If you submit a request by email, your email must include “California Request” in the subject line. We will not discriminate against you for exercising your rights under the CCPA.
In addition, you have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. Please note that we do not disclose your personal information to any third parties for their direct marketing purposes, except for any Client whose Event you have registered for, in which case the Client may use your personal information for their direct marketing purposes. To make a request, please send us an email or write to us. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry.
Right to opt out: The CCPA also provides California consumers the right to opt out of the sale of their personal information. As explained in this Policy, we do not sell the personal information of our users.
Verification: We reserve the right to verify any request made under the CCPA by asking you to provide supporting documentation that the request is submitted by you, although we are not obligated to verify a request. You may also choose to have an agent submit a request on your behalf, in which case we may, but are not obligated to, verify that the agent is authorized to act on your behalf. We assume no responsibility for responding to any consumer requests.
- For European Users
For European Users Data Protection Laws. If you are a resident of the European Union (“EU”) or Switzerland, you are entitled to certain protections under the EU’s General Data Protection Regulation (“GDPR”) and/or other applicable laws (collectively, the “Data Protection Laws”), and this section applies to your use of the Services. As used in this section, the terms “processing,” “processor,” “controller” and “personal data” have the meaning given to them in the Data Protection Laws.
- Dispute with Us
- Contact Us: If you have a complaint about Atriom’s privacy practices you should get in contact with our Data Protection Officer via firstname.lastname@example.org. We will take reasonable steps to work with you to attempt to resolve your complaint.
- Time limit To Respond: We try to respond to all legitimate requests within 30 days. Occasionally it could take us a longer period to process your request. If we require more time, we will inform you of the reason and extension period in writing. Please note that requests are subject to appropriate verification before processing.
Atriom and the disputing party shall seek to resolve the dispute amicably by using Alternative Dispute Resolution (‘ADR’) procedure acceptable to both parties before pursuing any other remedies available to them.
If you are a resident in the EEA and you believe we are unlawfully processing your personal data, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
If you are a resident in the UK, the contact details for the data protection authority is available here: email@example.com
If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html
- Contacting Atriom