1. What laws apply?
If you are located in the EEA, the EU General Data Protection Regulation applies to the processing of your personal data. If you are located in the UK, the UK General Data Protection Regulation applies to the processing of your personal data. References to the “GDPR” are references to the General Data Protection Regulation as it applies in the country where you are located. If you are located in Switzerland, the provisions of the Swiss Federal Data Protection Act (the “FDPA”) apply to you, and references to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA.
2. Who is the data controller?
Dynamo Software, Inc., 480 Pleasant Street, Suite B200, Watertown, MA 02472. Our EU GDPR representative is Dynamo Software Bulgaria Ltd., Krastova Vada District, 14 Filip Kutev str. Fl. 5, 1407 Sofia, Bulgaria, and our UK GDPR representative is Dynamo Software UK, Ltd., 40 Gracechurch St., London EC3V 0BT, United Kingdom.
3. What lawful bases of processing do we rely on?
We rely on the following legal bases to process your personal data, as appropriate:
- The processing is necessary for us to perform a contract with you or take steps at your request prior to entering into a contract per Article 6(1)(b) GDPR (“Contract Performance Legal Basis”);
- The processing is necessary for us to comply with an applicable legal obligation per Article 6(1)(c) GDPR (“Legal Obligations Legal Basis”);
- The processing is necessary for us to realize legitimate interests and such interests are not overridden by your privacy and other fundamental interests per Article 6(1)(f) GDPR (“Legitimate Interest Legal Basis”); or
- According to your consent per Article 6(1)(a) GDPR (“Consent Legal Basis”). In these cases, you can withdraw your consent at any time with future effect.
The following table outlines the legal basis and, where applicable, the legitimate interests pursued with respect to each purpose for which we process personal data.
|Purposes of Use or Disclosure||Legal Basis and Legitimate Interest|
||If we are contractually obligated to perform the processing based on the terms of a contract or to enter into a contract with you, Contract Performance Legal Basis.
Otherwise, we process your personal data on the Legitimate Interest Legal Basis—namely, to provide you with information about our offerings and maintain a positive business relationship with you, your company and other parties.
Otherwise, we process your personal data on the Legitimate Interest Legal Basis—namely, to provide you and others with a customized and secure user experience and to improve our services and communications so that we can continue to provide high quality offerings to you and others.
|To send and tailor our promotional communications to you||Consent Legal Basis if we have obtained your consent to market to you. You can withdraw your consent by following the unsubscribe prompts at the end of our email communications or by emailing email@example.com.
In all other cases, Legitimate Interest Legal Basis, if you have not objected to our marketing, for the purpose of increasing use of our products and services.
|To evaluate your job application and perform background checks||Consent with respect to collecting personal data you submit to us in your job application and performing background checks.
In all other cases, Legitimate Interest Legal Basis—namely, to determine whether you are a suitable candidate to join our team.
|To exercise our legal rights, defend and advance our legal interests, comply with applicable laws such as data protection laws, and protect against fraudulent, harmful and illegal activity||If we are legally obligated to perform the processing (such as to disclose personal information to a law enforcement authority with authorization under criminal law or to comply with data protection laws), Legal Obligations Legal Basis.
If we are contractually obligated to perform the processing, Contract Performance Legal Basis.
In all other cases, Legitimate Interest Legal Basis—namely, to exercise our legal rights, defend and advance our legal interests, and protect against fraudulent, harmful and illegal activity.
|To take steps to enter into a reorganization, restructuring, merger, acquisition or transfer of assets||Legitimate Interest Legal Basis—namely, to engage in a transaction that our management team considers to be advantageous to our business interests.
But we will seek your consent if we wish to use your purpose for any new purpose incompatible with those set forth in our privacy notices, and if you provide such consent, the Consent Legal Basis applies.
4. Where is your personal data processed and on what basis do we transfer personal data across borders?
If you consent to our use of third-party analytics and advertising cookies, your personal data will be processed by the following analytics and advertising partners.
|Third-Party||Service||For More Information||Use of Tracking Technologies||Privacy Choices|
|Google Adwords||Advertising||View here.||Yes||View here.|
|Google Analytics||Analytics||View here.||Yes||View here.|
|Microsoft Ads||Advertising||View here.||Yes||View here.|
|Hubspot||Inbound Marketing||View here.||No||View here.|
We take measures to ensure that our service providers and other recipients in the United States provide an adequate level of data protection by entering into appropriate data transfer agreements based on Standard Contractual Clauses that have been approved by the relevant authorities and performing data protection assessments of data transfer arrangements as appropriate. Data transfer agreements are accessible via the websites of the service providers listed above or upon request by contacting us at the details shown further below.
5. Are you legally required to provide personal data?
You are not legally required to provide us with your personal data, but if you do not provide us with personal data that we reasonably need to provide our websites, services or communications, or evaluate your job application, you may not be able to fully use our offerings or be considered for a job posting. If you do not allow us to collect information through cookies and similar technology, some parts of our websites and online services may not work properly or be as tailored to you as they could otherwise be, but they will still generally be usable. We will inform you of personal data that we reasonably need to fulfill the purposes in our privacy notices, such as by marking certain fields as mandatory on online forms requesting personal data from you.
6. How long do we retain personal data?
If you have entered into a commercial contract with us, we retain your personal data for as long as the contract is in effect and until any legal rights or obligations related to that contract have expired, except for business contact details which may be retained longer for follow-up business communication with the organization that you represent. The processing and retention of data which our business clients use in our services pursuant to a commercial contract is subject to such contract. If you have signed up for promotional information from us, we retain your personal data until you have unsubscribed, after which we retain a record of your decision to unsubscribe so that we can honor your decision. Notwithstanding the above, we may keep your personal data for a longer period if any of the following apply:
- Applicable laws, court orders, subpoenas or other legal directives require us to retain your personal data for a legally prescribed period, in which case we will keep that personal data for the legally prescribed time period before deleting it;
- Your personal data is relevant to potential legal claims by or against us, in which case we will keep that personal data for as long as the legal claims can be made or, if it has been made, for as long as the personal data is relevant to the resolution of the claims or any appeal thereto; or
- We need additional time to verify that the purposes for which we collected your data no longer apply, in which case we will delete the data following such verification.
7. Your Rights
In the EEA, Switzerland and the UK, you have the following rights, subject to the conditions under the GDPR and/or local data protection law:
- To object, on grounds relating to your particular situation, to the processing of your personal data by us. This includes the right to object to our processing of your personal data for direct marketing and the right to object to our processing of our personal data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. If we process your personal data based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your personal data for direct marketing for our own products and services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
- To obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data.
- To obtain from us the rectification of inaccurate personal data concerning you.
- To ask us to erase your personal data to the extent it is not required for legally required purposes.
- To request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
- To receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
- To lodge a complaint with a supervisory authority (only for EEA and UK). However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
- In some jurisdictions such as France and Portugal, you also have the right to provide us with guidelines as to the processing of your personal data after your death.
You may view a list of supervisory authorities in the EEA, UK and Switzerland and their respective contact information here:
|Jurisdiction||Data protection authority’s website|
To exercise your rights under applicable privacy law, to raise a privacy concern, or to make a data-related request, please submit your request through one of the following channels:
- Use our contact form
- Email us at firstname.lastname@example.org
- By mail sent to Dynamo Software, Privacy Office, 480 Pleasant Street, Suite B200, Watertown, MA 02472.
Any requests to exercise your privacy rights or make a data-related request must be in writing and include your name and address and any other information that may identify you. For certain requests, you must also provide information that we reasonably request from you so that we can verify your identity.