Updated July 7, 2023
To Whom Does this Policy apply?
Acceptance of Terms
International Data Transfers
Ceros may transfer your Personal Data to countries other than the one in which you live. We have the following safeguards in place if Personal Data is transferred from jurisdictions with differing data protection laws:
- GDPR’s Standard Contractual Clauses. Ceros offers the European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements required by the European Union and the United Kingdom. A copy of our standard Data Processing Addendum (“DPA”), incorporating Model Clauses, is available upon request..
- Privacy Shield. While we do not rely on the Privacy Shield, we do continue to keep to the commitments below that we made when we certified to the Privacy Shield framework. Ceros, Inc. and certain affiliates (Ceros Crowd Fusion, Ltd.) participate in the E.U.-U.S. and Swiss-U.S Privacy Shield framework regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States. Our certification with the E.U.-U.S. and Swiss-U.S Privacy Shield programs can be verified at www.privacyshield.gov. In accordance with this certification, we are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and may be required to disclose personal information that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, and we commit to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
How we collect and use information
- Information that can be used to identify you (“Personal Information”), and
- Information that does not identify you (“Other Information”).
When you request information about our products and services or sign up to receive information from us, you may enter your email address, name, or contact information, in which case your information will be used in order to contact you about our products and services. We will honor any requests that we no longer contact you and will provide you with a convenient means to unsubscribe or opt-out of any communication.
When you purchase services from us, we will collect the Personal Information that you submitted in order to administer or improve our services to you, to administer our rewards and promotional programs; to improve our Website and services to you; to solicit your feedback; and to inform you about our products and services. You may opt out of unnecessary communications, but please understand that if and while you are a customer, we have legitimate reasons to contact you to administer the services that we provide to you, respond to issues, and manage or discuss our agreement.
When you otherwise send your personal information to us by email, by submitting an online form on our Website, or contact us using other means and we use that Personal Information in order to respond to you.
We collect Other Information from Website visitors that is publicly transmitted by devices and web browsers in order to understand basic information about the categories and frequency of visitors that come to our Website. Website visitor information includes IP address, your location, your browser type, the fonts you have installed, basic information about your device, and other information that is automatically transmitted from all browsers. Although we do not use it for the purpose of identifying you personally, the combination of Other Information from your browser is sufficiently unique that it can be used to identify you as a repeat visitor. If you do not wish to have such information shared with us (or anyone else while browsing), you should consult your browser’s manual or identify a browser plug-in that will prevent the sharing of this information, but it may prevent your browser from functioning appropriately on the web.
How we share information
We may employ other companies and individuals to perform functions on our behalf. Examples may include providing technical assistance, customer service, and marketing assistance. These other companies will have access to the minimum amount of Personal Information about you, only as necessary to perform their functions and to the extent permitted by law. For a full list of our Sub-Processors please visit: https://www.ceros.com/sub-processors/.
We share aggregate information that does not identify you with our affiliates, agents, and business partners and disclose aggregated user statistics in order to describe our products and services to current and prospective business partners and to other third parties for other lawful purposes. In order to provide our services and administer our rewards and promotional programs, we share your Personal Information with our third-party promotional and marketing partners, including, without limitation, businesses participating in our various programs. We may share your Information with any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us. As we develop our businesses structure, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Personal Information about customers may be part of the transferred information.
To the extent permitted or required by law, we may also disclose the Information when required by law, court order, national security, law enforcement authority, or regulatory authority; or whenever we believe that disclosing such Information is necessary or advisable to protect the rights, property, or safety of us or others.
Your information will be processed in the United States where we are based, and it is necessary for personal data to be processed in the United States in order to provide services or publish this Website. We remain responsible for our sharing of Personal Information with third parties in cases of onward transfer.
Retention of Personal Information and Your Rights
We keep your Personal Information for as long as we have your consent to keep the personal information that is reasonably based upon the purpose for which it was collected, unless it is retained for a legitimate business purpose that does not pose a risk to your privacy rights or otherwise required by law as authorized or necessary under any applicable agreement with you.
At any time if you no longer want us to keep any of your personal information, you may contact us and request us to erase it, access it, correct it, or restrict or object to further processing and sharing. If you make such a request, we will comply, unless we have a specific contractual, regulatory or legal reason to have to retain the personal information or refuse the request. For customers, whenever practicable, we provide you with the ability to administer and erase your own Personal Information in our services.
To the extent that Ceros’ processing of your Personal Information is subject to the General Data Protection Regulation (GDPR), or applicable laws covering the processing of Personal Information in the United Kingdom, Ceros relies on your consent and its legitimate interests to process your data.
California Consumer Privacy Act (CCPA)
This section details the rights afforded to California consumers regarding our collection and processing of personal information under the CCPA. For more details about the personal information we collect, including the categories of sources, please see the “How we collect and use information” section above. As described in the “How we collect and use information” section, we collect this information for business purposes and may share this information as described in the “How we share information” section above. Ceros does not sell (as defined in the CCPA) the personal information we collect.
The CCPA provides California consumers the right to:
- Request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information),
- To delete their personal information,
- To opt out of any “sales” that may be occurring, and
- To not be discriminated against for exercising these rights.
California consumers may make a request to Ceros pursuant to these rights by contacting us at email@example.com. We will verify your request by using the information (such as the email address) associated with your account or by requiring Government-issued identification. You may designate an authorized agent to exercise these rights on your behalf.
You may also send a letter to:
228 Park Avenue South, Suite 16327
New York, NY 10003-1502 USA
Or, if you are located in the United Kingdom, to:
Ceros Crowd Fusion, Ltd.
20 Primrose Street
London, EC2A 2EW
You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the Privacy Shield framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described here: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Ceros has further committed to refer unresolved complaints to American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit adr.org for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you. Arbitration is binding.
If you are located in the United Kingdom, you may also lodge a complaint with the Information Commission Office (the ICO) if you feel your personal data has been handled incorrectly or are unhappy with Ceros’ response regarding the use of your personal data. You can contact the ICO by calling 030 123 111 or visit https://ico.org.uk/make-a-complaint/.
This policy may be changed at any time at our discretion as laws, regulations, and industry standards evolve making those changes necessary, or in accordance with changes to our services or business. If we should update this policy, we will post the updates to this page on our Website and update the Effective Date at the top. If we make changes that materially alter your privacy rights, we will provide additional notice via email or through the Subscription Services. Your use of this Website after an update indicates your agreement.