Privacy Policy

Last Updated: June 8, 2018

This Privacy Policy describes how SteepRock, Inc. (“SteepRock,” “we,” “our,” or “us”) collects, uses, and shares information about you while informing you about your rights and choices regarding this use and sharing. This Privacy Policy applies to your use of any of our public websites that post a link to this Privacy Policy and all features, content, and other services that we own, control, and make available through our public-facing websites (collectively, the “Website”). This Privacy Policy does not apply to our information collection activities outside of the Website (unless otherwise stated below or at the time of collection). We will not knowingly share any Information we collect with others in ways different from what is disclosed in this Privacy Policy.

By using our Website, you agree to our Terms of Use and accept our collection, use and disclosure practices as well as other activities as described in this Privacy Policy. If you do not agree and consent, please discontinue your use of the Website.

Information Collection

The following explains what we do with the Information we collect from you, and the choices you have concerning the collection and use of such Information.

Information You Provide

We collect information you provide directly via the Website, such as when you access our content, participate in a survey, fill out a form, or communicate with us.  We may use Service Providers (defined below) to help us collect this information.

The information we collect includes information that identifies you personally (whether alone or in combination). Some examples of information we collect include the following:

You may choose to voluntarily submit other information to us through the Website that we do not request, and, in such instances, you are solely responsible for such information.

Information Collected Automatically

We automatically collect information about your device and how your device interacts with our Website. We may use Service Providers to collect this information. Some examples of information we collect include the following:

We do not link Website Use Data or Device Connectivity and Configuration Data to any other personal data that you enter into our website, so to the extent that we have such data, we do not associate it with other information you enter.

For further information on Tracking Technologies and your rights and choices regarding them, see the sections entitled “Third Parties” and “Your Rights and Choices” below.

Information on Behalf of Our Clients

We provide products and services for our clients, and collect and process information about individuals at the direction of our clients (“Client Data”). Client Data may include contact data, demographic data, content, service use data, device connectivity and configuration data, and location data, among other information. Our processing of Client Data is governed by the terms of our service agreements with our clients, and not this Privacy Policy.

For further information on your rights and choices regarding Client Data, see the section entitled “Your Rights and Choices” below.

Information from Other Sources

We also may obtain information about you from other third party sources. These third party sources may include, for example:

For further information on Third Party Services, see the section entitled “Third Parties” below

Use of Information

We may use information about you to:

We also use information about you with your consent to the extent required by law, including to:

Some of our lawful bases for processing your information stem from our clients on whose behalf we provide services.

Sharing of Information

We share information about you as follows:

Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see the section entitled “Your Rights and Choices” below.

Third Party Services

Our Website may also contain content from and hyperlinks to websites, locations, platforms, social media features such as Twitter and YouTube feeds, interactive mini-programs such as those provided by Google Maps and services operated and owned by third parties (“Third Party Services”). As stated in our Terms of Use, we are not responsible or liable whatsoever, financially or otherwise, for the privacy practices of any other party whether or not their link and/or content appears on the Website. This Privacy Policy applies solely to information collected by us on this Website. We may also be required to disclose Information when required by law or in the good-faith belief that such action is necessary in order to conform to the edicts of the law or comply with a legal process served on our website. Third Party Services may use Tracking Technologies to independently collect information about you and may solicit information from you. The information collected and stored by third parties, whether through our Website, a Third Party Service, a Third Party Feature (defined below), or a third party device, remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage all Visitors and Visitor Participants to carefully read the privacy statements of each and every website that is connected to this Website if it collects any information from you.

Your Rights and Choices

You have the following rights and choices:

Review and Update of Account Information

You may access, update, or remove certain information that you have voluntarily submitted to us through the Website by sending an e-mail to the e-mail address set forth in the section entitled “Contact Us” below. We may require additional information from you to allow us to confirm your identity. Please note that we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. California residents and data subjects in Europe have additional rights as set forth in the sections entitled “Your California Privacy Rights” and “Your European Privacy Rights” below.

Tracking Technology Choices

Please be aware that if you disable or remove Tracking Technologies some parts of the Website may not function correctly.

Analytics

You can opt-out of your data being used by Google Analytics through cookies by visiting https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.

Emails

You can opt-out of receiving promotional e-mails from us at any time by following the instructions as provided in e-mails to click on the unsubscribe link, or e-mailing us at the e-mail address set forth in the section entitled “Contact Us” below with the word UNSUBSCRIBE in the subject field of the e-mail. Please note that you cannot opt-out of non-promotional e-mails, such as those about your account, transactions, servicing, or SteepRock’s ongoing business relations, without terminating your use of our services.

Please note that your opt-out is limited to the e-mail address, device, and phone number used and will not affect subsequent subscriptions.
Any California residents under the age of eighteen (18) who have registered to use the Website and posted content or information on the Website, can request that such information be removed from the Website by sending an e-mail to the e-mail address set forth in the section entitled “Contact Us” below. Requests must state that the user personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view.

Your California Privacy Rights

California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.

Any California residents under the age of eighteen (18) who have registered to use the Website and posted content or information on the Website, can request that such information be removed from the Website by sending an e-mail to the e-mail address set forth in the section entitled “Contact Us” below. Requests must state that the user personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view.

Your European Privacy Rights

EU data protection law makes a distinction between organizations that process personal data for their own purposes (known as “data controllers”) and organizations that process personal data on behalf of other organizations (known as “data processors”). With regard to your personal data, we are a data controller of information that we collect when you enter your information into the “Contact Us” section of the Website and with respect to any  Website Use Data or Device Connectivity and Configuration Data considered to be personal data under the law. Otherwise, we generally serve as a data processor with respect to the personal data we collect through the Website and otherwise on behalf of our clients. For example, SteepRock provides public-facing websites for our clients through which you may enter personal data in order to participate in surveys, grants or projects conducted by our clients.

If you are a data subject in Europe, you have the right to access, rectify, or erase any personal data we have collected about you through the Website. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through the Website. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights with respect to personal data collected by us as a data controller, contact us as set forth in the section entitled “Contact Us” below and specify which right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

SteepRock acknowledges that you have rights in connection with Client Data. If your information has been processed by SteepRock on behalf of a client and you wish to exercise any rights you have with such information, please inquire with our client directly. If you wish to make your request directly to SteepRock, please provide the name of the SteepRock client on whose behalf we processed your information. We will refer your request to that client, and will support them to the extent required by applicable law in responding to your request. Please visit the privacy policy page on the applicable client's website for information about their specific privacy practices. Any questions that you may have related to personal data processed by such clients and your rights under data protection law should therefore be directed to the client (the data controller) rather than to SteepRock.

If you have any issues with our compliance, you have the right to lodge a complaint with a European supervisory authority.

Children

Protecting the privacy of minors is especially important to us. For that reason no part of our Website is structured to attract and we never knowingly collect or maintain information at our website from any Visitor that we have actual knowledge is a minor under thirteen (13) years of age. We do not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe SteepRock has collected such information in a manner not permitted by COPPA, please contact us as set forth in the section entitled “Contact Us” below, and we will remove such data to the extent required by COPPA.

Data Security

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect your information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information.

International Transfer

We are based in the U.S. and the information we collect is governed by U.S. law.  If you are accessing the Website from outside of the U.S., please be aware that information collected through the Website may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. To the extent permitted by law, your use of the Website or provision of any information to us constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information in the U.S. and other jurisdictions as set forth in this Privacy Policy. If your data is collected in Europe, we will transfer your personal data subject to appropriate or suitable safeguards.

Changes to this Privacy Policy

If changes to this Privacy Policy become necessary, they will be posted on this page and on our website so all Visitors and Visitor Participants will be aware of them. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Website indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your e-mail address.

Contact Us

If you have any questions, complaints, or a dispute on the handling of your personal information or about SteepRock’s Privacy Policy or this website Privacy Policy or the practices described herein, you may contact our Privacy Officer by phone at: +1-718-576-1406 (ask for the Privacy Officer) or via the Internet at: http://www.steeprockinc.com, or by registered or certified mail to:

By Email:

Privacy@SteepRockInc.com

By Mail:

SteepRock, Inc.
c/o Adria Stapleton, Privacy Officer
67 Lower Church Hill Rd
Washington, CT 06794

Your use of this Website is subject to SteepRock’s Terms of Use.