Our values for privacy
The privacy of individuals whose personal information we process, whether on behalf of others (like our customers and their end users) or within CartUp AI, Inc is extremely important to CartUp AI, Inc. Set out below are the privacy principles (“Principles”) we will apply globally whenever we collect, use or manage personal information across our products and services and across the CartUp AI, Inc group of companies. The purpose of these Principles is to set minimum standards for how we must process personal information to ensure that we are operating consistently across the organization and in accordance with applicable laws. The Principles apply to all CartUp AI, Inc staff members and inform how we develop our products and services; manage data we collect; select and interact with our partners; and shape our public policy.
We must be open and honest about how and what data we process We must always be transparent with individuals and other parties from whom we collect personal information. This means we must provide such individuals with concise, transparent and easily accessible information about how and why we use and share their personal information; and any further information necessary for our use to be fair and compliant with applicable law. The information we provide must be sufficient for them to make an informed decision about the uses of their personal information. When we collect information directly from individuals, we must provide notice at the point (or as soon as reasonably possible after) that personal information is collected. If we collect personal information from someone other than the individual (for example, from LinkedIn or other publicly available sources), we must inform the individual at the earliest opportunity unless this is impossible or involves disproportionate effort.
CartUp AI, Inc has facilities and employees in different countries around the world. This includes Canada, the European Union, the United Kingdom and the United States. We may also partner with third parties located outside of your state or province in order to conduct our business. Therefore, your Personal Information may be transferred and/or accessed outside your country or province of residence. When we send your Personal Information across borders, we will process it only for the purposes outlined in this Policy and we will take steps to ensure that your Personal Information is adequately protected abroad. Transfers outside of the European Economic Area or the United Kingdom CartUp AI, Inc relies on appropriate transfer mechanisms when transferring your Personal Information from the European Economic Area or the United Kingdom to a third country. CartUp AI, Inc continues to abide by the Privacy Shield framework even though it does not rely on it as a transfer mechanism pursuant to the General Data Protection Regulation (“GDPR”).
We must implement appropriate measures to ensure the principles of privacy by design and default are embedded into our processes and systems We must adopt internal policies and implement measures which meet and embed the principles of data protection by design and by default. This means that when we are designing, developing, and operating products, services and business processes, we should understand what personal information will be processed, how it will be processed, why it is being processed in the way that it is and where possible, minimize the processing of personal information and pseudonymised or anonymize information as soon as possible. Privacy Impact Assessments (PIAs) where appropriate or required by applicable law, should be incorporated into product review and vendor onboarding processes.
We must use appropriate security safeguards and ensure security breaches are appropriately notified We must apply appropriate physical, technical and administrative security measures to protect personal information we process from unauthorized or unlawful processing or disclosure, and from accidental loss, destruction or damage. When engaging a third party vendor to collect, store or use personal information on our behalf, we must impose strict contractual obligations on them dealing with the privacy and security of that information. We must ensure that where required by law, security breaches are notified to the applicable regulators and/or the affected individuals without undue delay in accordance with applicable law.
You may have certain rights relating to your Personal Information, subject to domestic data privacy laws. This may include: the right to access and receive a copy of your Personal Information, or specific pieces of Personal Information, in a readable format; the right to know the categories of sources from which your Personal Information was collected; the right to know the categories of third-parties with whom your Personal Information was shared; the right to rectify inaccurate or outdated Personal Information we hold about you and to ensure that it is complete; the right to erase your Personal Information, under specific circumstances; the right to restrict the processing of your Personal Information; the right to ask us to transfer your Personal Information to another controller, when technically feasible, in a format commonly used; the right to object to the processing of your Personal Information, when the processing of your Personal Information is based on our legitimate interests or when used for direct marketing purposes. In particular, if you do not want to be on our mailing list, you can opt out anytime here. the right not to be subject to a decision based solely an automated decision-making, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision Making”) ; and the right to lodge a complaint before a regulator or a supervisory authority about our processing of your Personal Information. CartUp AI, Inc does not currently perform Automated Decision Making on our websites nor on related services. In order to exercise your rights with regard to your Personal Information in our possession, please contact CartUp AI, firstname.lastname@example.org. CartUp AI, Inc will treat your request in accordance with applicable domestic laws. CartUp AI, Inc will not discriminate against you for exercising your rights described above or offer you financial incentives related to the use of your Personal Information.
We must comply with our customers' processing instructions Where we collect, hold and use personal information on behalf of our customers, we must use that personal information only as instructed or authorized by our customers, and not for our own (or anyone else's) purposes. We must maintain the confidentiality and security of our customers' personal information at all times in accordance with our contractual obligations to them. If we receive any questions or requests relating to personal information we use on behalf of our customers, we must inform the relevant customer and assist them to respond to that request
We must keep personal information accurate, complete and up to date We must take all reasonable and appropriate measures to keep the personal information we process accurate, complete and up to date. Such measures shall include periodically requiring the source of personal information, whether the individual or otherwise, to verify the accuracy and completeness of the personal information in our records and where possible, providing self-service tools that enable individuals to update their personal information in our records.
We must not use and retain personal information for longer than is necessary We must only keep personal information where we have a genuine business or legal need to do so and for the purposes notified to the individuals or the other parties from whom we process personal information. We must not keep personal information indefinitely. Once personal information is no longer required for the purposes it was collected or becomes obsolete, it should be deleted or securely destroyed, unless otherwise required by law. Every reasonable step should be taken to delete or rectify inaccurate data. Where we process personal information on behalf of our customers as a data processor, we only process and retain such personal information for as long as our customer instructs, unless otherwise required by law or to manage an ongoing business relationship.
We are accountable for how we and our service providers process personal information We must remain accountable for how we process personal information, whether that personal information is collected directly by us or whether we process that personal information on behalf of our customers. We are also accountable for the processing of personal information by our service providers or other entities that we use to process personal information on our behalf or in our name. We must have procedures in place to demonstrate our compliance and accountability with the Principles when handling personal information, along with evidence to demonstrate that such procedures are monitored, evaluated and any necessary measures or changes implemented. Such procedures should include, maintaining certain records regarding all personal information for which we are responsible or for which we handle on behalf of our customers.
CartUp AI, Inc may update this Policy from time to time in order to reflect changing practices or requirements of applicable privacy laws. The legend at the top indicates when this Policy was last revised. We encourage you to regularly review this Policy to stay informed of CartUp AI, Inc’s processing of your Personal Information.
© 2021 CartUp AI, Inc. All rights reserved.