Definition of Personal Information
Personal Information that we collect
When you register for our Services we will collect and store certain personal information necessary to set up your account with us, such as your first and last name, home address, and email address. We will further generate, and store with your account, a unique identifier allocated to each GEGO device that will be registered for your account.
Whenever you use our Services, we may further collect additional information about your usage of our Services, including by making use of third party web analysis tools (see Section 11 on “Integration of Third Party Web Analysis Services and Social Functionalities” below), such as your frequency and scope of your use of the Services, the duration of your online sessions, the sites you visit, information you read, content that you use or create, advertisements that you view or click on, your communications with other users and third parties, information about the smart device on which you have installed the GEGO app, and the geographic location of the computer system or device that you are using to log-into our Services.
If you decide to interact with a social network when using our Services, we may further collect certain personal information made available through your social network account (see Section 8 on “Your Sharing of your Personal Information with Social Networks” below). We will further collect any personal information you may actively provide to our service personnel if you contact our customer support hotline through our Website and/or GEGO app.
How we Use and Process your Personal Information
We may use and process your personal information to provide you with support and handle requests and complaints; To send you updates, notices, and additional information related to the Services; To create anonymous, statistical and aggregated data and reports (i.e., in a form where such data does not enable the identification of a specific user). See Section 9 on “Our Use and Sharing of Aggregated Information” below; To comply with any applicable law and assist law enforcement agencies under any applicable law, when we have a good faith belief that our cooperation with the law enforcement agencies is legally mandated or meets the applicable legal standards and procedures; To prevent fraud, misappropriation, infringements, identity theft and other illegal activities and misuse of the Services.
Our Use and Sharing of your Personal Information
We may share your personal information with our third party service providers or affiliates, as authorized by us to collect, process and use your personal information as data processors on our behalf, such as, for instance, cloud based and hosting services, technical service providers, mail carriers, communication agencies and customer support service providers; these parties may be located in countries outside of your jurisdiction, including but not limited to the USA.
An updated list of the parties engaged by us for the processing of your personal information may be requested from us at any time.
Other than as indicated above, we will not share your personal information with any third parties, unless compelled by law to do so or if you have given your prior consent (for our use of aggregated information, see Section 9 on “Our Use and Sharing of Aggregated Information” below).
Your Sharing of your Personal Information with Social Networks
You may choose to share information between your Services’ account and some of your social network accounts (such as your Facebook account). Through this option, you may choose to have personal information and other content about you available, transmitted and shared through the Services with your other social network account(s).
By setting your Services’ account to integrate with social networks including by signing onto the Services by using your social network account (such as your Facebook account), you share information (including personal information) between the Services and such social networks.
When you connect to the social network account through the Services for the first time or otherwise make the Services interact with your social network account, you will be asked to permit the social network to share your personal information stored on such social network with the Services. We collect your information from your social network account only in accordance with your privacy settings you have set up under your social network accounts.
Our Use and Sharing of Aggregated Information
We use information about our users’ website activities and usage of our Services (including location information) in anonymous, statistical or aggregated form, i.e., in a form that does not enable the identification of a specific user, to properly operate the Services, to improve the quality of the Services, to enhance your experience, to create new services and features, including customized services, to change or cancel existing content or service, and for further internal, commercial and statistical purposes.
We also use anonymous, statistical or aggregated information collected on the Services, in a form that does not enable the identification of a specific user, by posting, disseminating, transmitting or otherwise communicating or making available such information to users of the Services, to our service providers or business partners.
Cookies are small text files that our Services ask to place on your computer’s hard drive and onto your mobile device’s memory. If your browser is set to accept cookies, then your browser adds the text in a small file.
We use cookie technology for various purposes, such as to facilitate your use of our Services, e.g., to remember you when you return to our Website, identify you when you sign-in, authenticate your access, enable your use of specific functionalities, keep track of your specified preferences or choices, tailor content to your preferences or geographic region, display personalized browsing history, or provide technical support.
Cookies also enable us to display interest-based advertising on our Website using information you make available to us when you interact with our sites, content, or services. Interest-based ads are displayed to you based on cookies linked to your online activities.
While our Website and GEGO app at this time do not recognize automated browser signals regarding tracking mechanisms, such as “do not track” instructions, you can generally express your privacy preferences regarding the use of most cookies and similar technologies through your web browser, as indicated above.
Integration of Third Party Web Analysis Services and Social Functionalities
You can change your settings to refuse these third party cookies or to warn you before cookies are placed. However, if you choose not to accept cookies, you may not be able to take advantage of some of our features and services through our Services.
Google Analytics (Google)
Google may also use the data collected to contextualize and personalize the ads of its own advertising network and/or share the data with other Google services.
You may opt-out from the collection of information stored and generated by the Google Analytics cookies as well as the use of such data by Google by downloading and installing the browser-plugin, which is available here.
Social Plugins and Social Widgets
Our Services integrate social plugins, widgets and other features from third party social networks, including the following:
Twitter Tweet-Button, social widgets and other features allowing interaction with the Twitter social network as provided by Twitter, Inc.; further information on Twitter’s privacy practices can be found underhttps://twitter.com/privacy.
Facebook Like-Button, social widgets and other features allowing interaction with the Facebook social network as provided by Facebook. Inc.; further information on Facebook’s privacy practices can be found under https://www.facebook.com/about/privacy/.
If you do not wish to associate any information collected via the plugins, widgets and/or other features with your personal social network account information, you should refrain from using these social functionalities and log-out from your social network account before visiting our Services.
Please further see Section 8 on “Your Sharing of your Personal Information with Social Networks” above for more details on sharing your information through social networks.
Controlling your Personal Information
You have the right, at any time, to know whether your personal information has been stored and can consult us to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any of your personal information, as well as to oppose their processing for any and all legitimate reasons. Requests should be sent to us at the contact information set out under Section 2 on “Data Controller” above.
If you request the deletion of your account and your personal information, we will delete such information, however please note we may not delete information from our back-up systems.
We implement commercially reasonable systems, applications and procedures to secure your personal information, to minimize the risks of theft, damage, loss of information, or unauthorized access, disclosure, modification or use of information. However, these measures are unable to provide absolute assurance. Therefore, although we take great efforts to protect your personal information, we cannot guarantee and you cannot reasonably expect that our databases will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
This Policy applies to all LugLoc Inc. entities in the EU that process Personal Data.
“Consumer” “Consumer” means any natural person who is located in the EU, but excludes any individual acting in his or her capacity as an Employee.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data as referred to in Privacy Shield materials.
“Employee” means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of LugLoc Inc. or any current or prospective subsidiary or affiliate of LugLoc Inc..
“European Economic Area (“EEA”)” means the following countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Republic of Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK.
“LugLoc Inc. entities (“LugLoc”)” means LugLoc Inc. and all affiliates or other entities owned or controlled by LugLoc Inc. in the EEA, irrespective of their different denominations that such entities may hold in different jurisdictions in the EEA.
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable Customer, Employee or Supplier’s representative; (ii) can be linked to that Customer, Employee or Supplier’s representative; (iii) is transferred to LugLoc Inc. in the U.S. from the EEA or Switzerland, and (iv) is recorded in any form.
“Privacy Shield” means the EU-US Privacy Shield framework and agreement between the United States of America, via the US Department of Commerce and the EEA relating to the protection of Personal Data.
“Privacy Shield Policy” means the LugLoc Inc. Privacy Shield Policy that further details the handling of EU persons Personal Data when transferred to or obtained by LugLoc Inc. personnel in the USA; and such policy appears on the company global website www.gego.io.
“Privacy Shield Principles” means the Principles and Supplemental Principles of the Privacy Shield.
“Sensitive Personal Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerning health or sex, and the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“Supplier” means any supplier, vendor or other third party located in the USA and/or the EEA or Switzerland that provides services or products to LugLoc Inc. For the purposes of this Policy Suppliers shall be included within the definition of “Consumers” above.
“Systems Privacy Point of Contact” means individual officers designated by LugLoc inc. as the initial points of contact for inquiries, complaints, or questions regarding privacy matters. Currently, such officers are identified at the end of this Policy.
“Processing” is defined as any action that is performed on Personal Data, whether in whole or in part by automated means, such as collecting, modifying, using, disclosing, or deleting such data.
This Policy does not cover data rendered anonymous or where pseudonyms are used. Data is rendered anonymous if individuals are no longer identifiable or are identifiable only with a disproportionately large expense in time, cost or labor. The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult. If data rendered anonymous become no longer anonymous (i.e. individuals are again identifiable), or if pseudonyms are used and the pseudonyms allow identification of individual persons, then this Policy shall apply again.
III. APPLICATION OF LOCAL LAWS
This Policy is designed to provide compliance with all relevant applicable laws in the EEA and in particular those transposing the Directive. GEGO recognizes that certain laws might be modified to require stricter standards than those described in this Policy, in which case the stricter standards shall apply. GEGO will handle Personal Data in accordance with local law at the place where the Personal Data is processed. If applicable law provides for a lower level of protection of Personal Data than that established by this Policy, then this Policy shall prevail. Any questions about applicable legislation and GEGO’s compliance with it shall be addressed to LugLoc Inc. local legal department or to the legal department in the US.
Compliance with legislation in force:
Pursuant to the provisions of the French Data Privacy and Freedom Law (Loi Informatique et Libertés) of 6 January 1978 (as amended by the law of 6 August 2004 regarding the protection of natural persons with regard to the processing of personal data), the user has a right to access, rectify or legitimately object to nominative data collected with regard to them. These rights can be exercised by sending an e-mail to: firstname.lastname@example.org
The data are held in secure infrastructures in compliance with legislation.
Right of access
In accordance to this law, users have a right to access, rectify, modify and delete personal data. This right may be exercised by post to LucLoc, Inc. via Attn: CEO, 550 NW 29th Street , Miami, FL USA 33127 or electronically to this email address: email@example.com. The personal information collected are in no cases entrusted to any third party except for the need to perform the service ordered by the user.
Confidentiality and Personal Data
GEGO collects information regarding the creation of an account for an on-line service, electronic payment (title, company, surname, first name, e-mail address, postal address, telephone number, device ID number) and data regarding the use of the GEGO service by the User. Said data is collected for customer management purposes (order processing, invoice management, location managment etc.), statistics purposes, and the provision of the Service (moderation, processing the sending and tracking of luggage location reports, SMS alerts, e-mails, etc.).
GEGO warrants the confidentiality of the information provided by the User and shall refrain from providing the information to any persons other than those that are required to have knowledge of them in order to provide the Service. As such, the data is not provided to any third parties, excluding those who are authorized, participating in the management and the provision of the services. However, in the event of a request by legal or administrative authorities, GEGO shall be bound to provide the information requested. GEGO undertakes to use the confidential information solely for the purpose of performing its obligations under the terms contained herein. All of the staff of GEGO is bound by professional confidentiality.
This confidentiality undertaking does not apply to confidential information that: - has entered into the public domain prior to the date that it was divulged or communicated or which entered into the public domain after it has been communicated and/or divulged where this is not due to GEGO, - it can be demonstrated was already known by GEGO prior to its transmission, - was developed independently by GEGO, - has been received legally from a third party, without breach of contract, - must be divulged due to the law, applicable regulations or a legal ruling.
Any personal information is confidential and will in no case disclosed to third parties except for the proper performance of the service.
GEGO online and Mobile App Software formally prohibits the use of the GEGO Service for the performance of any illegal or illicit activity and for the transmission and storage of illegal content.
-Respect for privacy and personal data
When using GEGO, the User must comply with the legal and regulatory provisions in force, in particular regarding privacy, the French Data Privacy and Freedom Law [Loi Informatique et Libertés] and the French law for building confidence in the digital economy.
In France, the User may not use the Service to send e-mail for direct marketing purposes, without prior, free and specific consent from the recipient of nominative e-mail addresses.
If the User makes use of personal data of natural persons, they must obtain the authorization of the person in question and allow said person to inform the User of its right to access the personal data concerning them.
Finally, the User undertakes to provide the recipients of its campaigns with an operational means to unsubscribe from future electronic communications.
-Respect for intellectual property rights
The User warrants GEGO Software that the illustrations/images and the e-mail databases used for the mailings are not subject to copyright or that the User holds all the rights required or hold all the authorizations required to use them for this purpose.
The User shall hold GEGO harmless against any legal action regarding the use of the GEGO Service in particular for proceedings for infringement by any third party or the use of the GEGO Service that may be prejudicial to a third party or third parties. On these grounds, the User shall cover the legal expenses of defending GEGO, Inc if its liability is incurred. The User shall pay any damages and interest and any expenses that GEGO Software may be sentenced to pay by a legal ruling based on any such legal action.
- PRINCIPLES FOR PROCESSING PERSONAL DATA
GEGO respects Employee, Consumer (including personnel of customers, suppliers, stakeholders, and third parties) privacy and is committed to protecting Personal Data in compliance with the applicable legislation in the EEA. This compliance is consistent with GEGO’s desire to keep its Employees and Consumers informed and to recognize and respect their privacy rights. GEGO will observe the following principles when processing Personal Data:
- Data will be processed fairly and in accordance with applicable law.
- Data will be collected for specified, legitimate purposes and not processed further in ways incompatible with those purposes.
- Data will be relevant to and not excessive for the purposes for which they are collected and used. For example data may be rendered anonymous if deemed reasonable, feasible and appropriate, depending on the nature of the data and the risks associated with the intended uses.
- Data subjects in the EU will be asked to provide their clear and unequivocal consent for the collection, processing and transfer of their Personal Data.
- Data will be accurate and, where necessary kept up up-to-date. Reasonable steps will be taken to rectify or delete Personal Data that is inaccurate or incomplete.
- Data will be kept only as it is necessary for the purposes for which it was collected and processed. Those purposes shall be described in this Policy.
- Data will be deleted or amended following a relevant request by the concerned data subject, should such notice comply with the applicable legislation each time.
- Data will be processed in accordance with the individual’s legal rights (as described in this Policy or as provided by law).
- Appropriate technical, physical and organizational measures will be taken to prevent unauthorized access, unlawful processing and unauthorized or accidental loss, destruction or damage to data. In case of any such violation with respect to Personal Data, GEGO will take appropriate steps to end the violation and determine liabilities in accordance with applicable law and will cooperate with the competent authorities.
- TYPES OF DATA PROCESSED
As permitted by local laws, the Personal Data relating to Employees may include the following:
- contact information;
- financial account information; and
- other information Employees may provide.
Personal Data relating to Consumers may include:
- Contact information, such as name, postal address, email address and telephone number; and
- Personal Data in content Consumers provide on GEGO’s website and other data collected automatically through the website (such as IP addresses, browser characteristics, device characteristics including location, operating system, language preferences, referring URLs, information on actions taken on our website, and dates and times of website visits).
- Financial account information.
GEGO also may obtain and use Consumer Personal Data in other ways for which GEGO provides specific notice at the time of collection (including but not limited to e.g. surveys, focus groups, market research, inbound and outbound Consumer communications and education, etc.).
- WAYS OF OBTAINING PERSONAL DATA
The ways by which GEGO obtains Personal Data are defined hereby. GEGO does not obtain any personal information about Employees or Consumers unless the Employee or Consumer has provided that information to GEGO in a way providing for its clear and unequivocal consent to do so including but not limited to visiting GEGO’s website (by desktop or mobile access), by consent form, survey, or completion of an on-line or hard copy form. Employees and Consumers may choose to submit personal, private information by facsimile, regular mail, e-mail, or electronic transmission over our internal web site, interoffice mail, or personal delivery, as each of these methods may be deemed applicable each time.
VII. PURPOSES FOR PERSONAL DATA PROCESSING
GEGO processes personal data for legitimate purposes related to human resources, business and safety /security. The limitation of purposes shall be taken into consideration before any type of processing of Personal Data and shall not be subject to any changes without prior notification. These principal purposes for Employee Personal Data include:
- Managing audit and compliance matters;
- Complying with applicable legal obligations, including government reporting and specific local law requirements; and
- Other general human resources purposes.
For Consumer specific Personal Data, the purposes of processing may include:
- Running day-to-day business relationship
- Marketing activities
- Management of financial accounts
- Business Development Activities
- Conduct of transactions or facilitation of offering of the GEGO Services
- Conduct of surveys, focus groups, market research, inbound and outbound Consumer communications and education
For Client and Supplier specific information, the purposes of processing may include:
- Management of its relationships with its Clients and Suppliers
- Processing payments, expenses and reimbursements
- Carrying out GEGO’s obligations under such contracts
If GEGO introduces a new process or application that will result in the processing of Personal Data for purposes that go beyond the purposes described above, GEGO will inform the concerned data subjects of such new process or application, new purpose for which the Personal Data are to be used, and the categories of recipients of the Personal Data.
VIII. SECURITY AND CONFIDENTIALITY
GEGO is committed to taking appropriate technical, physical and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss or damage and unauthorized destruction.
Equipment and Information Security
To safeguard against unauthorized access to Personal Data by third parties outside GEGO, all electronic Personal Data held by GEGO are maintained on Systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access protected to unauthorized personnel, fire detection and response systems. The location of these servers is known to a limited number of GEGO’s Employees.
The importance of security for all personally identifiable information associated with GEGO’s Employees is of highest concern. GEGO is committed to safeguarding the integrity of personal information and preventing unauthorized access to information maintained in GEGO’s databases. These measures are designed and intended to prevent corruption of data, block unknown and unauthorized access to our computerized system and information, and to provide reasonable protection of Personal Data in GEGO’s possession. All employee files are confidentially maintained in the HR department in secured and locked file cabinets or rooms. Access to the computerized database is controlled by a log-in sequence and requires users to identify themselves and provide a password before access is granted. Users are limited to data required to perform their job function. Security features of our software and developed processes are used to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
GEGO will be responsible for conducting adequate training sessions regarding the lawful, enumerated intended purposes of processing Personal Data, the need to protect and keep information accurate and up-to-date, the lawful purposes of collecting, handling and processing data that is transferred from the EU to the US and the need to maintain the confidentiality of the data to which employees have access. Authorized users will comply with this Policy and GEGO will take appropriate actions in accordance with applicable law, if Personal Data are accessed, processed, or used in any way that is inconsistent with the requirements of this Policy.
- RIGHTS OF DATA SUBJECTS
Any person has the right to be provided with information as to the nature of the Personal Data stored or processed about him or her by GEGO and may request deletion or amendments.
All Employees and Consumers have access to their own personal information and may correct or amend it as needed. Employees may view their own personnel record upon request by contacting the local Talent Development contact or by accessing certain information in the company’s internet and/or extranet. Consumers may contact the Privacy POC or firstname.lastname@example.org to review, update, and revise their Personal Data.
If access is denied, the Employee and Consumer has the right to be informed about the reasons for denial. The person affected may resort to the dispute resolution described in Section XIII as well as in any competent regulatory body or authority. GEGO shall handle in a transparent and timely manner any type of internal dispute resolution procedure about Personal Data is conducted.
If any information is inaccurate or incomplete, the person may request that the data be amended. It is every person’s responsibility to provide Talent Development in the case of Employees, or the Systems Privacy POC in the case of Consumers with accurate Personal Data about him or her and to inform such contacts of any changes. (e.g. new home address or change of name).
If the person demonstrates that the purpose for which the data is being processed in no longer legal or appropriate, the data will be deleted, unless the applicable law requires otherwise.
In connection with the activities described under Section VII, GEGO may transmit Personal Data outside the EU and more specifically to: (i) GEGO’s headquarters in Miami, Florida, USA; (ii) GEGO’s different offices in the US; (iii) GEGO affiliated entities in the US. Moreover, Personal Data might be sent to the following third parties in or outside the EEA:
- Selected Third Parties: GEGO will not disclose or share any personal information with any external entity or third party, except to an employee’s designated insurance provider, employee benefits administrator, travel professionals, clients to illustrate experience and qualifications for business purposes or promotion and not beyond that, to third party vendors and/or marketers upon Consumer’s explicit consent or as an employee or consumer may designate.
- Other Third Parties: GEGO may be required to disclose certain Personal Data to other third parties: (i) As a matter of law (e.g. to tax and social security authorities); (ii) to protect GEGO’s legal rights; (iii) in an emergency where the health or security of an employee is endangered (e.g. a fire); (iv) to Law Enforcement Authorities in accordance with the relevant legislation in the different EEA Member States including but not limited to legislation transposing the EU/2016/1148 concerning measures for a high common level of security of network and information systems across the Union (“the Network Information Security Directive”).
- AUTOMATED DECISIONS
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
GEGO does not make automated decisions for Employee or Consumer data. If automated decisions are made, affected persons will be given an opportunity to express their views on the automated decision in question and object to it.
XII. ENFORCEMENT RIGHTS AND MECHANISMS
GEGO will ensure that this Policy is observed and duly implemented. All persons who have access to Personal Data must comply with this Policy. Violations of the applicable data protection legislation in the EEA may lead to penalties and/or claims for damages.
In compliance with the Privacy Shield Principles, GEGO commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact GEGO at:
In Europe and international territories:
550 NW 29th Street
Miami, Florida USA 33127
Or contact: email@example.com
GEGO has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
XIV. COMMUNICATION ABOUT THE POLICY
In addition to the training on this Policy, GEGO will communicate this Policy to current and new employees and consumers by posting it on the company’s EU offices’ websites as well as on selected internal GEGO websites and by providing a link to the Policy on information technology applications where Personal Data are collected and processed.
MODIFICATIONS OF THE POLICY
GEGO reserves the right to modify this Policy as needed, for example, to comply with changes in laws, regulations or requirements introduced by DPAs. Changes must be approved by GEGO’s Privacy POCs, the office of the corporate legal department, or their designees who will seek input as they reasonably deem appropriate from corporate executives such as the CEO, CFO, COO, and Chief of Staff, for the amended Policy to enter into force. If GEGO makes changes to the Policy, this amended Policy will be submitted for renewed approval according to the relevant applicable provisions of the law. GEGO will inform GEGO Employees, Consumers and other persons (e.g. persons accessing GEGO websites to enter Personal Data such as job application information) of any material changes in the Policy. GEGO will post all changes to the Policy on relevant internal and external websites.
Effective with the implementation of this Policy, all existing and applicable EU company privacy guidelines relating to the collection and/or processing of Personal Data will, where in conflict, be superseded by the terms of this Policy. No other internal policy that conflicts with this Policy shall be applicable with respect to the protection of Personal Data handled by GEGO in the EU. All parties to such agreements will be notified of the effective date of the implementation of the Policy.
XVI. OBLIGATIONS TOWARDS DATA PROTECTION AUTHORITIES
GEGO will respond diligently and appropriately to requests from DPAs about this Policy or compliance with applicable data protection privacy laws and regulations. GEGO’s employees who receive such requests should contact their human resources manager or business legal counsel. GEGO will, upon request, provide DPAs with names and contact details of relevant persons. With regard to transfers of Personal Data between GEGO entities, the importing and exporting GEGO entities will (i) cooperate with inquiries from the DPA responsible for the entity exporting the data and (ii) respect its decisions, consistent with applicable law and due process rights. With regard to transfers of data to third entities, GEGO will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.
Privacy Shield Policy
EU-U.S. Privacy Shield Policy – Employees and Consumers
LugLoc Inc. (“LugLoc”) respects your concerns about privacy. LugLoc Inc. participates in the EU-U.S. Privacy Shield framework (“Privacy Shield”) issued by the U.S. Department of Commerce. LugLoc Inc. commits to comply with the Privacy Shield Principles with respect to Employee Personal Data and Consumer Personal Data that the company receives from the EU in reliance on the Privacy Shield. This Policy describes how LugLoc Inc. puts into effect the Privacy Shield Principles for Employee Personal Data and for Consumer Personal Data.
For purposes of this Policy:
“Consumer” means any natural person who is located in the EU, but excludes any individual acting in his or her capacity as an Employee.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Employee” means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of any subsidiary or affiliate of LugLoc inc, who is located in the EU.
“EU” means the European Union and Iceland, Liechtenstein and Norway.
“Personal Data” means any information, including Sensitive Data, that is: (a) about an identified or identifiable individual, (b) received by LugLoc in the U.S. from the EU, and (c) recorded in any form.
“Privacy Shield Principles” means the Principles and Supplemental Principles of the Privacy Shield.
“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“Supplier” means any supplier, vendor or other third party located in the EU that provides services or products to GEGO.
“Systems Privacy Point of Contact” means individual officers designated by GEGO as the initial points of contact for inquiries, complaints, or questions regarding privacy matters. They will receive and assist in the coordination of response by GEGO.
III. Types of Personal Data GEGO Collects
- Employee Personal Data: GEGO collects or has access to Personal Data about Employees to carry out and support human resources functions and activities, which may include: (i) recruiting and hiring job applicants; (ii) managing Employee communications and relations; (iii) providing compensation and benefits; (iv) administering payroll; (v) processing corporate expenses and reimbursements; (vi) managing Employee participation in human resources plans and programs; (vii) carrying out obligations under employment contracts; (viii) managing Employee performance; (ix) conducting training and talent development; (x) facilitating Employee relocations and international assignments; (xi) managing Employee headcount and office allocation; (xii) managing the Employee termination process; (xiii) managing information technology and communications systems, such as the corporate email system and company directory; (xiv) conducting ethics and disciplinary investigations; (xv) administering Employee grievances and claims; (xvi) managing audit and compliance matters; (xvii) complying with applicable legal obligations, including government reporting and specific local law requirements; and (xviii) other general human resources purposes. GEGO also may obtain and process Personal Data about Employees’ emergency contacts and other individuals (such as spouse, family members, dependents and beneficiaries) to the extent Employees provide such information to GEGO. GEGO processes this information to comply with its legal obligations and for benefits administration and other internal administrative purposes.
The types of Personal Data GEGO may collect or may access to in connection with these activities include:
- contact information;
- financial account information; and
- other information Employees may provide.
- Consumer Personal Data: GEGO collects Personal Data directly from Consumers. This collection occurs, for example, when a Consumer visits GEGO’s website. The company may use this information for the purposes indicated in the Privacy Policies which may be found at www.GEGO.io
The types of Consumer Personal Data GEGO collects may include:
- Contact information, such as name, postal address, email address and telephone number; and
- Personal Data in content Consumers provide on GEGO’s website and other data collected automatically through the website (such as IP addresses, browser characteristics, device location characteristics, operating system, language preferences, referring URLs, information on actions taken on our website, and dates and times of website visits).
In addition, GEGO may obtain Personal Data, such as contact information and financial account information, of its Suppliers’ representatives. GEGO uses this information to manage its relationships with its Suppliers, process payments, expenses and reimbursements, and carry out GEGO’s obligations under its contracts with the Suppliers.
- GEGO also may obtain and use Consumer Personal Data in other ways for which GEGO provides specific notice at the time of collection (including but not limited to e.g. surveys, focus groups, market research, inbound and outbound Consumer communications and education, etc.).
- GEGO’s privacy practices regarding the processing of Employee Personal Data and Consumer Personal Data comply with the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability.
GEGO notifies Employees and Consumers about its privacy practices, including the purposes for which it collects and uses Personal Data, the types of Personal Data GEGO collects, the types of third parties to which GEGO discloses the Personal Data and the purposes for doing so, the rights and choices Employees and Consumers have for limiting the use and disclosure of their Personal Data, and how to contact GEGO about its practices concerning Personal Data. Information regarding GEGO’s Employee Personal Data and Consumer Data practices is contained in this Policy and in the other Privacy Policies available at www.GEGO.io. Additional information may be requested from firstname.lastname@example.org.
Relevant information also may be found in notices pertaining to specific data processing activities.
GEGO generally offers Employees and Consumers the opportunity to choose whether their Personal Data may be (a) disclosed to third-party Controllers or (b) used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by the relevant Employee or Consumer. To the extent required by the Privacy Shield Principles, GEGO obtains opt-in consent for certain uses and disclosures of Sensitive Data. Unless GEGO offers Employees or Consumers an appropriate choice, the company uses Personal Data only for purposes that are materially the same as those indicated in this Policy and the other Privacy Policies referred to herein. To exercise their choices, Employees and Consumers may contact GEGO as indicated in this Policy or the other Privacy Policies. To the extent and for the period necessary to avoid prejudicing the ability of the company in making promotions, appointments, or other similar employment decisions, GEGO is not required to offer notice or choice to Employees or Consumers.
GEGO may share Employee Personal Data and Consumer Personal Data with its affiliates and subsidiaries. GEGO may disclose Employee Personal Data and Consumer Personal Data without offering an opportunity to opt out, and may be required to disclose the Personal Data, (c) to third-party Processors the company has retained to perform services on its behalf and pursuant to its instructions, (d) if it is required to do so by law or legal process, or (e) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. GEGO also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).
- Accountability for Onward Transfer of Personal Data
This Policy and the other Privacy Policies referred to herein describe GEGO’s sharing of Personal Data.
Except as permitted or required by applicable law, GEGO provides Employees and Consumers with an opportunity to opt out of sharing their Personal Data with third-party Controllers. GEGO requires third-party Controllers to whom it discloses Personal Data to contractually agree to (a) only process the Personal Data for limited and specified purposes consistent with the consent provided by the relevant Employee or Consumer, (b) provide the same level of protection for Personal Data as is required by the Privacy Shield Principles, and (c) notify GEGO and cease processing Personal Data (or take other reasonable and appropriate remedial steps) if the third-party Controller determines that it cannot meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles. GEGO is not required to enter into a contract to transfer Personal Data to certain third-party Controllers for occasional employment-related operational needs of the company, such as booking flights or hotel rooms or handling insurance coverage.
With respect to transfers of Employee Personal Data and Consumer Personal Data to third-party Processors, GEGO (d) enters into a contract with each relevant Processor, (e) transfers Personal Data to each such Processor only for limited and specified purposes, (f) ascertains that the Processor is obligated to provide the Personal Data with at least the same level of privacy protection as is required by the Privacy Shield Principles, (g) takes reasonable and appropriate steps to ensure that the Processor effectively processes the Personal Data in a manner consistent with GEGO’s obligations under the Privacy Shield Principles, (h) requires the Processor to notify GEGO if the Processor determines that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, (i) upon notice, including under (h) above, takes reasonable and appropriate steps to stop and remediate unauthorized processing of the Personal Data by the Processor, and (vii) provides a summary or representative copy of the relevant privacy provisions of the Processor contract to the Department of Commerce, upon request. GEGO remains liable under the Privacy Shield Principles if the company’s third-party Processor onward transfer recipients process the relevant Personal Data in a manner inconsistent with the Privacy Shield Principles, unless GEGO proves that it is not responsible for the event giving rise to the damage.
GEGO takes reasonable and appropriate measures to protect Employee Personal Data and Consumer Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
VIII. Data Integrity and Purpose Limitation
GEGO limits the Employee Personal Data and Consumer Personal Data it processes to that which is relevant for the purposes of the particular processing. GEGO does not process Employee Personal Data or Consumer Personal Data in ways that are incompatible with the purposes for which the information was collected or subsequently authorized by the relevant Employee or Consumer. In addition, to the extent necessary for these purposes, GEGO takes reasonable steps to ensure that the Personal Data the company processes is (a) reliable for its intended use, and (b) accurate, complete and current. In this regard, GEGO relies on its Employees and Consumers to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the Employees or Consumers. Employees and Consumers may contact GEGO as indicated in this Policy to request that GEGO update or correct relevant Personal Data.
Subject to applicable law, GEGO retains Employee Personal Data and Consumer Personal Data in a form that identifies or renders identifiable the relevant Employee or Consumer only for as long as it serves a purpose that is compatible with the purposes for which the Personal Data was collected or subsequently authorized by the Employee or Consumer.
Employees and Consumers generally have the right to access their Personal Data. Accordingly, where appropriate, GEGO provides Employees and Consumers with reasonable access to the Personal Data GEGO maintains about them. GEGO also provides a reasonable opportunity for Employees and Consumers to correct, amend or delete the information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, as appropriate. GEGO may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the Employee’s privacy or Consumer’s privacy in the case in question, or where the rights of persons other than the Employee or the Consumer would be violated.
Employees and Consumers may request access to their Personal Data by contacting GEGO as indicated in this Policy.
- Recourse, Enforcement and Liability
GEGO has mechanisms in place designed to effect compliance with the Privacy Shield Principles. GEGO conducts an annual self-assessment of its Employee and Consumer Personal Data practices to verify that the attestations and assertions GEGO makes about its Privacy Shield privacy practices are true and that GEGO’s privacy practices have been implemented as represented and in accordance with the Privacy Shield Principles.
- Employee Recourse: Employees may file a complaint concerning GEGO’s processing of their Personal Data. GEGO will take steps to remedy issues arising out of its alleged failure to comply with the Privacy Shield Principles. Employees may contact GEGO as specified below about complaints regarding GEGO’s Personal Data practices.
If an Employee’s complaint cannot be resolved through GEGO’s internal processes, GEGO will cooperate with the panel of EU data protection authorities established pursuant to the Privacy Shield to address relevant Employee complaints and provide Employees with appropriate recourse free of charge. GEGO also is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
- Consumer Recourse: Consumers may file a complaint concerning GEGO’s processing of their Personal Data. GEGO will take steps to remedy issues arising out of its alleged failure to comply with the Privacy Shield Principles. Consumers may contact GEGO as specified below about complaints regarding GEGO’s Consumer Personal Data practices.
- How to Contact GEGO
To ask questions or express concerns about GEGO’s collection, management and processing of Personal Data, Consumers may contact GEGO listed below.
In Europe and international territories:
550 NW 29th Street
Miami, Florida USA 33127
Or contact: email@example.com
For questions or concerns about this Policy or the other Privacy Policies, please send an email to firstname.lastname@example.org