Your Rights under the law

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by Treffio erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents Treffio from observing such right, in which case the Data Subject shall be duly informed. This right may be exercised by submitting a request as defined in the procedure stated below in this section.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

We may refuse the exercise of such right if it prevents us from exercising legal defense, we cannot do it driven from a legal obligation or there is the risk of by doing so, not being able to fulfill any open contractual obligations.

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request. This right may be exercised by submitting a request as defined in the procedure stated below in this section.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of Treffio. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request. This right may be exercised by submitting a request as defined in the procedure stated below in this section.

[CCPA] Right to opt out of sales – We do not “sell “ your data

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. Treffio will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.  Customers may directly amend existing information on Treffio’s website user account area or by submitting a request as per herein defined ahead in this document which is the application process for those Data Subjects who are not Treffio Customers.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding Treffio’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. Treffio is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

We strongly recommend that you submit the email and postal address that you used when you register, created accounts, ordered subscriptions, or signed up for a newsletter.  After you submit a CCPA rights requests you will be required to verify access to the email address you submitted.  You will receive an email with a follow-up link to complete your email verification process.  You are required to verify your email in order for us to proceed with your CCPA rights requests.  Please check your spam or junk folder in case you can’t see the verification email in your inbox.