Macabacus Data Privacy Framework Policy

Effective date: September 29, 2023

This Macabacus Data Privacy Framework Policy (“DPF Policy”) and Macabacus’s Privacy Policy (“Privacy Policy”) describes the privacy practices that we implement for Personal Data received from the EEA, UK and Switzerland in reliance on the DPF. This DPF Policy uses terms that are defined in the Privacy Policy. If there is any conflict between the terms in this DPF Policy and the DPF Principles as concerns the Personal Data received under the DPF, the DPF Principles will prevail.

What this disclosure covers

Please see the relevant parts of the Privacy Policy for information about:

  • The types of Personal Data processed
  • The purposes of data processing;
  • Third parties who may receive Personal Data; and
  • An individual’s right to access Personal Data
  • Required disclosure to third parties including public and governmental authorities

Choice

Macabacus will not process Personal Data about E.U., UK or Swiss individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the individual unless the individual affirmatively and explicitly consents (“opt-in”) to the processing, or unless an exception applies. Macabacus also provides E.U., UK and Swiss individuals with the opportunity to withdraw consent at any time (“opt-out”), in which case their Personal Data will not be further processed.

Enforcement

Macabacus’s compliance with the DPF is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Accountability for Onward Transfers

Macabacus complies with the DPF Principles for all onward transfers of personal data from the EU, UK and Switzerland, including the onward transfer liability provisions. Macabacus will only transfer Personal Data about E.U., UK and Swiss individuals to third-party recipients that (a) has provided satisfactory assurances to Macabacus that it will protect the information consistently with this Statement; or (b) is located in the E.U. or a country considered “adequate” for privacy by the EC, and therefore is required to comply with the E.U. data protection laws or substantially equivalent privacy laws depending upon where the Personal Data originated.

Where Macabacus has knowledge that a third-party recipient to whom it has provided E.U., UK or Swiss Personal Data is processing such information in a manner contrary to this Statement, Macabacus will take reasonable steps to prevent or stop the processing, and shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless Macabacus proves that it is not responsible for the event giving rise to the damage.

Questions and complaints

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Macabacus commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Macabacus here.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/DPF-Dispute-Resolution.

In some cases, the DPF gives you the right to pursue binding arbitration. You can do this to resolve complaints not resolved by Macabacus or our third party dispute resolution provider, as described in Annex I to the DPF Framework.

Changes to this policy

This DPF Policy may be changed from time to time, consistent with the requirements of the DPF and in accordance with the process described in the Macabacus Privacy Policy.