The Suralink Service

Our online Service allows any company that uses it (our customers and Suralink itself) to create requests and to transfer data and files in order to efficiently interact with other people. The information added to the Service, either by Site visitors providing their contact information or when a Service user adds the information, is stored and managed on our service providers' servers.

Use by Suralink

We use our own Service to request and receive files in various scenarios. Information that we collect and manage using the Service for our own uses belongs to us and is used, disclosed and protected according to this Privacy Policy.

Use by Our Customers

Our customers use the Subscription Service to make requests and transfer files. Suralink does not control the types of information that our customers may choose to collect, manage, or transfer using the Service. Suralink processes our customers' information as they direct and in accordance with our agreements with our customers, and we store it on our service providers' servers, but we do not have control over its collection or management. Our agreements with our customers prohibit us from using that information, except as necessary to provide and improve the Service, as permitted by this Privacy Policy, and as required by law. We have no direct relationship with individuals who provide Personal Information to our customers. Suralink acknowledges that you have the right to access your Personal Information. Our customers control and are responsible for correcting, deleting or updating information they have collected from you using the Service. If requested to remove data, we will respond within a reasonable timeframe. We may work with our customers to help them provide notice to their visitors about their data collection, processing and usage. We are not responsible for our customers' use of information they collect on the Service.

Suralink collects information under the direction of its customers and has no direct relationship with the individuals whose Personal Information it processes. If you are a customer of one of our customers and would no longer like to be contacted by one of our customers that use our Subscription Service, please contact the customer that you interact with directly. We may transfer Personal Information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.

When You Visit our Site

You are free to explore the Site without providing any Personal Information about yourself. When you visit the Site or register for the Service, we request that you provide Personal Information about yourself, and we collect Navigational Information.

Personal Information

This refers to any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal Information can also include information about any transactions, both free and paid, that you enter into on the Websites, and information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.

Personal Information also includes Navigational Information or Payment Information where such information can directly or indirectly identify an individual. Navigational information refers to information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed. Please see the "Navigation Information" section below. We collect and process payment information from you when you subscribe to the Subscription Service, including credit cards numbers and billing information, using third party PCI-compliant service providers. Except for this, we do not collect Sensitive Information from you.

Log Files

When you use our services our view content provided by us, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. This information is used by Suralink for the operation of the Service, to maintain quality of the Service, and to provide general statistics regarding use of the Site. For these purposes, we do link this automatically-collected data to Personal Information such as name, email address, address, and phone number.

Information About Children

The Site and Service are not intended for or targeted at children under 16, and we do not knowingly or intentionally collect information about children under 16. If you believe that we have collected information about a child under 16, please contact us at info@suralink.com, so that we may delete the information.

Compliance with Our Privacy Policy

We use the information we collect only in compliance with this Privacy Policy.

We Never Sell Personal Information

We will never sell your Personal Information to any third party.

Use of Personal Information

In addition to the uses identified elsewhere in this Privacy Policy, we may use your Personal Information to:

• Use of the Service by Suralink and our Customers
• Information We Collect
• How We Use Information We Collect
• How We Share Information We Collect
• International Transfer of Information
• Cookies and Similar Technologies
• How to Access & Control Your Personal Data

We may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, we do not transfer your Personal Information to the third party.

We use the information collected through our Service by our customers for the following purposes:

• to provide the Subscription Service (which may include the detection, prevention and resolution of security and technical issues);
• to respond to customer support requests; and
• otherwise to fulfill the obligations under the Suralink Customer Terms of Service

Use of Navigational Information

We use Navigational Information to operate and improve the Site and the Service.

Use of Credit Card Information

Suralink uses third-party payment processing services to process payment transactions. Your payment card details are not stored by the Service. If you choose to pay for the Service via payment card, your payment card details are encrypted and securely stored by our third-party payment processor to enable Suralink to bill your payment card.

Security of your Personal Information

We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use or disclosure. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Information is protected using appropriate physical, technical and organizational measures.

Retention of Personal Information

How long we keep information we collect about you depends on the type of information. as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.

We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, as long as is required in order to contact you about the Subscription Service or our other services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements).

When we have no ongoing legitimate business need to process your Personal Information, we securely delete the information or anonymize it or, if this is not possible, then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. We will delete this information from the servers at an earlier date if you so request, as described in "To Unsubscribe from Our Communications" below.

If you provide information to our customers as part of their use of the Subscription Service, our customers decide how long to retain the personal information they collect from you. If a customer terminates its use of the Service, then we will provide customer with access to all information stored for the customer by the Service, including any Personal Information provided by you, for export by the customer according to our agreement with our customer. After termination, we may, unless legally prohibited, delete all customer information, including your Personal Information, from the Subscription Service.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your Suralink account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

Except as described in this policy, Suralink will not give, sell, rent, or loan any identifiable personal information to any third party. We may disclose such information:

• to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
• if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law;
• to contractors, service providers, and other third parties we use to support our business;
• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Suralink, users of the Service, and/or others;
• for any other purpose which is incidental to the normal use of the Service;
• to reputable third-parties but in such case the information will only be non-personal, summary or group statistics about our customers, sales, traffic patterns, and related Site information, and these statistics will include no personally identifying information; and
• otherwise with your consent.

Corporate Events

If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Suralink on the Sites and the Service. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.

Compelled Disclosure

We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process

Suralink does not transfer any information outside of the United States except to users of the Site and Service in conjunction of that users use of the Site or Service.

This information is valid if you are located within the EU / EEA: We will transfer your personal data outside the European Economic Area (EEA) and process data in particular in the US. In such cases, we ensure that your data is protected by appropriate safeguards, such as the use of Standard Contractual Clauses approved by the European Commission, or other legally recognized mechanisms.

Cookies

Suralink and its partners use cookies or similar technologies (such as web beacons) to analyze trends, administer the website, track users' movements around the website, and to gather demographic information about our user base as a whole. To find out more about how we use cookies on our Site and how to manage your cookie preferences please see our Cookie Policy.

Advertising

We partner with third party ad networks to either display advertising on our Web site or to manage our advertising on other sites. Our ad network partners use cookies and Web beacons to collect information about your activities on this and other Web sites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by following the instructions here: https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences?lang=en and here: https://www.facebook.com/help/568137493302217. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

Third Party Tracking Technologies

The use of cookies and web beacons by any tracking utility company is not covered by our Privacy Policy or Cookie Policy.

Reviewing, Correcting and Removing Your Personal Information

You have the following data protection rights:

• Right to Access: You have the right to request access to your personal data that we hold.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
• Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain circumstances.
• Right to Withdraw Consent: If you have provided consent for the processing of your personal data, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or direct marketing.
• Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
• ● Right to Complain: You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.html

To exercise any of these rights, please fill out this form: https://share.hsforms.com/1Gavo88DyRzmRgsfQIEY1Lg3hfb4

OR

Contact us at support@suralink.com with the Email Subject: Please Delete my Data

We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.

As a supplement to Suralink’s obligations under GDPR, Suralink additionally participates in the Data Privacy Framework Program as designed by the U.S. Department of Commerce, the European Commission, the UK Government and Swiss Federal Administration (the “DPF”), and hereby declares our commitment to comply with the DPF. Suralink is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In compliance with the DPF, Suralink commits to resolve complaints about our collection or use of your personal information.

Suralink complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Suralink has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Suralink has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Under the DPF guidelines, you may, under certain conditions, invoke binding arbitration as a means of dispute resolution. You may also submit complaints through the U.S. Department of Commerce DPF program website using the following link: https://www.dataprivacyframework.gov/s/assistance

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Suralink commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TrustArc, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The dispute resolution services are provided at no cost to you.

We do not transfer your Personal Information to the third party. However, if in the future it does transfer personal information to a third party acting as an agent on its behalf, Suralink shall remain liable under the DPF Principles if its agent processes such personal information inconsistent with the DPF Principles. Please see the following link for additional information:https://www.dataprivacyframework.gov/framework-article/3%E2%80%93ACCOUNTABILITY-FOR-ONWARD-TRANSFER.

To Unsubscribe From Our Communications

You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, updating your communication preferences, or by sending us email us at support@suralink.com or postal mail to Suralink, Inc., 10 Exchange Place, Suite 300, Salt Lake City, Utah, 84111 USA, Attention: Privacy. Customers cannot opt out of receiving transactional emails related to their account with us or the Service.

8. Legal Basis for Processing of Personal Data

We process personal data in accordance with the General Data Protection Regulation (GDPR). The legal bases for processing personal data include:

Consent: When you have given explicit consent for us to process your data for specific purposes, Art. 6 Sec. 1 lit. a EU-GDPR. You have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Contractual Necessity: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract, Art. 6 Sec. 1 lit. b EU-GDPR.

Legal Obligation: When processing is necessary to comply with a legal obligation, Art. 6 Sec. 1 lit. c EU-GDPR.

Legitimate Interests: Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your rights and freedoms, Art. 6 Sec. 1 lit. f EU-GDPR.

9. EU-Representative

This information is valid if you are located in the EU / EEA: If you have any questions or concerns about our processing of your personal data or wish to exercise any of your rights, please contact our EU-Data Protection Representative at:

Name: Felix Gebhard, FX Data UG (haftungsbeschränkt)

Email: suralink@fx-data.de

Address: Verhoevenstrasse 4, 81739 München (Munich), Germany

10. Updates to this Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on our website and updating the "Last Updated" date at the top of this page.