Last updated: December 17, 2024
GDPR Privacy Notice: This GDPR privacy notice (the “Notice”) is included in our Policy and applies to the ‘personal data,’ as defined in the GDPR, of natural persons located in the European Economic Area (“EEA Individuals” or “you”) processed by Button. Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them in the Policy or, if not defined herein or in the Policy, the GDPR. To the extent of any conflict between this Notice and the Policy, this Notice shall control only with respect to EEA Individuals and their personal data. If you are located elsewhere, please see our Policy http://www.usebutton.com/privacy-policy.
We are a data processor when providing our Platform on behalf of our Clients. When serving as a processor, we have certain obligations under GDPR including only processing personal data at our clients’ instructions reflected in the applicable Master Services Agreement, providing assistance with fulfillment of rights requests, and implementing appropriate security for personal data. It is the client’s responsibility to fulfill its obligations as a data controller and pursuant to our agreement, such as obtaining appropriate authorizations from Users and presenting appropriate notices. We will forward any inquiries, complaints, or requests received from data subjects (such as Users) with respect to the data utilized through the Platform to the appropriate client and await instructions before taking any action.
We are a data controller of personal data regarding the following EEA Individuals: Prospective/current clients (including client end-users of our Platform) and vendors (“Business Contacts”) and our Site Visitors for the purposes and under the legal bases described in the table below. Please note that, in some cases, the categories of data subjects above may overlap (e.g., Business Contacts using the Website).
We have appointed a representative in the EU. You can contact them by post at:
Mishcon de Reya Representative Services (Europe) Limited, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland,
or by email at representative@mishcon.com.
Our sales, marketing, and finance teams process Business Contacts and Site Visitor information internally, and such information is also disclosed to the following recipients:
Business Contact Data - Cloud-based storage providers (US) - Client CRM (US) - Secure file share (US)
Site Visitor Data - Website audience measurement (US) - Marketing communications (US)
For Business Contacts, we retain data for the duration of Button’s relationship with the business.
For Site Visitors, we retain analytics data for 14 months.
As a natural person, you have a right to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights and submit a GDPR complaint by contacting: privacy@usebutton.com with the subject line “GDPR Notice.”
Button commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel and/or Commissioner, as applicable, with regard to human resources data transferred from the EU as applicable in the context of the employment relationship.
You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under Button’s Standard Contractual Clauses.
Contact details for the EU data protection authorities can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to privacy@usebutton.com with the subject line “GDPR Notice” (the latter for instances where, for example, you would not like to receive follow-ups from our sales team). In such case, your personal data will no longer be used for that purpose.
We rely on appropriate Standard Contractual Clauses with such recipients to ensure adequate protection for your personal data. If you would like to request a data protection agreement with Button, which includes these Standard Contractual Clauses, please email us at privacy@usebutton.com.
Button may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this Notice. This Notice shall be binding upon Button and its legal successors in interest.
If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this Notice, and the “Effective Date” at the top of this page will be updated accordingly.
Button has a mailing address at 268 Post Road, Suite 200, PMB 90775, Fairfield, CT 06824 USA. Please use this address or, preferably, reach out to privacy@usebutton.com for any questions, complaints, or requests regarding this Notice; please include the subject line “GDPR Notice.”
