Your trust is important to us, and we want to ensure that your personal information is protected. This Privacy Policy explains how we collect and use your personal information in relation to Five Star Legal and Compliance Systems, Inc. (“FSLCS”) products, services, events, websites, and applications that link to this Policy (together, the “FSLCS Products”). It also describes how you can control or exercise your rights related to your personal information.
Personal Information We Collect
We process information about you while providing the FSLCS Products. Below, we outline the kinds of information we collect.
Information You Give to Us
We collect information about you when you provide it to us directly.
Account information. We collect information about you when you create an account with us, such as your name, email address, profile picture, company name, postal address, phone number, and payment information.
Support information. We collect information you provide to us when you open a support request or otherwise communicate with us (such as through third-party social-media sites). This may include your name, email address, title, company, and any other information you provide in your request.
Sales and marketing information. We collect information you provide for promotional communications, including when you submit forms on our websites, such as name, email address, and telephone number.
Product information. We collect personal information submitted to us through the use of the FSLCS Products, including the information provided in logs, traces, and metrics. This information may include name, email address, IP address, online identifier, and mailing address.
Information We Collect Automatically
We automatically collect information about you when you access or use the FSLCS Products.
Your use of the FSLCS Products. We collect information about how you use the FSLCS Products, such as your session date, time, and duration; the pages you viewed; and the page you visited before navigating to the products or websites.
Device information. We collect information about your computer or device when you access any of the FSLCS Products, such as the type of browser you use, your IP address, and the location of your device.
Cookies and similar technologies. We use cookies and similar technologies (like web beacons and pixels) to collect information about your interactions with the FSLCS Products, including identifiers, usage data, session information, links clicked, pages visited, and mouse movements. For more information about how we use cookies and similar technologies, please see our Cookie Policy.
Information We Collect from Other Sources
We may also obtain information about you from other sources.
Other services linked to your account. We may collect information about you when you link your FSLCS account with other services. For example, if you create or log into your FSLCS account using your Microsoft credentials via single sign-on, we will have access to certain information such as your name and email address, as authorized in your Google Apps profile settings.
Through the FSLCS products. We may receive information about you from other users’ use of the FSLCS Products.
Our affiliates. We may receive information about you from one of our affiliates if you interact with them directly, for example through a support request. This may include your name, email address, and information about your request.
Third parties. We may receive information about you from third parties that provide business information to us or from public sources. This information may include things like your name, title, email address, phone number, and social-media profile. We may combine this information with information we collect through other means described above.
How We Use Personal Information
We use information about you for the following purposes.
To provide the FSLCS Products. We use information about you to provide you with access to the FSLCS Products, including to create and manage your FSLCS accounts, process transactions with you, and send you invoices.
For research and to improve and create new FSLCS Products. We use the information we collect, including Product information, to improve the FSLCS Products, including to monitor and analyze trends, usage, and other activities in connection with the FSLCS Products so that we can continually improve them or create new ones. We may also link or combine information about you with information we get from others to help understand your needs and provide you with new and better services.
To communicate with you. We use information about you to communicate with you, including to send you technical notices, product updates, security alerts, support communications, and administrative messages about the FSLCS Products (including important changes to the FSLCS Products). This also includes sending you information about your account and data, such as when we update our terms or when we materially change how we use your data.
For security. We may use information about you to maintain and increase the security of the FSLCS Products, including to detect, investigate, and prevent fraud and other illegal activities from occurring, as well as to protect the rights and property of FSLCS, our customers, and third parties.
To market and promote the FSLCS Products. We use information about you to send you promotional messages and to show you advertisements. This may also include using information about you to create more personalized advertising and suggest FSLCS Products that may be of interest to you. We may also use information about you to facilitate contests, sweepstakes, and promotions, and to process and deliver your entries and rewards.
To comply with legal obligations. We may use information about you to comply with our legal requirements. For example, we may process and retain information about your payments to us for tax and accounting purposes.
With your consent. Finally, we use information about you for any other purposes that you have consented to. For example, if you agree to be named as a Featured Customer, we might post information about you on one of our public websites.
We will not process your personal information for purposes materially different from the above without providing you with the opportunity to opt out.
How We Share Personal Information
We will not share your personal information with third parties except as follows.
Service providers. We use third-party service providers who work on our behalf, including to provide hosting services, authentication services, cybersecurity, anti-fraud services, and advertising, which may require us to share your personal information.
Payment services. We use PayPal, Inc.’s Braintree product to receive and process payments in relation to the use of our Services. PayPal acts as an independent controller of the personal information received when it provides these services. More information about how PayPal processes personal information is available in the Braintree Privacy Statement.
For legal reasons. In rare cases, we may share information about you in response to a request for information if we believe disclosure is permitted or required by an applicable law, regulation, or legal process, including to comply with a subpoena or applicable court order. Further, we may share your personal information with any person to whom disclosure is necessary to enable us to enforce our rights under this Privacy Policy or under any agreement we enter with you or to protect the rights, property, or safety of FSLCS or third parties.
Business transfers. We may share your information in connection with, or during negotiations of, any merger, sale of FSLCS assets, financing, or acquisition of all or a portion of our business by another company.
Affiliates. We may share your personal information with our affiliate companies who may act for us for any of the purposes set out in this Privacy Policy, including our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership.
Marketing and analytics. We may share your personal information with analytics and search-engine providers that assist us in the improvement and optimization of our websites, subject to our Cookie Policy.
Social media. Some of our websites may contain social-sharing widgets or features that let you share information you find on our websites on third-party sites, including, for example, Twitter, LinkedIn, and YouTube. By doing so, you authorize us to facilitate this sharing of information, and you understand that the use of shared information will be governed by the social media provider’s privacy notice.
Consent. We may share your personal information with your consent or at your direction.
Security
The security of your personal information is incredibly important to us. We have implemented and we continually maintain a variety of technical and organizational measures to protect your personal information from unauthorized access and against unlawful processing, accidental loss, destruction, and damage. View our Security page to learn more about the specific security controls we have put in place to safeguard your information.
Retention
We only keep your personal information for as long as necessary to fulfill the purposes we collected it for, after which it will be deleted or archived unless we are required to keep it to comply with our legal obligations or for another legitimate and lawful purpose. To determine the appropriate retention period for personal information, we consider several factors, including:
the terms of our agreements with you;
our legitimate interests (as outlined in this Privacy Policy);
our legal obligations; and
the amount and nature of your personal information.
In some cases, we may anonymize your personal information so that you are no longer identifiable, in which case we may use the resulting information without further notice to you.
Children
The FSLCS Products are not directed to individuals under the age of 16, and we do not knowingly collect or sell the personal information of children under 16.
Your Choices
You have choices about how FSLCS collects and uses your personal information.
Account information. Our customers may access, update, or change personal information they have provided to us by logging into the relevant application or emailing us at help@edig365.com. Subject to the terms of their agreements with us, customers may deactivate their accounts by emailing us at help@edig365.com, but we may retain certain personal information as necessary to comply with our legal obligations or for legitimate business purposes, such as to resolve disputes or enforce our agreements. We may also retain cached or archived copies of personal information for a certain period.
Advertising. You may opt out of receiving promotional emails from FSLCS by following the instructions in those emails or by emailing help@edig365.com. If you opt out of receiving promotional communications, we may still send you non-promotional emails, such as those about your account or our ongoing business relationship. If you would like to opt out of receiving promotional phone calls, please contact us as outlined in the “Contact Us” section below
Supplemental Notice for the EEA, UK, and Switzerland
This section provides additional details about the personal information we process subject to the General Data Protection Regulation (GDPR) and UK GDPR.
Controller of Your Information
Unless otherwise stated in a supplemental notice, Five Star Legal and Compliance Systems, Inc. is the data controller of your personal information.
Your Rights
Subject to applicable law, you have the following rights with respect to your personal information.
Right of access. You have the right to access your personal information that we hold, and receive it in a portable way.
Right to update. You have the right to request that we update your personal information.
Right to delete. You have the right to have your personal information deleted.
Right to restrict processing. You have the right to request us to restrict or suppress the processing of your personal information where our processing is inappropriate.
Right to object. You have the right to object to the processing of your personal information.
Right to withdraw consent. You have the right to withdraw your consent at any time where we are processing your personal information based on your prior consent.
To exercise your rights, please complete our Data Subject Rights Intake form or contact us as outlined in the “Contact Us” section below. Please note that we may ask you to provide us with additional information to confirm your identity.
Legal Bases for Processing Personal Information
We process your personal information on one of the following legal bases:
where necessary to enter into or perform under a contract with you, including to provide the FSLCS Products; where necessary for us to comply with a legal obligation; for our legitimate interests, as outlined in this Privacy Policy; or with your consent.
International Data Transfers
Your personal information may be collected in, transferred to, accessed from, or stored in a country other than the one you are in, including the United States, which may have data protection rules that are different from those of your country. Your personal information is only transferred out of your country in accordance with applicable data protection law, including, for example, to third countries that adequately safeguard personal data, or under the European Commission-approved Standard Contractual Clauses. Your rights with respect to your personal information are outlined above in the “Your rights” section above.
We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce (together, the “DPF”). We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.
If you have any questions, concerns, or complaints about our compliance with the DPF, we encourage you to contact us as outlined in the “Contact Us” section below, where you can also find information regarding our EU representative that can respond to your questions or complaints. If you have an unresolved complaint regarding our handling of personal data received in reliance on the DPF, you may contact TRUSTe, our U.S.-based third-party dispute resolution provider, here free of charge. Finally, if you have a complaint that we have violated the DPF Principles that has not been resolved by other means, you may have the ability to invoke binding arbitration as outlined more fully on the DPF website. Please note that we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
In some cases, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. More information about the safeguards we’ve implemented to protect transfers of personal data is available in our Transfer Impact Assessment.
If we transfer your personal data onward to a third party, we will continue to remain liable under the DPF Principles if the information is processed in a manner inconsistent with the DPF Principles.
Complaints
You may lodge a complaint with a data protection authority for your country or region where you have your habitual residence, where you work, or where an alleged infringement of applicable data protection law occurs. A list of EEA data protection authorities is available here, and the contact details for the UK Information Commissioner’s Office is available here.
Supplemental Notice for the United States
This section provides additional details about the personal information we collect about individuals and the rights afforded to them under various applicable U.S. state data-protection and privacy laws.
Your Rights
Subject to applicable law, you have the following rights with respect to your personal information.
Right to access. You have the right to request that we disclose to you in a portable format the personal information we collect, use, disclose, share, and sell about you.
Right to correct. You have the right to correct errors in your personal information.
Right to delete. You have the right to request that we delete your personal information that we’ve collected.
Right to update. You have the right to request that inaccurate personal information we hold about you be corrected.
Right to opt out. You have the right to opt out of behavioral or targeted advertising, automated profiling, and sales of personal information.
Right to restrict the use and disclosure of your sensitive information. You have the right to request that we limit our use and disclosure of your sensitive personal information.
Right to nondiscrimination. You have the right not to receive discriminatory treatment because you’ve exercised any of your above rights.
If you or your authorized agent wishes to exercise any of these rights, please complete our Data Subject Rights intake form or contact us as outlined in the “Contact Us” section below. Please note that we may ask you or your agent to provide us with additional information to confirm your identity.
You may also opt out of “sharing” of personal information for purposes of cross-context behavioral advertising by clicking on the “Your Privacy Choices” link in the footer of this website and following the instructions. Where required, we also honor requests to opt out submitted via privacy preference signals recognized under applicable law, such as the Global Privacy Control (“GPC”) or any other types of Do Not Track (“DNT”) signals.
If you submit a request to exercise one of the above rights and you disagree with our decision regarding your request, you may have the right to appeal our decision under applicable law. To do so, please reply to our response.
Categories of Personal Information Collected
The personal information that we’ve collected in the past 12 months fall into the following categories specifically established under the California Consumer Privacy Act, as amended (the CCPA):
Identifiers such as a real name, postal address, unique personal identifier, online identifier, internet protocol address, and email address.
Information under Cal. Civ. Code §1798.80(e), such as your name, address, telephone number, or any financial information.
Commercial information, such as information related to products or services you’ve purchased.
Internet or other electronic network activity information, such information regarding your interaction with the FSLCS Products.
Geolocation data.
Audio, electronic, visual, or similar information, such as audio recordings of calls with you.
Inferences drawn on the information above, such as aggregated metrics.
Account log-in or credit card number in combination with your credentials allowing access to your account.
For more information about the categories of personal information we collect, please see the “Personal Information We Collect” section above.
Categories of Personal Information Disclosed for a Business Purpose
The personal information that we’ve disclosed for a business purpose (including to our service providers) in the past 12 months fall into the following categories specifically established under the CCPA:
Identifiers such as a real name, postal address, unique personal identifier, online identifier, internet protocol address, and email address.
Information under Cal. Civ. Code §1798.80(e), such as your name, address, telephone number, or any financial information.
Commercial information, such as information related to products or services you’ve purchased.
Internet or other electronic network activity information, such information regarding your interaction with the FSLCS Products.
Geolocation data.
Audio, electronic, visual, or similar information, such as audio recordings of calls with you.
Inferences drawn on the information above, such as aggregated metrics.
Account log-in or credit card number in combination with your credentials allowing access to your account.
For more information about the categories of personal information we disclose to other parties, including to our service providers, please see the “How We Share Personal Information” section above.
Categories of Personal Information Shared for Cross-Context Behavioral Advertising
The personal information that we’ve shared with our advertising partners for cross-context behavioral advertising in the past 12 months fall into the following categories specifically established under the CCPA:
Identifiers such as a real name, unique personal identifier, online identifier, internet protocol address, and email address.
Internet or other electronic network activity information, such information regarding your interaction with the FSLCS Products.
Geolocation data.
Inferences drawn on the information above, such as aggregated metrics.
Sensitive Personal Information
We do not use or disclose sensitive personal information for purposes other than permitted under applicable law.
CCPA Terms
These CCPA Terms apply when the California Consumer Privacy Act of 2018, Cal. Civ. Code §§1798.100–1798.199.100, as amended, and the CCPA regulations, Cal. Code Regs. §§7000–7304 (together, the “CCPA”) apply to Customer’s use of the Services to process the Personal Information contained in Customer Data (“Covered Information”). For the purpose of these CCPA Terms, the terms “Commercial Purpose”, “Consumer”, “Personal Information”, “Sell”, “Service Provider”, and “Share” have the meanings given to them in the CCPA.
FSLCS’s Obligations. FSLCS will(a) not Sell or Share Covered Information; (b) process Covered Information only to provide, support, and improve the Services in accordance with the Agreement or Orders, or as otherwise permitted under the CCPA; (c) not retain, use, or disclose Covered Information (i) for any purpose, including any Commercial Purpose, except to provide, support, and improve the Services in accordance with the Agreement or Orders, or as otherwise permitted under the CCPA, (ii) outside the direct business relationship between FSLCS and Customer, or (iii) in any way prohibited by the CCPA; (d) not combine the Covered Information it receives from, or on behalf of, Customer with Personal Information it receives from, or on behalf of, another person or from FSLCS’s own interactions with the Consumer to whom the Personal Information relates, except to the extent a Service provider is permitted to do so under the CCPA; (e) comply with all applicable obligations under, and provide the same level of privacy protection to Covered Information as required by, the CCPA; (f) notify Customer if it believes it cannot meet its obligations under the CCPA; and (g) on Customer’s request and taking into account the nature of the Covered Information processed, provide reasonable assistance to Customer in fulfilling consumer requests made under the CCPA to the extent Customer is unable through its use of the Services to address a particular request on its own.
Customer’s Obligations and Rights. Customer may(a) only disclose Covered Information to FSLCS for the limited purpose of using the Services in accordance with the Agreement; (b) audit FSLCS’s compliance with its obligations under these CCPA terms by requesting and reviewing (i) copies of or extracts from FSLCS’s audit reports related to the security of the Services, or (ii) other information FSLCS deems is reasonably necessary to demonstrate FSLCS’s compliance; and (c) upon notice to FSLCS, take reasonable and appropriate steps to stop and remediate any unauthorized use of Covered Information by FSLCS.
Changes to this Privacy Policy
We may occasionally update this Privacy Policy. The date at the top of this Privacy Policy indicates when it was last revised. Any changes will become effective when we post the revised Privacy Policy on this page.
Contact Us
If you have questions or concerns about this Privacy Policy, please contact us at: Five Star Legal and Compliance Systems, Inc., 1621 W. 25th Street, PMB 310, San Pedro, CA 90732; or privacy@edig365.com.