GDPR Privacy

Effective Date: September 23, 2020

This GDPR Privacy Notice applies only to citizens of the European Economic Area (“EEA”) and supplements the information contained in our Privacy Policy. We adopt this GDPR Privacy Notice to comply with the General Data Protection Regulation (“GDPR”) and any terms defined in the GDPR have the same meaning when used in this Notice, except we refer to personal data as personal information. In this GDPR Privacy Notice, “GroupSolver,” “we,” and “us” refer to GroupSolver, Inc., a Delaware corporation and its subsidiaries or affiliates. Capitalized terms in this GDPR Privacy Notice have the same meaning as they do in the Privacy Policy.

Data Controller and Processor

The GDPR differentiates between the “controller” and “processor” of information. In general, we are the processor of Customer Data and the controller of Other Data. “Customer Data” includes the data submitted through a Customer’s Services account by that Customer or by Respondents to that Customer’s surveys, forms, questionnaires, or other information requests. “Other Data” includes, for example, data submitted by Customers or Website Visitors through contact forms on our Website or other interactions with us.

Legal Bases for Processing

We collect and process personal information only where we have a legal basis for doing so. The legal basis depends on the Services and how you use them. Generally, we process personal information you provide on the basis of consent, but we may process personal information you provide where we need it to provide you the Services (like customer support), where it satisfies a legitimate interest (like to market and promote our Services or protect our legal rights and interests), or on another basis permitted by GDPR or applicable law, for example, so we can comply with our legal obligations.

International Transfers

We may transfer your personal information outside the EEA. When we transfer your personal information outside the EEA, we ensure at least one of the following safeguards is implemented:

• We will only transfer your personal information to countries considered by the European Commission to provide adequate levels of protection. For more information, see European Commission: Adequacy Decisions.
• With certain service providers, we may use the European Commission’s approved standard contractual clauses for data transfers between the EEA and non-EEA countries. For more information, see Standard Contractual Clauses (SCC).

Data Retention

How long we retain personal information varies according to the type of information and the purpose for which it is used. For example, we retain your account information for as long as your account is active. Also, we retain the information you share through our Services as long as retention is required by the account administrator. If you choose to receive marketing communications from us, we will retain information about your marketing preferences as long as you express interest in our Services. We will delete or anonymize personal information within a reasonable period after we no longer need it for the purpose or purposes for which it was provided. Alternatively, you may request that we delete your personal information before the end of its retention period. We may archive personal information (store it in inactive files) for longer periods before deleting it as part of our ordinary business continuity procedures.

Right to Complain to Data Protection Authorities

You may file a complaint about our processing of your personal information with your national or regional Data Protection Authority. The European Commission provides a list of Data Protection Authorities and their contact information here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.