GDPR Policy
Access Advance LLC
GDPR & Privacy Shield Notice
Effective Date: 2 October 2020
GDPR Privacy Notice
This GDPR privacy notice (this “GDPR Notice”) is included in our Privacy Policy and applies to the personal data, as such term is defined in the GDPR, processed by Access Advance of natural persons located in the European Economic Area and, after Brexit, the United Kingdom (“EEA Individuals,” “you,” or “your”). Any capitalized terms or other terms not defined in this Notice shall have the meaning ascribed to them elsewhere in the Privacy Policy or Terms of Use or, if not defined herein or elsewhere in the Privacy Policy or Terms of Use, the GDPR. To the extent of any conflict between this GDPR Notice and any other provision of the Privacy Policy, this GDPR Notice shall control only with respect to EEA Individuals and their personal data. If you are located elsewhere, please see the rest of our Privacy Policy here.
Controller Disclosure & Details: We are a data controller of personal data regarding the following categories of EEA Individuals: Individuals that have yet to enter into, or have entered into, a Patent Portfolio License Agreement administered by Access Advance (our “License Agreement”), including those that visit our Site, (collectively, prospective or current “Licensees”) and vendor contacts (“Business Contacts”) for the purposes and under the legal bases described in the table below.
Data Subject Category | Purpose & Legal Basis of Processing |
---|---|
General (applies to all data subjects below) | Information Security: Our web servers will log your IP address and other information (e.g., browser information, operating system, request date/time, user agent string, referral and exiting URL) in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking Site usage, combating DDOS or other attacks, and removing or defending against malicious visitors on the Site. |
Licensees | Patent Portfolio Licensing: Where a prospective Licensee would like to request or enter into one of our License Agreements or otherwise is believed to require a license under local patent laws, we shall process all personal data pursuant to (a) our, and our clients’, legitimate interest in administering our licensors’ patent rights and to (b) take appropriate steps to enter into such License Agreement or for the performance of such License Agreement. Compliance with Applicable Law: We will process personal data as needed to fulfill our legal obligations, such as our obligations relating to tax, accounting, finance, and for the establishment, exercise, or defense of legal claims (whether in-court proceedings or in an administrative or out-of-court procedure), such as by contacting prospective Licensees to license the patents for which we serve as administrator. General Business Development: Our legitimate interest in furthering relationships with our prospective and current Licensees (such as by storing information regarding our prospective and current Licensees within a CRM or other database or file), ensuring prospective and current Licensee satisfaction, and answering inquiries regarding one of our License Agreements or Portfolios. Audience Measurement: Our legitimate interest in use of Google Analytics to understand how prospective and current Licensees interact with the Site at a high level (e.g., page views, bounce rates, country location). |
Business Contacts | Vendor Contacts: When entering into vendor relationships, we will receive the personal information of contacts employed or otherwise associated with such vendors. We process such information in our legitimate interest in establishing and developing our vendor relationships. |
Controller’s Representative: Our representative in the European Union is:
ePrivacy GmbH
Große Bleichen 21
20354 Hamburg
Germany
https://www.eprivacy.eu
Recipients: Access Advance personnel shall receive and process your personal data for the purposes described herein. Personal data is also disclosed to the following categories of recipients to effectuate the purposes described herein:
- Back office administration and registration services for licensees (Netherlands)
- Customer relationship management database (US)
- Cloud-based data hosting provider (US)
- Managed IT service (US)
- Marketing consultancy (US)
- Analytics provider (US)
- Legal services (e.g., law firms) (US and EU)
Retention: Access Advance retains your personal data as necessary to fulfill the purposes set forth within this Notice. Given the nature of our services, much of our stored personal data relates to resolving a legal liability, performing or entering into contractual documentation, or otherwise complying with applicable law, and thus needs to be retained indefinitely. Where data is no longer relevant for these purposes (or validly requested for deletion), it will no longer be retained.
Your GDPR Rights: As a natural person, you have a right to: (i) request access to, correction, and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may request these rights by contacting: privacy@accessadvance.com with the subject line “GDPR Notice.”
You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority.
Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Objecting to Legitimate Interest/Direct Marketing: You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. In such case, your personal data will no longer be used for that purpose.
Transfer of Personal Data outside the EEA: To address transfer of your personal data to the United States, we may rely on one of the following: (i) appropriate Standard Contractual Clauses to ensure adequate protection for your personal data, (ii) the derogations under Article 49(1)(b) and (1)(c) for performance of our contracts with you or to execute a contract in your interest with another entity/person, respectively, or (iii) any other valid transfer mechanisms, appropriate safeguards or exceptions under applicable law in effect at the time of such transfer. Additionally, we are self-certified under the EU-US and Swiss-US Privacy Shield; you may have specific rights under the Privacy Shield as described below.
Disclosure to Public Authorities: Access Advance may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Corporate Restructuring: In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this GDPR Notice. This GDPR Notice shall be binding on Access Advance and its legal successors in interest.
Updates to this GDPR Notice: If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Effective Date” at the top of this page will be updated accordingly.
How to Contact Us: Please reach out to privacy@accessadvance.com for any questions, complaints, or requests regarding this GDPR Notice; please include the subject line “GDPR Notice.”
E.U.-U.S. and Swiss-U.S. Privacy Shield Notice
Important Notice for Residents of the European Economic Area or Switzerland:
Access Advance complies with the E.U.-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from the European Union member countries (including Iceland, Liechtenstein and Norway) and Switzerland to the United States, respectively. Access Advance has certified that it adheres to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement, and Liability (the “Privacy Shield Principles”). With regard to the Principle of Accountability for Onward Transfer, for example, Access Advance remains liable if Access Advance’s agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless Access Advance proves that it is not responsible for the event giving rise to the damage. If there is a conflict between this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
In compliance with the E.U.-U.S. and Swiss-U.S. Privacy Shield Principles, Access Advance commits to resolve complaints about your privacy and our collection or use of your personal information. E.U. or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact Access Advance at privacy@accessadvance.com. Access Advance has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you. If these processes do not result in a resolution, you may also contact your local data protection authority, the US Department of Commerce, and/or the Federal Trade Commission for assistance. If your complaint still remains unresolved, then you have the right to invoke binding arbitration by the Privacy Shield Panel upon written notice to Access Advance at privacy@accessadvance.com.
Onward Transfer to Third Parties under the Privacy Shield: Like many businesses, we hire other companies to perform certain business-related services. We may disclose personal information to certain types of third party companies but only to the extent needed to enable them to provide such services. The types of companies that may receive personal information and their functions are: back-office administration, CRMs, cloud-based data hosting, managed IT, marketing and analytics providers, legal services. All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this Privacy Policy and implemented by Access Advance. We may also share your personal information with any of our parent companies, subsidiaries, affiliates, or other companies under common control with us for the purposes described in this Privacy Policy.
Opt-In and Opt-Out to Certain Onward Transfers under the Privacy Shield: We may transfer your personal information to a third party controller, but you may opt-out of such transfer by sending us an email at to privacy@accessadvance.com, with the subject line, “Privacy Shield.” In certain cases, such as where required for legal claims, we may be required to transfer such information.
We will not disclose your sensitive personal information to any third party without first obtaining your opt-in consent. You may grant such consent by contacting us at privacy@accessadvance.com, with the subject line, “Privacy Shield”.
In each instance, please allow us a reasonable time to process your response.
Disclosure to Public Authorities: We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Your Privacy Shield Rights: Upon request to privacy@accessadvance.com, we will provide you with confirmation as to whether we are processing your personal information, and have the data communicated to you within a reasonable time. You have the right to correct, amend, or delete your personal information where it is inaccurate or has been processed in violation of this Privacy Policy. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable time to respond to your inquiries and requests. Please note that such requests shall be subject to any applicable restrictions or exceptions (e.g., as provided for in the Access Supplemental Principle of the Privacy Shield).
Retention of Personal Information under the Privacy Shield: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.
How We Protect Your Personal Information under the Privacy Shield: Access Advance takes very seriously the security and privacy of the personal information that it collects pursuant to this Privacy Policy. Accordingly, we will implement reasonable and appropriate security measures to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations.