Last modified: December 2019
LegitScript LLC (“LegitScript” or “we”) is committed to complying with all applicable data protection laws, including the data protection requirements introduced by California Consumer Protection Act and the European Union General Data Protection Regulation (Regulation 2016/679). This Privacy Statement contains information on what data we collect, what we do with that information, and what rights you have.
We do process some personal data in order to run our business. There are some situations where we may share your information with third parties (for example, pursuant to a court order, government request, or with our business partners and service providers who support our business or partner with us).
We take the protection of your information seriously and take steps to make sure your personal information is secure. Please read the full Privacy Statement below. Please feel free to contact us if you have any questions.
You should know that this Privacy Statement does not apply to information about you collected via any third-party site or application (including advertising or similar services) that may link to, or be accessible from, LegitScript’s websites. We are not responsible for the privacy policies or data collection, use, and disclosure practices of those sites. We encourage you to read the written policies of all sites you visit.
By visiting or using any of our websites or services (including email communications), you agree to this Privacy Statement. Our Privacy Statement may change from time to time, at LegitScript’s sole discretion, and these changes can affect the information described below, so please check back periodically for any updates.
LegitScript takes appropriate steps to protect and secure your personal data from unauthorized access, use, and disclosure. We use adequate technical and organizational measures to protect your personal data against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure, or access and against all other unlawful forms of data processing. We put these measures in place after evaluating current state of the art of the technology, the cost of implementation, risks presented by processing, and the nature of the personal data.
Although we take reasonable security measures to protect your personal information, we cannot guarantee the security of your personal information transmitted to our websites. The transmission of information via the internet is not 100% secure. LegitScript does not ensure or warrant the security of any information you transmit to us. We are not responsible for circumvention of any privacy settings or security measures contained on the websites.
How We Protect and Use Personal Data
We collect different types of information for our business operations, including but not limited to:
- Website data. This includes information provided at the time of purchasing or registering for our products and services, or requesting further services. Also, we may ask you for information when you report a problem with our websites, products, or services.
- Data you provide to us. When you click through our websites, purchase our services, or otherwise contact us, we may request, or you may choose, to give us information. This may include information by which you may be personally identified (“personal information” or “personal data”), such as your contact information, name, company, employer, e-mail address or telephone number, and records and copies of your communications with us. We may at times share this information with our business partners in order to provide our products and services to you.
- Marketing. If you are interested in, or have used our products in the past, you may periodically receive emails from us containing details about features of the products you use and/or about similar products or services that we offer.
- Public Data. We will from time to time collect information from publicly available websites and index that information in order to assess the functionality of LegitScript’s proprietary software and analysis programs. This information is often used to detect and shutdown illegal or illicit activity. Additionally, we will at times receive incidental personal information from partners or from publicly available sites. We do not identify, index or link this data in any way.
- General business operations. We may also receive or collect other personal data from or about you in the ordinary course of our business. Here is how we use information that you provide or we collect:
- To provide our websites, products, and services;
- To give you information, products, or services that you request from us;
- To let you know about changes to our website, products, or services;
- To ensure the integrity and security of our websites, products, and services;
- For our ordinary business operations, including human resources, recruiting, and business research and outreach; and
- To comply with our legal obligations.
Our Legal Basis for Data Processing
In some circumstances, we are not allowed to process personal data if we do not have a valid legal ground. Therefore, we will only process your personal data in these specific situations if:
- the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request, such as when we authenticate your log-in to our services or ensure that you only have access to the services and data you’ve agreed to buy;
- the processing is necessary to comply with our legal or regulatory obligations, such as tax reporting or regulatory requirements;
- the processing is necessary for the legitimate interests of LegitScript, and does not unduly affect your interests or fundamental rights and freedoms (see below);
- the processing is necessary for the performance of a task carried out in the public interest; or
- if we have your consent.
If we ever process any special categories of data relating to you, we will do so because:
- the processing is necessary for the establishment, exercise or defense of a legal claim;
- the data has been manifestly made public;
- the processing is necessary for to serve a substantial public interest; or
- you have given your explicit consent to us to process that information (where legally permissible).
We do not use personal data in ways that are inconsistent with those described in this Privacy Statement. We only collect and retain as much personal data as we need for the specific purposes we have described, or to comply with our legal and regulatory obligations. When data retention is no longer necessary, we may delete personal data or retain it in a form that does not personally identify anyone.
Information Use, Disclosure, and Your Options
It is important to us that we adequately protect your personal information, especially when we disclose information about you. We may disclose or transfer personal information that we collect or you provide as described in this Privacy Statement, including:
- As required by law, including to respond to any government or regulatory request.
- To enforce the Terms and Conditions that apply to the use of our products and services, including to protect the rights, property or security of LegitScript, our employees, our users, and others.
- As part of a merger, acquisition, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of LegitScript’s assets.
- To our affiliates, agents, contractors, service providers, and others we use to support our business or collaborate with and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes of providing services for or with us.
You have choices about the personal data you provide us. Here are some ways you can control the data we have:
- You may opt out at any time from the use of your personal information for direct marketing purposes by contacting us at [email protected]. Please allow us a reasonable time to process your request. If you do not wish to receive promotional e-mail messages from us, you can always opt-out at https://go.legitscript.com/Subscription-Management.html.
Accessing and Correcting Data
In some circumstances, you may have the right to access personal data that we hold and ask that we correct, amend, or delete information which is inaccurate or has not been processed in accordance with applicable data protection laws, except where the burden or expense of providing access would be disproportionate to the risks to your privacy or where the privacy rights of third parties would be violated. LegitScript may require EU and Swiss residents to provide sufficient (at LegitScript’s discretion) verification of your identity before responding to your request.
We may also ask you to provide information that helps us better understand what you are asking. To exercise your rights, send an email to [email protected]. We’ll do our best to honor these requests as required by applicable laws, but understand that your data access rights are not absolute. They may not always apply to you and exemptions may be appropriate. For example, LegitScript may have limited access to the data we process on behalf of our customers in connection with our services. Therefore, data access requests should include the name of the LegitScript customer who submitted your personal data to LegitScript. We will forward such requests to the customer you identify to respond directly to you and will provide any necessary assistance in that customer’s response to you. LegitScript specifically reserves all rights under this section. If you are not satisfied with how we process your personal data, please let us know and we will investigate your concern. If you are not satisfied with our response, you have the right to make a complaint to the relevant authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen. The contact details of each Data Protection Authority can be found at the following website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
Important Notice to all California Residents
Under the CCPA California residents have a right to opt-out of the sale of their personal information by LegitScript. We do not currently sell individual or consumer information and therefore do not offer an opt-out process.
Additionally, California residents have a right, under the California Consumer Privacy Act, to request to know what personal information LegitScript may collect, store, or use about them during the course of business and a right to request the deletion of that information as addressed below.
- California residents may request to know what personal information LegitScript collects, stores, or uses by emailing [email protected] with the subject line “Right to Know”. Residents will be asked to supply additional information to verify their California residency such as an address or phone number. Upon a successful verification of residency LegitScript will respond to the initial request within 45 days.
- California residents also have a right under the CCPA to request the deletion of any personal information that we collect. After or before submitting a verified request to know via [email protected] (mentioned above) you may request deletion of any and all personal information that LegitScript currently possesses. Residents who have not previously submitted a verified request to know will need to verify their identity with an address, phone number or email.
- Under the CCPA California residents have a right to opt-out of the sale of their personal information by LegitScript. We do not currently sell individual or consumer information and therefore do not offer an opt-out process.
- We will never discriminate against anyone or diminish our products or services in response to an individual exercising the privacy rights conferred on them by the CCPA or any other applicable privacy law.
- If you would like to designate an authorized agent to make requests to know under the CCPA on your behalf, please email [email protected].
Please note that it is possible that LegitScript, for various reasons, may not meet certain thresholds or requirements for CCPA applicability. Nothing herein may be construed as waiving any arguments LegitScript may have regarding the applicability of the CCPA to LegitScript and its operations.
Important Notice to Non-U.S. Residents
Our servers are located in the US. If you are located outside of the U.S.A., please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the USA. Except as otherwise noted, your decision to provide such data to us, or allow us to collect such data through our websites or products, constitutes your consent to this transfer of data and personal information.
Important Notice for Residents of the European Economic Area
Onward Transfer of Data to Third Parties
Like many businesses, we sometimes hire other companies to perform services for us. We may need to disclose personal data to certain types of third party companies, but only to the extent it is required for them to perform the services for us. The types of companies that might receive personal data are those that provide: marketing and advertising, billing, data storage and hosting, and sales support businesses. If you have any questions about how these companies use your data, or if you wish to opt out of having your personal data transferred to any or all categories of our agents, please contact us at [email protected]. It will take us a reasonable amount of time to process your information. In the event personal data is transferred to a different jurisdiction, we will take appropriate steps to ensure that your personal data receives an adequate level of protection, including putting in place appropriate written data processing terms and/or data transfer agreements, using contractual clauses as approved by the European Commission (the form for the standard contractual clauses is located here).
Children Under the Age of 18
People under the age of 18 are not permitted to visit our websites or register for our services. If you become aware that your child has provided us with personal information without your consent, please contact us [email protected] and we will work to delete it. We do not knowingly collect personal information about children under 18. If we learn that a child under 18 has provided us with personal data, we will delete this information, subject to any limitations on our ability to do so.
Changes to Our Privacy Statement
We may change this Privacy Statement at any time. We encourage you to visit this page often to read the effective version of this Privacy Statement. If you have any concerns or questions about this Privacy Statement, or if you would like to lodge a complaint, please contact [email protected].
This Privacy Statement supersedes and controls over any other similar statement or policy found on our websites.
If you have any questions or comments about this Privacy Statement, please contact us by emailing us at [email protected] or by writing to us at:
818 SW 3rd Ave, #353
Portland, OR 97204