At InsideUp, we are creating a dynamic online community where you can search for business services, review vendor ratings, and get candid and honest feedback on vendor services. Registered members (“members”) can rate vendors, provide references, and answer questions from other members. To insure accuracy, we allow business vendors to flag ratings and references that may not come from actual customers.
The processing of personal data, such as, but not limited to, the name, address, e-mail address, or telephone number of a data subject will always be in line with the:
- General Data Protection Regulation (GDPR), applicable to a citizen of the European Union (EU), regardless of where they reside,
- Privacy Act U.S.C. 552a (Privacy Act of USA),
- California Consumer Privacy Act (CCPA) – for more detail, see CCPA Information
- Any other country-specific data protection regulations applicable.
By means of this data protection declaration, our company would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects (including members) are informed, by means of this data protection declaration, of the rights to which they are entitled.
- What Personal Data we collect and why we collect it
- How we use Personal Data
- Who we share Personal Data with
- The choices we offer, including how to access, update, and remove Personal Data
As controller and processor, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website and application. However, internet-based data transmissions may, in principle, have security gaps occasionally, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
In your relationship with us through the website, the controller, for the purposes of the General Data Protection Regulation (GDPR), and other data protection laws applicable in Member states of the European Union and other provisions related to data protection, is:
- 8880 Rio San Diego Drive, Suite 800
- San Diego, CA 92108
- Data Protection Officer: Robert Sanchez, firstname.lastname@example.org
- +1 (800) 417-9210
To protect your privacy, InsideUp has instituted a number of policies that give you information and control:
- We provide a link to this privacy statement on all pages that ask for personal information.
- We will not store or release personal identifying information about you without first obtaining your consent.
- We will not knowingly collect or use personal identifying information from children younger than 13.
This privacy statement discloses our practices for the gathering and use of information from visitors to our own websites and from people who register for services that we offer online.
By using our sites, you signify your agreement to the privacy polices described above. If you do not agree with our privacy policies, please do not use our website(s) (“sites”). If we make any substantial changes to the way we use your personal information, we will notify you by posting a prominent announcement on our pages or we will email you if you are a member.
– Website Visitor
You are a “Website Visitor” by definition when you visit our website (www.insideup.com) and any subdomains associated with our principal domain (*.insideup.com). As a website visitor, we use your information for our own purposes. Primarily for improving the use of our website and to provide you with a more relevant browsing experience.
– Phone Visitor
You are a “Phone User” by definition if you call any member of our team, including Business Development, Sales, or Partner Development for any purpose.
Our data protection policy should be legible and understandable for the general public, as well as for our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
– Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
– Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
– Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
– Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
– Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
What Personal Data we collect and how do we collect it
All Personal Data that is collected through the use of the InsideUp website is stored in the United States of America.
Upon acquisition of our services, we will ask for your full name and a valid e-mail address, which will be included in our emailing list, for future updates, and eventual marketing promotions. In this Section we have set out:
- the general categories of personal data that we may process.
- in the case of personal data that we did not obtain directly from our customers, the source and specific categories of that data;
- the purposes for which we may process personal data.
- the legal bases of the processing.
We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analyzing the use of the website and services.
We may process your member data (“member data”). If you contact us by email, complete our registration forms, surveys, or entry forms, register for our community services, subscribe to our newsletters, or participate in one of our contests or sweepstakes, we will ask you for certain information. The member data may include the following data elements:
Your Email Address
Company Telephone Number
Company Mailing Address
Company Zip Code
Company Email Address
Company Website Address
Company Website Description
Company Website Primary Language
Professional Contacts Within Your Company
We may also collect general information about your company so that we can better match your needs with our vendor database. The member data may be processed for the purposes of providing our services, updates, promotions, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
We may process information contained in any inquiry you submit to us regarding goods and/or services (“inquiry data”). The inquiry data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
We may process information relating to our advertiser relationships, including customer contact information (“advertiser data”). The advertiser relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you or your employer. We may also ask for your credit card number in order to process a transaction. The advertiser data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
We may process information relating to our partner relationships, including partner contact information (“partner data”). The partner relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you or your employer. The partner data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our services (“transaction data”). The transaction data may include your contact details, and the transaction details. The transaction data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
We may process information contained in or relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
“Anonymous” Information: The InsideUp website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files, and it is collected regardless of your use case: Website Visitor or Phone User.
Collected data may include:
- the ISP
- the operating system used by the accessing system
- the website from which an accessing system reaches our website (so-called referrers)
- the sub-website
- the date and time of access to the website
- an Internet Protocol address (IP address)
- screen Resolution
- local Preferences
- web page visited before you came to our website
- information you search for on our website
- date and time stamps associated with transactions
- system configuration information and other interactions with the website.
- call recordings – you will be notified whether the call is being recorded at the start of every call to us.
- call log – including the phone number, time and date, and length of the call.
- social networking information (if we are provided with access to your account on social network connection services)
- any further personal data contained in any files that you upload (“Files”) to our website.
- any other similar data and information that may be used in the event of attacks on our information technology systems.
- When using these general data elements, InsideUp does not draw any conclusions about the data subject. Rather, this information is needed to:
- deliver the content of our website correctly
- optimize the content of our website as well as its advertisement
- ensure the long-term viability of our information technology systems and website technology
- provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack
In addition to the specific purposes for which we may process your personal data set out in this Section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please do not supply any other person’s personal data to us, unless we prompt you to do so.
Once you have left your affiliated organization (as determined by the viability of your work-related email address) and cease to be a member for our own purposes, then we are a “data controller” for the purposes of the Data Protection Legislation. We regularly (monthly, or more frequently) purge our data base of records associated with a non-operational email address or phone number. Also, it is our policy to not capture (or regularly eliminate if found) any personally identifiable email address (one that does not include a work-related domain name). What Type of Personal Information Do We Collect and Use?
How Do We Use Personal Information?
We will use the received data to help you easily obtain assistance on your problems, after the acquisition of our services; to provide you with personalized content and information, including online listings or other forms of direct marketing; to offer, improve, test and monitor the effectiveness of our services; to develop and test new products and functions; to monitor metrics such as total visitor numbers, traffic and demographic models; to diagnose or solve technological problems; and to automatically update the website. Registration information submitted on our website is used by us for the purpose for which it was submitted and may also be used by InsideUp to make your visits to our website easy and productive.
We do not rent or sell your information to third parties outside of InsideUp without your consent, unless otherwise provided on the basis of statutory provisions. We may share your information, as well as information from tools such as cookies or similar, with third party organizations that help us provide you with the services, but only as far as is reasonably necessary.
We may share your data as deemed appropriate and in accordance with applicable laws and conditions. This sharing of your personal data includes where we act as a data processor on behalf of your organization as per the instructions and obligations in the agreement between us and your organization. We may share your personal data in the following manner:
Your personal data will be displayed on your profile page which may permit other individuals associated with your organization to access your personal information. If you use the community functions of the InsideUp website such as blogs, chat rooms, forums, message boards, wikis, vendor ratings and vendor references, you acknowledge and accept that your personal data shared via these services may be read, collected and used by other website users with access to them.
You must also be aware that any posts you make on the InsideUp website may remain despite the closing of your account.
With your expressed consent, we may share member information with advertisers wishing to contact you to provide their services. This will only be done when you have made a request to be contacted. We will not share your registration information unless you request to be contacted. We may also use personal information to allow us to charge advertisers and to contact members regarding changes to either InsideUp and/or advertiser services
-Other Service Providers, Business Partners and Third Parties:
Your personal data may also be shared with agents or third-party service providers acting on behalf of InsideUp. These third parties include but are not limited to professional advisers, telecommunication and internet service providers. Your personal information may be shared with these third parties where it is required for them to perform the services (for example, to validate credit card information) for which they have been contracted to undertake by InsideUp; however, they are not permitted to use your personal data for any other purpose.
-Legal Compliance and Law Enforcement:
We maintain the right to disclose files or data stored on the InsideUp platform or information we have collected about you through the use of our services when, in good faith, we believe doing so is reasonably required to comply with the law, regulatory requirements, enforced legal requests, or to protect InsideUp’s intellectual property. In the event your data is provided to a law enforcement agency as per the above, InsideUp will remove encryption from your files and data to enable access by Law Enforcement.
-Transference of Your Data:
-Non-private or Non-Personal data:
We maintain the right to disclose your non-private, collected or otherwise non-personal data, for example usage data of the InsideUp platform.
We maintain the right to share your personal data with our group companies.
In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We can access your information as well as store and share it in response to a request when the law requires us to do so. In addition, we may access your information, as well as store and share it, if we believe in good faith that this is necessary to: detect, prevent and manage fraud and other illegal activities; protect ourselves, you and other people, even in the context of any investigations; prevent events that could cause imminent physical damage or death.
If you want to delete or change the personal information that you have given us, you may do this by accessing the Edit Profile section of our website.
If You Contact Us
We use return email addresses to answer the email we receive at any of our sites, but such email addresses are not stored or used for any other purpose.
InsideUp may share aggregate statistical information gathered from the registration process with advertisers, business partners, sponsors, or other third parties, but none of them receive personally identifiable information that has been collected about you at our sites. For example, we may tell an advertiser that X number of visitors visited a certain area on a website or that Y number of men and Z number of women filled out registration forms, but we would not disclose anything that would personally identify those individuals. We share this information only on an aggregate, anonymous basis and never on an individual basis.
Our web pages using web analytics services contain electronic image requests (called a “single-pixel gif” or “web beacon” request) that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page, including an ad banner, can act as a web beacon. Web beacons are typically 1-by-1 pixel files, but their presence can usually be seen within your browser by clicking on “View” and then on “Source” on the Internet Explorer menu. We include web beacons in HTML-formatted newsletters that we send to opt-in subscribers in order to count how many newsletters have been read. Our web beacons do not collect, gather, monitor, or share any personal information about our website visitors; they are just the technique we use to compile our anonymous information about website usage.
We will take reasonable steps to ensure that personal information we have about you is accurate, complete and up to date when we use it. Generally, we rely on you to assist us in keeping your personal information accurate and up to date.
Data Security Information
Our sites have physical, electronic, and managerial security measures in place to protect the loss, misuse, and alteration of the information under our control. We take many measures to protect this information while it is stored:
We use Secure Socket Layer (SSL) connections with 128-bit encryption for certain transactions and confidential data. When you use a secure browser, all information you submit to us is transmitted to us over the Internet in an encrypted form. Every secure page has been secured with a digital certificate issued by a third party certification authority. This is shown via the “site certificate” that sits on all secure pages. To view this certificate, click on the image of the closed lock or the solid key on your browser.
We monitor system and application activity logs to identify any unusual activity from authorized or unauthorized individuals accessing our systems or making changes to stored information. We regularly perform preventative system maintenance and monitoring to ensure the security of our data systems.
Our servers are maintained in secure facilities. InsideUp network operations monitor our data center 24 hours per day, seven days per week.
All our employees sign confidentiality agreements and only our employees who need the information to perform their job are granted access to personally identifiable information or any other confidential data.
You do not need to set up a user id and password to use our websites because we do not require you to establish your identity when you visit our sites. However, if you have subscribed to some of our services or are a customer seeking access to your account information, then you will have to provide a username and password. We recommend you do not divulge your password to anyone. InsideUp will never ask you for your password in an unsolicited telephone call or email. You are responsible for the secrecy of your passwords.
Unfortunately, no data transmission over the Internet, or any wireless network, can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit, and you do so at your own risk. Once we receive your transmission, we make our best effort to ensure its security on our systems.
Access, Correction, and Deletion
We respect your privacy rights and provide you with reasonable access to the information we have collected about you and obtain a more in-depth explanation about how the information is used.
If you wish to access or amend any other personal information we hold about you, or to request that we delete any information about you that we have obtained through procuring our website and applications, you may contact us at email@example.com. Unless personal information is required to be retained by us for administrative or legal reasons, InsideUp will meet such requests at the earliest possible opportunity.
If you would like access to detailed personal information and such information is not immediately or easily accessible by us, we may charge an administrative fee for our costs in retrieving and supplying the information to you.
We comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying FTC regulations establish United States federal law that protects the privacy of children using the Internet. InsideUp does not knowingly collect contact information or any other type of personally identifiable information from children under 13. Our sites are not intended to solicit information of any kind from children under 13, and we have designed our sites to block our knowing acceptance of information from children under 13 wherever age-related information is requested.
It is possible that by fraud or deception we may receive information pertaining to children under 13. If we are notified of this, as soon as we verify the information, we will immediately delete the information. If you want to notify us of our receipt of information by children under 13, please do so by emailing us at firstname.lastname@example.org.
Edit Your Information
We may contact any registrant at any time regarding service-related problems or questions as well as changes to policies or terms of service, but we want you to have control of your personal information and the communications directed to you. Therefore, you can review, correct, change, or remove your personal registration information and elect not to receive future communications from us by selecting the appropriate link from the list below. You can also send us an email at email@example.com. To protect your privacy and security, we take reasonable steps to verify your identity before granting access or making changes.
Unsolicited E-mails Received by You
InsideUp does not send unsolicited emails to non-public addresses or to anyone who has asked us not to contact him or her. Any newsletters that we send are only sent to those who have subscribed to them. To stop receiving emails or newsletters from InsideUp, either click on an unsubscribe link on the email or newsletter itself or send a request to be unsubscribed to firstname.lastname@example.org.
Please be aware that if you opt-out of receiving emails from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Please note that you may still receive administrative messages from us regarding our Services.
Transfer of Data
Data Controller and Data Processor
In accordance with the regulations provided by the:
- Privacy Act U.S.C. 552a (Privacy Act of USA),
- the General Data Protection Regulation, aka GDPR, for European Union
- the Data Controller and Data Processor for InsideUp is the developer of the website. Data Processor is also any third party that receives collected personal data from us.
We do not believe in an intrusive collection of your personal details and will not collect information that is considered highly personal or highly sensitive about you without your prior consent.
Data Retention and Data Deletion
We only retain the personal information collected from a member for as long as the member’s email address is active on our mailing list, or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law.
In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the 2-year criteria, after your relationship with us ends.
Notwithstanding the other provisions of this Article, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: [the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed]. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is:
- that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us.
We are committed to providing our clients with a fair and responsive system for handling and resolving complaints concerning the handling of their personal information. You have a right to complain and to have your complaint handled efficiently if you are concerned about our handling of your personal information. We believe that in receiving your complaint, we are provided with a valuable opportunity to improve the services we deliver to you and maintain your confidence in our services.
If, at any time, you wish to lodge a complaint in respect of the handling, use or disclosure of your personal information by us, you may do so by contacting us directly.
We aim to investigate and advise you of the outcome of the complaint promptly.
If you are not satisfied with our handling of your complaint, you may contact the InsideUp Data Protection Officer, Robert Sanchez, at:
8880 Rio San Diego Drive, Suite 800
San Diego, CA 92108
We may update this policy from time to time by publishing a new version on our website and applications.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of significant changes to this policy by email or through the private messaging system within our service system.
How to Contact us
8880 Rio San Diego Drive, Suite 800
San Diego, CA 92108
+1 (800) 417-9210