Last Updated: August 28, 2023
This Privacy Policy describes how SteepRock, Inc. (“SteepRock,” “we,” “our,” or “us”) collects, uses, and shares information about you while informing you about your rights and choices regarding this use and sharing. This Privacy Policy applies to your use of any of our public websites that post a link to this Privacy Policy and all features, content, and other services that we own, control, and make available through our public-facing websites (collectively, the “Website”). This Privacy Policy does not apply to our information collection activities outside of the Website (unless otherwise stated below or at the time of collection). We will not knowingly share any Information we collect with others in ways different from what is disclosed in this Privacy Policy.
By using our Website, you agree to our Terms of Use and accept our collection, use and disclosure practices as well as other activities as described in this Privacy Policy. If you do not agree and consent, please discontinue your use of the Website.
The following explains what we do with the Information we collect from you, and the choices you have concerning the collection and use of such Information.
We collect information you provide directly via the Website, such as when you access our content, participate in a survey, fill out a form, or communicate with us. We may use Service Providers (defined below) to help us collect this information.
The information we collect includes information that identifies you personally (whether alone or in combination). Some examples of information we collect include the following:
You may choose to voluntarily submit other information to us through the Website that we do not request, and, in such instances, you are solely responsible for such information.
We automatically collect information about your device and how your device interacts with our website. We may use Service Providers to collect this information. Some examples of information we collect include the following:
We do not link Website Use Data or Device Connectivity and Configuration Data to any other personal data that you enter into our website, so to the extent that we have such data, we do not associate it with other information you enter.
For further information on Tracking Technologies and your rights and choices regarding them, see the sections entitled “Third Parties” and “Your Rights and Choices” below.
We provide products and services for our clients and collect and process information about individuals at the direction of our clients (“Client Data”). Client Data may include contact data, demographic data, content, service use data, device connectivity and configuration data, and location data, among other information. Our processing of Client Data is governed by the terms of our service agreements with our clients, and this Privacy Policy.
For further information on your rights and choices regarding Client Data, see the section entitled “Your Rights and Choices” below.
We also may obtain information about you from other third-party sources. These third-party sources may include, for example:
For further information on Third Party Services, see the section entitled “Third Parties” below
We may use information about you to:
We also use information about you with your consent to the extent required by law, including to:
Some of our lawful bases for processing your information stem from our clients on whose behalf we provide services.
We share information about you as follows:
Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see the section entitled “Your Rights and Choices” below.
Our website may also contain content from and hyperlinks to websites, locations, platforms, social media features such as Twitter and YouTube feeds, interactive mini-programs such as those provided by Google Maps and services operated and owned by third parties (“Third Party Services”). As stated in our Terms of Use, we are not responsible or liable whatsoever, financially or otherwise, for the privacy practices of any other party whether or not their link and/or content appears on the Website. This Privacy Policy applies solely to information collected by us on this Website. We may also be required to disclose Information when required by law or in the good-faith belief that such action is necessary in order to conform to the edicts of the law or comply with a legal process served on our website. Third Party Services may use Tracking Technologies to independently collect information about you and may solicit information from you. The information collected and stored by third parties, whether through our Website, a Third-Party Service, a Third-Party Feature (defined below), or a third party device, remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage all Visitors and Visitor Participants to carefully read the privacy statements of each and every website that is connected to this Website if it collects any information from you.
You have the following rights and choices related to the review and update of account information. You may access, update, or remove certain information that you have voluntarily submitted to us through the Website by sending an e-mail to the e-mail address set forth in the section entitled “Contact Us” below.
We may require additional information from you to allow us to confirm your identity. Please note that we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. California residents and data subjects in Europe have additional rights as set forth in the sections entitled “Your California Privacy Rights” and “Privacy Rights of Residents of the European Union, United Kingdom, and Switzerland” below.
Please be aware that if you disable or remove Tracking Technologies some parts of the Website may not function correctly.
You can opt-out of your data being used by Google Analytics through cookies by visiting https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.
You can opt-out of receiving promotional e-mails from us at any time by following the instructions as provided in e-mails to click on the unsubscribe link or e-mailing us at the e-mail address set forth in the section entitled “Contact Us” below with the word UNSUBSCRIBE in the subject field of the e-mail. Please note that you cannot opt-out of non-promotional e-mails, such as those about your account, transactions, servicing, or SteepRock’s ongoing business relations, without terminating your use of our services.
Please note that your opt-out is limited to the e-mail address, device, and phone number used and will not affect subsequent subscriptions.
Any California residents under the age of eighteen (18) who have registered to use the Website and posted content or information on the Website, can request that such information be removed from the Website by sending an e-mail to the e-mail address set forth in the section entitled “Contact Us” below. Requests must state that the user personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view.
To the extent our clients are subject to the California Consumer Privacy Act, we act as a data processor and process personal data collected for such clients, and any related communications from data subjects, pursuant to our clients' instructions. California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.
Any California residents under the age of eighteen (18) who have registered to use the Website and posted content or information on the Website, can request that such information be removed from the Website by sending an e-mail to the e-mail address set forth in the section entitled “Contact Us” below. Requests must state that the user personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view.
We comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (together the “DPF”) as set forth by the U.S. Department of Commerce. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov. The official list of Data Privacy Framework participants can be found at https://www.dataprivacyframework.gov/s/participant-search.
We have certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. We have also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
EU, UK, and Swiss data protection law makes a distinction between organizations that process personal data for their own purposes (known as “data controllers”) and organizations that process personal data on behalf of other organizations (known as “data processors”). With regard to your personal data, we are a data controller of information that we collect when you enter your information into the “Contact Us” section of the Website and with respect to any Website Use Data or Device Connectivity and Configuration Data considered to be personal data under the law. Otherwise, we generally serve as a data processor with respect to the personal data we collect through the Website and otherwise on behalf of our clients. For example, SteepRock provides public-facing websites for our clients through which you may enter personal data in order to participate in surveys, grants or projects conducted by our clients.
Accessing your personal data If you are a data subject in the European Union, United Kingdom, or Switzerland, you have the right to access, rectify, or erase any personal data we have collected about you through the Website. You also have the right to data portability and the right to object to our processing of personal data. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
To exercise any of these rights with respect to personal data collected by us as a data controller, contact us as set forth in the section entitled “Contact Us” below and specify which right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
SteepRock acknowledges that you have rights in connection with Client Data. If your information has been processed by SteepRock on behalf of a client and you wish to exercise any rights you have with such information, please inquire with our client directly. If you wish to make your request directly to SteepRock, please provide the name of the SteepRock client on whose behalf we processed your information. We will refer your request to that client and will work with them to ensure that your request is processed as required by applicable law Additional information is available on the privacy policy page on the applicable client's website for information about their specific privacy practices. In order to avoid any delays in processing a request, any questions that you may have related to personal data processed by such clients and your rights under data protection law should be directed to the client (the data controller) rather than to SteepRock.
The Federal Trade Commission has jurisdiction over SteepRock’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, SteepRock commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
Binding Arbitration: Under certain circumstances you may exercise your option to enter into binding arbitration to determine if we have violated our obligations under this DPF Principles and whether such violation has been fully or partially remediated. Eligibility for arbitration and the arbitration procedures are described in the Data Privacy Framework Annex I: Arbitral Model available at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Liability: SteepRock, when transferring data to third parties as a data controller, remains liable under the DPF Principles if such data is processed in a manner inconsistent with the DPF Principles.
Protecting the privacy of minors is especially important to us. For that reason, no part of our website is structured to attract and we never knowingly collect or maintain information at our website from any Visitor that we have actual knowledge is a minor under thirteen (13) years of age. We do not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe SteepRock has collected such information in a manner not permitted by COPPA, please contact us as set forth in the section entitled “Contact Us” below, and we will remove such data to the extent required by COPPA.
We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect your information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information.
We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Website from outside of the U.S., please be aware that information collected through the Website may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. To the extent permitted by law, your use of the Website or provision of any information to us constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information in the U.S. and other jurisdictions as set forth in this Privacy Policy. If your data is collected in Europe, we will transfer your personal data subject to appropriate or suitable safeguards.
If changes to this Privacy Policy become necessary, they will be posted on this page and on our website so all Visitors and Visitor Participants will be aware of them. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our website indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your e-mail address.
If you have any questions, complaints, or a dispute on the handling of your personal information or about SteepRock’s Privacy Policy or this website Privacy Policy or the practices described herein, you may contact our Privacy Officer by phone at: +1-718-576-1406 (ask for the Privacy Officer) or via the Internet at: http://www.steeprockinc.com, or by registered or certified mail to:
SteepRock, Inc.
c/o Adria Stapleton, Privacy Officer
67 Lower Church Hill Rd
Washington, CT 06794
Your use of this Website is subject to SteepRock’s Terms of Use.