GDPR Privacy Statement
Birdeye has received independent third party verification that it complies with the directives of GDPR. For more details, please contact email@example.com.
The GDPR requires us to provide certain information to you about your personal data, which we refer to in this notice as your personal information.
Purposes of the processing
Lawful basis for the processing
Generally, we process personal information provided by visitors through our website or users of our Services (as that term is defined in our Terms and Conditions) or other interactions with us on the basis of our legitimate interests in conducting our business as an online reputation management company. Where we ask for your consent, we process personal information on the basis of that consent.
We may also process personal information on other bases permitted by the GDPR and applicable laws, such as when the processing is necessary for us to comply with our legal obligations.
You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority.
Categories of personal information
The categories of personal information that we process are described in our general Privacy Notice but generally include your name, your email address and your phone number.
Recipients of your personal information
Information regarding the transfers of personal data outside of the European Economic Area (EEA)
Birdeye’s main offices are based in the USA and that’s where we process personal information collected through our website or the Services. When you provide personal information to us, we request your consent to transfer that personal information to the USA. At this time, the USA does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information. Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this GDPR Privacy Statement. We take all appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our website or Services. We also enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this Privacy Statement.
We have also incorporated the European Commission’s Standard Contractual Clauses (or “SCCs”) into applicable agreements to ensure compliance with GDPR’s data transfer requirements between the US and the EEA, UK and Switzerland.
Retention period for personal information
How long we retain personal information varies according to the type of information in question and the purpose for which it is used. We delete personal information within a reasonable period after we no longer need to use it for the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose). This does not affect your right to request that we delete your personal data before the end of its retention period. We may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.
Security Policies and Procedures to Ensure GDPR Compliance
We have developed, implemented and maintain data security policies and procedures to provide the highest level of data security possible including but not limited to:
- A range of encryption or related technologies to protect data in transmission and at rest.
- A comprehensive Data Security Policy to support its ongoing focus to protect the security of all data.
- A comprehensive Business Continuity Plan in the event of physical or technological incidents that might otherwise impact the security of data in our system.
- A program for testing its policies and procedures to maintain security.
Your data subject access rights
Absence of statutory or contractual requirement or other obligation to provide any personal data
Users of our website or Services are under no statutory or contractual requirement or other obligation to provide personal information to us, but it will not be possible to receive communications from us or register for our events without doing so.
Under the General Data Protection Regulation (GDPR), Europe residents have the rights to make the following requests:
Request Access to Your Personal Information
You have a right to access and review the personal information we have collected from or about you. Upon your request, we will provide you with a summary of all such personal information that we have. We understand that this request is important to you so we will respond to your request as soon as possible and will notify you via email if we need additional time.
Request Restrictions on Your Personal Information
By making this request, we will ensure that your personal information is not sold to any other person or entity.
Request the Deletion of Your Personal Information
Upon your request, we will delete the personal information we have received from or obtained about you. We complete your deletion as soon as possible and will email you if we need more information. You should be aware that we will not delete the information received from or about you which is not covered by the General Data Protection Regulation (GDPR).