Privacy Policy
Effective November 19, 2024
Concourse Hosting (“Concourse.” “we,” “us,” “our”) complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Concourse has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Concourse has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
With respect to personal data received or transferred pursuant to the Data Privacy Framework, Concourse is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
SCOPE
Concourse commits to comply with the Principles with respect to the Personal Data the company receives from its Customers or their Users in the EEA, the United Kingdom and Switzerland in connection with the use of Concourse’s hosting operations (the “Hosting Service”) and related support services (“Support Services”) that we provide to Customers.
DEFINITIONS
For the purposes of this Privacy Policy:
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Customer” means any entity that purchases the Service.
“Customer Data” means the electronic data uploaded into the Hosting Service by or for a Customer or its Users.
“Personal Data” means any information, including Sensitive Data, that is (i) about an identified or identifiable individual and (ii) received by Concourse in the U.S. from the EEA, the United Kingdom, or Switzerland in connection with the Service.
“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“Service” means collectively the Hosting Service and Support Services provided by Concourse.
“User” means an individual authorized by Customer to access and use the Service.
TYPES OF PERSONAL DATA COLLECTED
Concourse hosts and processes Customer Data, including any Personal Data regarding donations and/or solicitation of donations to organizations contained therein, at the direction of and pursuant to the instructions of Concourse’s Customers. This data may contain name and contact information. Concourse also collects several types of information from our Customers, including:
- Information and correspondence our Customers and Users submit to us in connection with Support Services or other requests related to our Service.
- Information we receive from our business partners in connection with our Customers’ and Users’ use of the Service or in connection with services provided by our business partners on their behalf, including configuration of the Hosting Service.
- Information related to Users’ use of the Hosting Service, including geographic location data and information regarding Users’ OS identification, web browser, IP address, login credentials, language and time zone.
- In addition, Concourse collects general information about its Customers, including a Customer’s company name and address, and the Customer representative’s contact information (“General Information”) for billing and contracting purposes.
PURPOSES OF COLLECTION AND USE
Concourse may use Personal Data submitted by our Customers and Users as necessary to provide the Service, including updating, enhancing, securing and maintaining the Hosting Service and to carry out Concourse’s contractual obligations to its Customers. Concourse also obtains General Information in connection with providing the Service and maintaining Concourse’s relationships with its Customers.
THIRD PARTY DISCLOSURES
Concourse may disclose Personal Data that our Customers and Users provide to our Service:
- To our subsidiaries and affiliates;
- To contractors, business partners and service providers we use to support our Service, such as security audits and colocation providers;
- In the event Concourse sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation), in which case Personal Data held by us about our Customers will be among the assets transferred to the buyer or acquirer;
- If required to do so by law or legal process;
- In response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements
ACCESS
Individuals in the EEA, the United Kingdom, and Switzerland have the right to access their Personal Data. As an agent processing Personal Data on behalf of its Customers, Concourse does not own or control the Personal Data that it processes on behalf of its Customers or their Users and does not have a direct relationship with the Users whose Personal Data may be processed in connection with providing the Service. Since each Customer is in control of what information, including any Personal Data, it collects from its Users, how that information is used and disclosed, and how that information can be changed, Users should contact the applicable Customer administrator with any inquiries about how to access or correct Personal Data contained in Customer Data. To the extent a User makes an access or correction request to Concourse, we will refer the request to the appropriate Concourse Customer and will support such Customer as needed in responding to any request.
To access or correct any General Information Customer has provided, the Customer should contact their Concourse account representative directly or by using the contact information indicated below.
·
CHOICE
In accordance with the Principles, Concourse will offer Customers and Users choice to the extent it (i) discloses their Personal Data to third party Controllers, or (ii) uses their Personal Data for a purpose that is materially different from the purposes for which the Personal Data was originally collected or subsequently authorized by the Customer or User. To the extent required by the Principles, Concourse also will obtain opt in consent if it engages in certain uses or disclosures of Sensitive Data. Unless Concourse offers Customers and Users an appropriate choice, Concourse uses Personal Data only for purposes that are materially the same as those indicated in this Policy.
Concourse may disclose Personal Data of Customers and Users without offering an opportunity to opt out, and may be required to disclose the Personal Data, (i) to third party Processors that Concourse has retained to perform services on its behalf and pursuant to its instructions, (ii) if it is required to do so by law or legal process, or (iii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. Concourse also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).
Customers may opt out of receiving marketing and/or informational emails, by following the ‘unsubscribe’ instructions provided at the bottom of emails.
LIABILITY FOR ONWARD TRANSFERS
Concourse’s accountability for personal data that it receives in the United States under the Data Privacy Framework and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Concourse remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Concourse proves that it is not responsible for the event giving rise to the damage.
DISPUTE RESOLUTION
In compliance with the EU-US Data Privacy Framework Principles and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and to the rights of EU and UK individuals and Swiss individuals. Concourse commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact support@concoursehost.com
Concourse has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
The mediator may propose any appropriate remedy, such as deletion of the relevant Personal Data, publicity for findings of non compliance, payment of compensation for losses incurred as a result of non compliance, or cessation of processing of Personal Data of the Customer or User who brought the complaint. The mediator, or the Customer or User, also may refer the matter to the U.S. Federal Trade Commission, which has Data Privacy Framework investigatory and enforcement powers over Concourse.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
HOW TO CONTACT CONCOURSE
To ask questions or comment about this Data Privacy Framework Policy and our privacy practices or if you need to update, change or remove your information, contact us at: support@concoursehost.com.
Concourse Hosting
Attn: Privacy
3400 188th St. SW Ste 590
Lynnwood, WA 98037
800-994-1799