Welcome to the website (the “Site”) of Columbia Gateway (“Company”, “we”, “us” and/or “our”). This Site is operated by Company and has been created to provide information about our company, software and services provided by the Company (the “Company Services”) to our Site visitors and customers (“you”, “your”). This privacy policy (“Privacy Policy”) sets out how Company uses and protects any personal information (“Personal Data”) that you provide to us collected through your use of the Site and/or Company Services.
Columbia Gateway is the controller of your Personal Data collected through your use of our Site pursuant to the EU General Data Protection Regulation 2016/679, as applicable. Please note that to the extent you are providing Personal Data via the mobile application (“App”) in connection with your occupation or use of a building in which you live or work we process this data on behalf of our customers who are building owners (“Customer Data”). We are a processor when we process Customer Data, and this Privacy Policy does not govern how we process such data.
Please read this Privacy Policy to understand how Company may process your Personal Data via your use of our Site and/or Company Services.
- Information We Collect:
When you interact with us through the Site and use Company Services, we may collect Personal Data and other information from you, as further described below:
- Personal Data That You Provide: We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries, respond to one of our surveys, register for access to the Company Services or use certain Company Services. Wherever Company collects Personal Data we make an effort to provide a link to this Privacy Policy.
- Location Data: Some features and functionality in our Company Services require that you provide your location. If you have location services turned on, whenever you use such Company Services on your mobile device, we collect and use your geocoordinates (e.g. latitude and longitude) to tailor the Company Services to your current location. We will only process your location with your express permission. If you have persistent background location turned on, we will obtain your device’s location even if you are not using the Company Services on your mobile device. Your location is never shared with others, except with your consent or as permitted under this Privacy Policy. We use various technologies to determine your precise location, such as the location services of your operating system or browser, sensor data from your device (e.g. magnetometer, barometer, gyroscopes, accelerometers, compasses, Bluetooth data, beacon data, Wi-Fi access points, GPS data, and cell tower data), and other data that may help us understand your precise location.If you have opted-in to sharing your background location with us as part of using the Company Services, you may remove your permission at any time by going into your operating device settings and toggling off background sharing.
- Interaction with our Site: When you interact with Company through the Site, we receive and store certain Personal Data. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. Company may store such information itself or such information may be included in databases owned and maintained by Company affiliates, agents or service providers. This Site may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors’ Internet service providers. It is important to note that no Personal Data is available or used in this process. For further details please see the section on “Cookies” below.
- Setting up an account via the App: when you download our App and set up an account direct with us, we will collect certain Personal Data from you such as your username and password. For all other Personal Data collected via the App, this will be collected on behalf of the owner of your building who is our customer (“Customer Data”). We are a processor for Customer Data and this Privacy Policy does not govern how we process any Customer Data.
- Aggregated Personal Data: In an ongoing effort to better understand and serve the users of the Company Services, Company often conducts research on its customer and user demographics, interests and behavior based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and Company may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. Company may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
- Our Use of Your Personal Data and Other Information:
We process the Personal Data you provide to us to enable us to perform the contract we are about to enter into or have entered into with you, to ensure compliance with local legal and regulatory requirements and for the purposes of our legitimate business interests, including:
- to enable us to carry out our obligations arising from any contracts and to provide you with the information, products and services that you request from us;
- to enable us to respond to an enquiry or other request you make when you contact us via our Site or mobile application, including for customer services support;
- to notify you about any changes to Company Services;
- to enable us to issue a notice or corrective action to you in relation to any of the Company Services, if required;
- to help us improve the content and functionality of the Site and Company Services, and to better understand how you use our Services;
- to provide you with information about other services which we believe will be of interest to you similar to those that you have already purchased or enquired about, as described in the “Marketing” section below.
If Company intends on using any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the Personal Data is collected.
- Cookies
(a) Our Use of Cookies
In operating this Site, we may use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our Site gives to your browser when you access the Site. [We use various types of cookies, including session cookies, persistent cookies, local shared objects, pixels, gifs and other tracking technologies, session and persistent technologies, first and third-party cookies. Cookies can be persistent by remaining on your computer until you delete them or be based on your browsing session where they delete once you close your browser. First party cookies are used and controlled by us to provide services on our Site.]
Our use of cookies fall into two categories:
- Strictly necessary cookies: these are essential in order to enable you to move around our Site and use its features. Without these cookies, the services you have asked for cannot be provided.
- Performance cookies: also known as “analytical” cookies. These cookies allow us to recognize and count the number of visitors and to see how visitors move around our site. For example, they allow us to understand which pages are visited most often, and if they get error messages from web pages. All information collected by these cookies is aggregated and therefore anonymous.
Strictly necessary cookies are necessary to provide the Site to you. We use such cookies without your prior consent. All other cookies are dropped after you have consented via a cookie banner.
We may change our use of cookies over time, but our use of cookies will generally fall into the above categories. Please visit this page regularly so that you are aware of any changes.
(b) Opting out of Cookies
You have the ability to accept or decline cookies. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Detailed instructions are provided by your browser. If you do not accept all cookies or withdraw your consent, you may still browse the Site; however, in this case you may not be able to use the full functionalities of the Site.
For more information on cookies and how they can be managed and deleted please visit http://www.allaboutcookies.org/ or http://www.networkadvertising.org/choices/.
- Marketing
Company and its subsidiaries and affiliates (the “Company Related Companies”) may also use your Personal Data to contact you in the future to tell you about services we believe will be of interest to you.
If we do so, each communication we send you will contain instructions permitting you to “opt-out” of receiving future communications. In addition, if at any time you wish not to receive any future communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below.
- Our Disclosure of Your Personal Data and Other Information
Company is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:
- Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.
- Related Companies: We may also share your Personal Data with our Company Related Companies for purposes consistent with this Privacy Policy.
- Agents, Consultants and Related Third Parties: Company, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include hosting our Company Services, mailing information, maintaining databases and processing payments. When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
- Legal Requirements: Company may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Company, (iii) act in urgent circumstances to protect the personal safety of users of the Site or the public, or (iv) protect against legal liability.
- Storing your Personal Data
Your Personal Data collected via our Site and through our Company Services will be stored on servers located in the United States. This includes by individuals or service providers engaged in, among other things, administration of an enquiry or request you make via our Site, or the provision of support services.
For individuals based in the European Economic Area (“EEA”): we rely on our EU-U.S. and Swiss-U.S. Privacy Shield certification to transfer Personal Data that we receive from the EU and Switzerland to Company in the U.S. (for more information, please read the “Privacy Shield” section below).
- Privacy Shield
Columbia Gateway complies with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (“Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of Personal Data transferred from the EU and Switzerland to the U.S. (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway). Company has certified that it adheres to the Privacy Shield Principles (described below). If there is any conflict between the policies in this Privacy Policy and the EU or Swiss Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Frameworks and to view our certification page, please visit https://www.privacyshield.gov/.
General. We rely on our Privacy Shield certification to transfer Personal Data that we receive from the EU and Switzerland to Columbia Gateway in the U.S. and Switzerland to Company in the U.S. and we process such Personal Data in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles”), as described below. We commit to treat personal data transfers from the United Kingdom to Columbia Gateway in the U.S. subject to our Privacy Shield certification.
- Notice and Choice. This Privacy Policy provides notice of the Personal Data collected and transferred under the Privacy Shield and the choice that you have with respect to such Personal Data. It also provides information about other Privacy Shield Principles that are set forth below.
- Accountability for Onward Transfers. We may be accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third-party service providers (described in the section “How We Share and Disclose Personal Data” above). If such service providers process Personal Data in a manner inconsistent with the Privacy Shield Principles, we are responsible for the harm caused.
- Security. We maintain security measures to protect Personal Data as described in the “Security” section of this Privacy Policy.
- Data Integrity and Purpose Limitation. We take reasonable steps to ensure that Personal Data is reliable for its intended use, and that it is accurate, complete and current for as long as we retain it. Our data retention practices are described in the “Data Retention” section of this Privacy Policy.
- Access. EU users have certain rights to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. Please see the “Your Rights” section above for more information on the rights of users in the EU (and, to the extent applicable, users in Switzerland).
- Recourse, Enforcement, Liability. In compliance with the Privacy Shield Principles, Company commits to resolve complaints about our processing of your Personal Data. EU and Swiss users with inquiries or complaints regarding this Privacy Shield Policy should first contact Company at: [email protected].
We have further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution (free of charge) at https://feedback-form.truste.com/watchdog/request.
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Frameworks.
To learn more about our processing activities, please see our records https://www.hqo.co/record-of-processing-activities/
- Data Retention
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- Exclusions
This Privacy Policy does not apply to any Personal Data collected by Company other than Personal Data collected through the Site or the Company Services. This Privacy Policy will not apply to any unsolicited information you provide to Company through this Site or through any other means. This includes, but is not limited to, information posted to any public areas of the Site, such as bulletin boards (collectively, “Public Areas”), any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information will be deemed to be non-confidential and Company will be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.
- Children
Company does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data through the Site. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on this Site without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to Company through this Site, please contact us, and we will endeavor to delete that information from our databases.
- Links to Other Web Sites
This Privacy Policy applies only to the Site and the Company Services. This Site and the Company Services may contain links to other web sites not operated or controlled by Company (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from this Site do not imply that Company endorses or has reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.
- Our policy on Do Not Track Signals
We may (and we may allow third party service providers to) use cookies or similar technologies to collect information about your browsing activities over time and across different websites following your use of our Site and Products. Our Site and Products currently do not respond to “Do Not Track” (DNT) signals and operate as described in this Privacy Policy whether or not a DNT signal is received. If we do so in the future, we will describe how we do so in this Privacy Policy.
- Security
Company takes reasonable steps to protect the Personal Data provided via the Site and Company Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from this Site may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Data to Company.
- Other Terms and Conditions
Your access to and use of this Site is subject to the Terms of Use.
- Changes to Company’s Privacy Policy
The Site and our business may change from time to time. As a result, at times it may be necessary for Company to make changes to this Privacy Policy. Company reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any Personal Data. This Privacy Policy was last updated on the date indicated above. Your continued use of the Site after any changes or revisions to this Privacy Policy will indicate your agreement with the terms of such revised Privacy Policy.
- Your Rights
To keep your Personal Data accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct Personal Data in our possession that you have previously submitted via this Site.
For individuals based in the EEA: You may have the right to: request (a) access the to your Personal Data we hold about you; (b) request we correct any inaccurate Personal Data we hold about you; (c) request we delete any Personal Data we hold about you; (d) restrict the processing of Personal Data we hold about you; (e) object to the processing of Personal Data we hold about you; and/or (f) receive any Personal Data we hold about you in a structured and commonly used machine-readable format or have such Personal Data transmitted to another company.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing information requested to you. We will process any request in line with any local laws and our policies and procedures. If you are located in the EEA, you have the right to lodge a complaint about how we process your personal information with the supervisory authority in your country.
If you wish to exercise any of your rights, please contact us using the information provide in the “Contact Us” section below.
- Your California Privacy Rights
Applicable California privacy legislation permits visitors who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request to access such information, please contact us as follows: email to [email protected]. Within thirty (30) days of receiving such a request, we will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address specified in this paragraph.
- Contact Us
If you have any questions about Columbia Gateway’s Privacy Policy or the information practices of the Company Services, please email [email protected] or [email protected]. When you contact us or our EU data protection representative, we will do our best to address any concerns you may have about our processing of your Personal Data.