Effective May 24th 2018
Data Collected and Received by SDC.com
Definition of Information Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Identification Information
We may collect personally identification information from Users in a variety of ways, including, but not limited to, when Users visit our Sites, register on the Sites, and in connection with other activities, Services, features or resources we make available on our Sites. Users may be asked for, as appropriate, name, email address, billing information. We will collect personal identification information from Users only if they voluntarily submit such information to us, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Sites related activities. Real names and billing information are encrypted on SDC.com’s servers. We will never sell your personal information to third parties and we won’t use your name or company name in any marketing statements without obtaining your permission in writing.
Non Personal Identification Information
We may collect non-personal identification information about Users whenever they interact with our Sites and applications. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Sites, such as the operating system and the Internet service providers utilized and other similar information.
Services Metadata – when Users interact with our Services, metadata is generated to help provide additional context regarding how Users interact with our Sites.
Log Data – Our services will automatically collect information when Users and Site Administrators access or use our Sites or Services and records it in log files. Log data may include IP address (or a shortened version of it), previously visited web page addresses, browser type and settings, time and date when Services were used, browser configurations and plugins, language and cookie data. Device Information – SDC.com collect information about your computer, phone, tablet, or other devices you use to access our Services. This device information includes your connection type and settings when you install, access, update or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services. Location information - SDC.com will receive this information from Users during our Account Registration as well as from the Users devices should the ‘Location Services’ be turned on.
Personal information – SDC.com is a media and dating site as well as a community tool, therefore any User-generated data by use of our Services will be collected and stored by SDC.com. Collected data includes, but not limited to, data that Users post, send, receive or share. These include any files or links that User upload to our Services, including pictures and videos, public or private. It also includes all forms of personal information given by the User in their User profile. Personal data will only be accessible through authorized and limited Administrator accounts or Users designated account and can only be viewed, or altered, by Users belonging to such accounts. SDC.com will never share, sell, or exploit any Personal information unless specifically requested by the User through written consent. Any advertising targeted to the Users will be done in an anonymized manner. Users will also be able to request the log data of their account accesses to see what potential Administrator users accessed.
Web Browser Cookies
SDC.com uses "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
How SDC.com Uses Collected Data
Users are the primary Controllers of User Data. SDC.com is a processor of User Data and Controller of other certain data. SDC.com will never remove Users from SDC.com unless specifically instructed by the User or if the User transgresses the Terms of Service or the User failed to provide payment for SDC.com’s services (see Terms of Service for additional information).
SDC.com collects and uses Users personal information for the following purposes:
To personalize User experience and improve our Sites and applications.
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
We continually strive to improve our website offerings based on the information and feedback we receive from you.
Your information helps us to more effectively respond to your customer service requests and support needs.
To administer a content, promotion, survey or other Site feature, through explicit consent (see below for Consent Requirements).
To send Users information they agreed to receive about topics we think will be of interest to them, in the form of newsletters, alerts or other ‘push’ technologies.
We may also use your email address to deliver information that, in some cases, is targeted to your interests, such as banners and promotions, through explicit consent (see below for Consent Requirements).
We also send you periodic informational updates via email, through explicit consent (see below for Consent Requirements).
The email address Users provide will only be used to respond to their inquiries, and/or other requests or questions. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc, through explicit consent (see below for Consent Requirements). If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
As required by applicable law, legal process or regulation.
For Billing, account management and other administrative matters, accessed only by designated specific SDC billing managers.
For investigative and preventive measures against Site abuse. Accesses by SDC will be logged in the User log file and said log file can be requested and contested at any time.
We use information about Users when granted consent for a specific purpose not listed above. For example, we may publish testimonials or feature customer stories to educate, entertain, promote our Services. We will always ask for consent prior to posting any information for promotional or media purposes.
Sharing and Disclosure of Information
SDC.com will only disclose or share User information for the following purposes:
User’s Request: SDC.com will share all User Data based on User’s request and instructions (see below for more details).
Media Collaboration: Users can create content, which may contain information about themselves or other Users, and grant permission to others to see, share, edit, copy and download that content. Some of the collaboration features of the Services display some or all of your profile information to other Service Users when you share or interact with specific content. Similarly, when Users join a Service, your nickname, profile picture and other information will be displayed in a list for other site members so they can find and interact with you. This excludes any use and sharing of that information by other members to a third party.
Legal Compliance: If requested by legal Authority, SDC.com may disclose User information that we determine to be in accordance or required by any applicable law.
Enforcement: SDC.com also reserves the right to disclose User information to investigate, prevent, or take action against illegal activities, suspected fraud, or situations involving physical threat to any such persons.
Consent: SDC.com may share User information with other 3rd parties in instances when we have Users’ consent to do so.
One time consent is also required in the following individual scenarios (consent needs to be given only once per User account):
When the User builds a new profile
When the User logs in after May 25th
When the User changes some personal information on their profile
When the User will want to use the Email and Messenger capabilities
When the User will want to receive the SDC.com Newletter
When the User will want to receive the SDC.com Promotions
When the User will want to receive the SDC.com third party offers
When the User will want to share his content
Third Party Service Providers and Partners: SDC.com works with third-party service providers and partners to provide website and application strategy, product management, development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for SDC.com, which may require them to access or use User information. If a service provider needs to access information about Users to perform services on SDC.com’s behalf, they do so under instruction from SDC.com, including abiding by policies and procedures designed to protect User information. To SDC.com’s knowledge, our 3rd party Service Providers and Partners are in compliance with GDPR.
Amazon Web Services (servers and infrastructure) - GDPR info
Google Analytics (data collection) - does not contain personal information, but there may be provisions to strip the last digits of the Users IP address.
Operational Partners: SDC.com works with 3rd parties who provide billing, support technical services to deliver and implement solutions to our Users. SDC.com may share User information with these 3rd parties in connection with their services, such as to assist with billing cycles, to provide localized support, and to provide customizations work. SDC.com may also share information with these 3rd parties where Users have granted Consent to share any information, for example, technical or customer support services.
Links to 3rd Party Sites: SDC.com’s Services may include links that direct you to other websites or services whose privacy practices may differ from ours, like Content Providers. What you submit to these 3rd party sites are governed under their Privacy Policies and is not covered by SDC.com’s Privacy Policies.
The operations of SDC.com does require our employees to have access to systems which store and process User Data. This primarily serves the purpose of problem diagnostic or troubleshooting. For example, in order to diagnose a problem Users may have with SDC.com services, our Employees may need access to your User Data. All employees and affiliated subcontractors are prohibited from viewing User Data for any reasons unless absolutely necessary to do so.
If Users requires deletion of their data, we require Users delete their account. When Users delete their account or decide to no longer participate in the Services, the following is how data deletion will be treated: Majority data deletion will occur upon User consent. Complete data deletion will occur post 90 days. Please see “Data Retention” below for additional details regarding 90-days data retention.
Users, at any time, may request a deletion of their personal data. If such request is made, the account will be disactivated and will remain in backups and life-cycle we maintain to ensures we do not store data inside backups more than 90 days. Users may email firstname.lastname@example.org to request data deletion, cancel their User account or fill out the GDPR User Rights form on the site. If Users fail to make payment for any premium plans, SDC.com will remove all paid features and return Users to the Free / Trial Plan. Please see section 7.5 of our ToS for User inactivity under the Free Plan. If SDC.com deletes an account due to inactivity, the above scenarios will apply.
Information storage and security
SDC.com uses data hosting service providers in the United States to host collected information, and we use technical measures to secure all data. Despite the thorough security measures and safeguards that SDC.com implements to protect data, no security system is impenetrable and due to the inherent nature of the Internet, SDC.com cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. SDC.com has policies in place in case of such situation and will respond to requests about this within a reasonable timeframe. Please contact email@example.com for more information.
How long we keep information
How long we keep the information we collect about you depends on the type of information, as described in further detail below. After such time, we will make every effort to delete your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
User Account information: We retain User information until User delete their account(s), which then we will continue retaining the data for up to 90 days after account deletion. In particular: Email, Admin Notes, IPs, Access History, Payment History and Nickname. SDC.com maintains this practice due to the following reason:
In the event that User’s account has been compromised and purposely deleted. SDC.com will help maintain and restore data once the situation is rectified.
An account was mistakenly deleted by Users. In such an event, SDC.com will be able to restore data for Users.
Various data storage systems and backups have different lifecycle policies which are held for a maximum of 90 days. For example, our database backups are encrypted, incremental and full re-cycle in 30 days. It is impossible to erase User data inside encrypted incremental backups in real-time.
SDC.com may also retain some of the User data as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies any specific Users, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about any Users.
The information you share on the Services: If User’s account is deactivated or disabled, some of the User information and the content that Users have provided will remain in order to allow other members or other Users to make full use of the Services. For example, we continue to display comments and content you provided to forums. SDC.com will hold User data up to 90 days after account cancellation in case Users will renew again within that time frame.
Marketing and Promotional information: If Users have elected and provided consent to receive marketing and promotional emails from SDC.com, we retain information about Users' marketing preferences unless asked specifically to delete such information. SDC.com retains information derived from cookies and other tracking technologies for a reasonable and specific period of time from the date such information was created.
We take the security of your data very seriously at SDC.com. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security. Our security practices are published here (link to Security Practices Page)
SDC.com does not allow the use of our Services or Sites to anyone younger than legal age in the Users prospective state and country.
SDC.com will make the utmost effort to prohibit the use of our Site by anyone not over the legal age. Should SDC.com learn that anyone under that local legal age has unlawfully provided us with personal data, SDC.com will take the necessary steps to delete such information. SDC.com is strictly an adult-oriented service and all minors are prohibited from using any and all services provided.
SDC.com has further committed to refer any unresolved privacy complaints for our EU Users to an independent dispute resolution mechanism, JAMS Privacy Shield Program. Please note that if complaints cannot be resolved through the channels listed here, a binding arbitration option may be available before a Privacy Shield Panel.
Data Protection Officer
Users have certain statutory rights in relation to their personal data.
The rights to data subject access include the following:
• Know whether a data controller holds any personal data about them.
• Receive a description of the data held about them and a copy of the data.
• Be informed of the purpose(s) for which that data is being processed, and from where it was received.
• Be informed whether the information is being disclosed to anyone apart from the original recipient of the data; and if so, the identity of those recipients.
• The right of data portability. Data subjects can ask that their personal data be transferred to them or a third party in machine readable format (Word, PDF, etc.). However, such requests can only be fulfilled if the data in question is: 1) provided by the data subject to SDC.com, 2) is processed automatically and 3) is processed based on consent or fulfilment of a contract.
• If the data is being used to make automated decisions about the data subject, to be told what logic the system uses to make those decisions and to be able to request human intervention.
SDC.com must provide a response to data subjects requesting access to their data within 30 calendar days of receiving the Data Subject Access Request unless local legislation dictates otherwise. Please contact SDC.com's Data Protection Officer for assistance: firstname.lastname@example.org. In order to establish the correct User identity, SDC.com may require the User to provide official government issued proof of identity or require a secondary digital validation.
SDC.com will provide Users an option to export their data. SDC.com does include this option on our paid plans (monthly, lifetime). We do not provide data exportation capabilities to Users on trial plans. Please email email@example.com for assistance.
You have the following choices to modify or delete your personal information from our database:
Log in and modify or delete your profile
Send an email to firstname.lastname@example.org
Call us at 1 866 4179957
In the event that SDC becomes aware that site security is compromised or nonpublic user information has been disclosed to unrelated third parties as a result of external activity, including but not limited to external security attacks, SDC shall take reasonable measures which it deems appropriate, including but not limited to internal investigation and reporting, and notification to and cooperation with law enforcement authorities, notwithstanding other provisions of this Privacy Statement. If you become aware of such a breach, please fill in the appropriate form on the website, or email email@example.com or create an emergency support ticket.
If SDC becomes aware that a user's personal information provided to SDC has been disclosed in a manner not in accordance with this Privacy Statement, SDC shall make reasonable efforts to notify the affected user, as soon as reasonably possible and as permitted by law, of what information has been disclosed, to the extent that SDC knows this information.
A form is provided on SDC.com to permit Users to exercise their data rights, namely to do the following :
I want SDC.com to delete my personal data and cancel my account
I want SDC.com to transfer my data to me
I want to know how SDC.com is using my personal information
I want to rectify incorrect data SDC.com has about me
I want SDC.com to stop using my information for direct marketing and profiling
I want to object to the way SDC.com is using my personal information
Data Subject Access Request Procedure
Data Subject Access Request (“DSAR”)
A Data Subject Access Request (DSAR) is any request made by an individual or an individual’s legal representative for information held by the Company about that individual. The Data Subject Access Request provides the right for data subjects to see or view their own personal data as well as to request copies of the data.
A Data Subject Access Request must be made in writing. In general, verbal requests for information held about an individual are not valid DSARs. In the event a formal Data Subject Access Request is made verbally to a staff member of the Company, further guidance should be sought from Data Protection Officer, who will consider and approve all Data Subject Access Request applications.
A Data Subject Access Request can only be made via any of the following methods: email, post, or corporate website. DSARs made online must be treated like any other Data Subject Access Requests when they are received, though the Company will not provide personal information via social media channels.
Requirements for a valid DSAR
In order to be able to respond to the Data Subject Access Requests in a timely manner, the data subject should:
• Submit his/her request using a Data Subject Access Request Form.
• Provide SDC.com with sufficient information to validate his/her identity (to ensure that the person requesting the information is the data subject or his/her authorized person).
Subject to the exemptions referred to in this document, SDC.com will provide information to data subjects whose requests are in writing (or by some other method explicitly permitted by the local law), and are received from an individual whose identity can be validated by SDC.com. Requests are more likely to be successful where they are specific and targeted at particular information.
Factors that can assist in narrowing the scope of a search include identifying the likely holder of the information (e.g. by making reference to a specific department), the time period in which the information was generated or processed (the narrower the time frame, the more likely a request is to succeed) and being specific about the nature of the data sought (e.g. a copy of a particular form or email records from within a particular department).
An individual does not have the right to access information recorded about someone else, unless they are an authorized representative, or have parental responsibility.
SDC.com is not required to respond to requests for information unless it is provided with sufficient details to enable the location of the information to be identified, and to satisfy itself as to the identity of the data subject making the request.
In principle, SDC.com will not normally disclose the following types of information in response to a Data Subject Access Request: • Information about other people – A Data Subject Access Request may cover information which relates to an individual or individuals other than the data subject. Access to such data will not be granted, unless the individuals involved have previously given consent to the disclosure of their data in one of the scenarios detailed above, such as communications from other users.
• Repeat requests – Where a similar or identical request in relation to the same data subject has previously been complied with within a reasonable time period, and where there is no significant change in personal data held in relation to that data subject, any further request made within a three month period of the original request will be considered a repeat request, and SDC.com will not normally provide a further copy of the same data
• Publicly available information – The Company is not required to provide copies of documents which are already in the public domain, such as stories, forum contributions, and other User generated content.
• Opinions given in confidence or protected by copyright law – SDC.com does not have to disclose personal data held in relation to a data subject that is in the form of an opinion given in confidence or protected by copyright law.
• Privileged documents – Any privileged information held by SDC.com need not be disclosed in response to a DSAR. In general, privileged information includes any document which is confidential (e.g. a direct communication between a client and his/her lawyer) and is created for the purpose of obtaining or giving legal advice.
Data Subject Access Request Refusals
There are situations where individuals do not have a right to see information relating to them. For instance: • If the information is kept only for the purpose of statistics or research, and where the results of the statistical work or research are not made available in a form that identifies any of the individuals involved.
• Requests made for other, non-data protection purposes can be rejected.
If the responsible person refuses a Data Subject Access Request on behalf SDC.com, the reasons for the rejection must be clearly set out in writing. Any individual dissatisfied with the outcome of his/her Data Subject Access Request is entitled to make a request to the Data Protection Officer to review the outcome.
No Guarantees for Factors Beyond SDC’s Control
While this Privacy Statement expresses SDC's standards for maintenance of private data, it is not in a position to guarantee that the standards will always be met. There may be factors beyond SDC's control (e.g., "script kiddies, crackers and other malcontents, hurricanes, tornados, acts of God, loss of power, diseases, loss of mind, body and soul") that may result in disclosure of data. As a consequence, SDC disclaims any warranties or representations relating to maintenance or nondisclosure of private information.