Last Modified: August 15, 2019
We may modify this Policy at any time, without prior notice, and changes may apply to any personal information we already hold about you, as well as any new personal information collected after the Policy is modified. If we make changes, we will notify you by revising the date at the top of this Policy. We will provide you with advanced notice if we make any material changes to how we collect, use or disclose your personal information or that impact your rights under this Policy by posting a new notice on our Services page. If you continue to access or use our Services after receiving the notice of changes, you acknowledge your acceptance of the updated Policy.
In addition, we may provide you with real time or “just-in-time” disclosures or additional information about the data handling practices of specific parts of our Services. Such notices may supplement this Policy or provide you with additional choices about how we process your personal information.
Personal information is any information that identifies you or makes you identifiable as defined by applicable law. Any information that is anonymized or aggregated is no longer personal information. In connection with the Services, we may ask you to provide these categories of personal information:
Your personal information can be used for various purposes, including:
We will disclose to you any other use of your personal information in connection with our Services prior to processing your personal information for such purposes. You may choose not to allow us to process your personal information for any purposes that are not compatible with the purposes for which we originally collected your personal information or subsequently obtained your consent. However, you should be aware that if you choose to limit how we use your personal information, some or all of our Services may not be available to you.
We may share your personal information as follows:
We will, at our discretion, provide you with advance notice if we are compelled to disclose your personal information to law enforcement, unless we are prohibited from doing so by public authorities or the law.
Types of Cookies on Our Services. We use the following types of cookies on our Services:
How to Manage Cookies. Depending on whether you would like to manage a first-party or third-party cookie, you will need to take the following steps:
You have certain choices about the way we use or handle your personal information, including:
Paradigm employs commercially reasonable physical, administrative, and technical safeguards to help protect and secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
You should be aware that, unfortunately, no system can be 100% secure. Although the security of your personal information is our highest priority, there will always be a risk that your personal information gets compromised. We also depend on you to keep your information secure by ensuring you access our Services via secure connections and taking other precautionary measures. Please notify us immediately at firstname.lastname@example.org if you become aware of any unauthorized access to or use of your personal information.
When you access or use our Services, your personal information may be processed in the United States or any other country in which Paradigm, its affiliates, or service providers maintain facilities. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to, processed, or maintained outside of the country or jurisdiction where you are located, you should immediately stop accessing or using the Services.
If you are located in the European Economic Area or Switzerland, please refer to the section below entitled, “Notice to Individuals in the European Economic Area and Switzerland.”
We generally retain your personal information for as long as necessary to fulfill the purposes of collection or to comply with applicable law. Otherwise we will try to delete your personal information upon your request or when we no longer need it for the purposes it was originally collected. We will not delete any personal information that also relates to other individuals, unless such other individuals also wish to delete their personal information at the same time.
We recognize that retention requirements can vary between jurisdictions, but we generally apply the retention periods described below.
California law permits California residents to ask us for a notice that identifies the categories of personal information that we share with our affiliates and/or third parties for marketing purposes, and that provides contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to us at the address provided under the “Contact Us” section.
You may find links to other websites, third party applications, and widgets on our Services that we do not own or control (“Third Party Links”). Paradigm is not responsible for the content on Third Party Links, nor do we endorse or review the privacy practices of such websites. Please read the privacy policies of such Third Party Links to understand how your personal information will be handled before using their websites or services.
Currently, we do not monitor or take any action with respect to Do Not Track signals or other mechanisms, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.
We do not knowingly or intentionally collect personal information from minors. Please contact us if you believe we have collected personal information about a child without consent from their parent or guardian so we can take action to prevent such access and to delete their information from our Services.
14. Notice to Individuals in the European Economic Area and Switzerland
This section only applies to individuals using or accessing our Service while located in the European Economic Area, the United Kingdom, or Switzerland (collectively, the “Designated Countries”) at the time of data collection.
We may ask you to identify which country you are located in when you use or access some of the Services, or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in the Designated Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to individuals in the Designated Countries.
Our Relationship to You. Paradigm is a data controller with regard to any personal information collected from individuals directly. A “data controller” is an entity that determines the purposes for which and the manner in which any personal information is processed. Paradigm is a data processor with regarding to any personal information it processes at the request of a data controller.
Legal Bases for Processing Your Personal Information. We rely on the following legal bases under the European Union’s General Data Protection Regulation in processing your personal information.
Marketing. We will only contact you if you are located in the Designated Countries by electronic means (including email or SMS) or engage in marketing activities based on our legitimate interests, as permitted by applicable law or your consent. If you do not want us to use your personal information in this way, please click the unsubscribe link at the bottom of any of our email messages to you or contact us. You can object to direct marketing at any time and free of charge.
Individual Rights. We provide you with the rights described below when you use our Services. We may limit your individual rights requests: (a) where denial of access is required or authorized by law; (b) when granting access would have a negative impact on other’s privacy; (c) to protect our rights and properties; or (d) where the request is frivolous or unrealistic. If you would like to exercise your rights under applicable law or if you believe we have infringed or violated your privacy rights, please contact us at email@example.com so that we may resolve your dispute directly.
Transfer of Your Personal Information. We transfer your personal information subject to appropriate safeguards as permitted under the relevant data protection laws. We rely primarily on Standard Contractual Clauses approved by the European Commission to facilitate the international transfer of personal information collected in the EEA, the United Kingdom and Switzerland (“European Personal Information”), and any onward transfer of such information to the extent the recipients of the European Personal Information are located in a country that the EU considers to not provide an adequate level of data protection. In some instances we may transfers of European Personal Information to other parties for the performance of a contract between us and another party that we entered into for your interest.
Paradigm participates in and has certified its compliance with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (“EU”), European Economic Area (“EEA”), United Kingdom, and Switzerland to the United States, respectively.. With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, Paradigm is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. To learn more about the Privacy Shield program, and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at Privacy Shield Annex 1.