Information We Collect
- Information from Third Parties: We may receive information related to your use of our Partner websites and services, including your IP address, name, email address, phone, address, current location, search requests, and your interactions with our Partner. Common examples include searching in a website locator, sharing location information by text message or email, or entering information in web application inputs.
- Contact Information Entered: We may receive information that you directly provide to use in website forms, contact forms, and similar requests for information.
Personal information does not include: Publicly available information from government records. Deidentified or aggregated consumer information, or information excluded from the CCPA’s scope.
How We Use the Information We Collect
- Services and APIs: We use the data collected through our Services and APIs (1) for internal diagnostic and analytic purposes (2) to improve our mapping products and services (3) to provide our Services to end users of our customers and (4) to generate aggregated and anonymized usage statistics for usage tracking and geographic interest analysis for our customers. We have a legitimate interest in improving our Services and certain data collection is necessary in order to provide the Services.
When We Share the Information We Collect With Third Parties
- In General: We are a company focused on the needs of financial institutions and related financial services partners and service providers, and therefore we share anonymous and aggregate usage information with our customers about the usage and performance of the specific Services we provide for them. However, we do not share any such data with any other third parties other than indirectly with our own service providers, such as cloud computing platforms, which enable us to deliver the Services.
- Website Logs and Cookies: As mentioned above, we indirectly share information about your device and interaction with our website with our service providers that host our websites and provide analytics services to us. Certain hosting, data management, and analytics services that integrate directly into our websites and/or Services may collect information about your device, browser, and interaction with our websites (including by placing third-party cookies on your browser or other similar technologies). We do not control how these third parties use or share this information, which is subject to their privacy policies.
- Services and APIs: We indirectly share information collected through your use of our Services and APIs with our hosted infrastructure and internal analytics service providers. We directly share information collected through your use of our Services and APIs with our customers for the purposes of providing internal diagnostics and analytics for better understanding of geographic interest and usage patterns of the Services by end users. We also may share aggregated and anonymized usage statistics with other third parties.
- Rare and Limited Disclosures: We may share information in our possession in response to a request if we believe disclosure is in accordance with, or required by, any applicable law, regulation or legal process. For more information, see “Law Enforcement and Transparency,” below.
Furthermore, we may share information in our possession if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to enforce our terms of service, detect, prevent, or otherwise address threats to our platform, or protect against harm to the rights, property or safety of Wave2, our users, or the public as required or permitted by law.
Finally, we may also share the information we collect in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company. We may also share information among our current and future parents, affiliates, subsidiaries and other companies under common control and ownership.
Your Choices About What We Do with the Information We Collect
- Website Logs and Cookies: You may delete cookies from your browser on your computer and/or device, and most browsers provide the option to block cookies. Note that if you block cookies placed by us (first party cookies), portions of our Services, including our website, may not work as intended. However, your access to our websites should not be affected if you disable third-party cookies placed by third parties that manage marketing and analytics aspects of our website.
- Services and APIs: If you are an end-user of our Services, you may choose not to enable geolocation information in the settings of your browser and/or device, and not to directly submit personal information in the Services, and you may control your browser’s cookie preferences. Furthermore, you may pursue the opt-out procedures described in the CCPA section below. If you are an end user of a product or service that integrates our APIs, your privacy options will be largely determined by the developer of the product or service. In addition to any privacy options that the developer may have provided you with, you may also be able to control the applications that can collect information about your precise location by using the settings available on your device, including opting out of collection of telemetry data.
- Questions. If you have any questions about how to limit the disclosure and/or use of your personal information to us, please email us at support@Wave2.io.
Your Access to and Control of the Information We Collect
- Contact Information: If we have contact information about you, such as your email address on our newsletter list, you may exercise your privacy rights with respect to this information. However, we may not be able to verify your identity for purposes of processing your request, as we may not have sufficient information to adequately verify your request. To unsubscribe from our newsletter or other communications, please follow the instructions in the emails that you receive from us.
- Website Logs, Cookies, Services, and APIs: We temporarily retain IP addresses for security and accounting purposes. Given the temporary and aggregate nature of this storage, it is generally not feasible for us to provide access to IP addresses or the logs associated with them. Email addresses and phone numbers entered in the “share” feature of the Services are not stored beyond their immediate usage in fulfilling the functionality of the Services, and they are therefore not retained or available in our systems. The search information directly entered by end-users is anonymous and aggregate and is not associated with any individual user within our systems, so it is generally not feasible for us to provide access to entered user search information.
Your privacy rights under the California Consumer Protection Act (CCPA)
California consumers have the following privacy rights:
- to not receive discriminatory treatment by Wave2 for the exercise of privacy rights conferred by the CCPA;
- to request to know the personal information Wave2 has about you. You may access personal information associated with your Wave2 account, such as username, email address, and associated account activity by logging into your Wave2 account; and
- to request deletion of your personal information collected or maintained by Wave2; and
- to designate an authorized agent to make a verifiable consumer request related to your personal information on your behalf.
In order to submit a request to exercise your privacy rights, you may do one or more of the following:
- E-mail us as firstname.lastname@example.org.
- Send mail to us at Wave2, LLC, Attn: General Counsel, PO Box 83465, Gaithersburg, MD 20878
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
- If you believe Wave2 has any personal information about you that is not an email address or SMS phone number, please email Wave2 at email@example.com describing in detail the information you believe Wave2 has and how you believe Wave2 obtained it. Please note that without an email address, it may not be possible for Wave2 to verify your identity to a reasonable degree of certainty to locate or delete any information.
The CCPA provides California residents with the right to know what categories of personal information Wave2 has collected about them and whether Wave2 disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth above in the sections above titled Information We Collect, How We Use the Information We Collect, and When We Share the Information We Collect With Third Parties.
For purposes of the CCPA, Wave2 does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age. You may complete this DO NOT SELL MY PERSONAL INFORMATION form to opt out of the disclosure of your personal information to third parties that are not our service providers. (If you also want to opt out of third-party cookies on our website, you can do so using your browser’s cookie preferences.)
Your privacy rights under the EU General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (“GDPR”) came into force on 25 May 2018. The new Regulation aims to standardize data protection laws and processing across the EU, giving people greater rights to access and control their personal information.
Although we do not actively do business in the EU, on the outside chance that certain users may be in Europe, Wave2 is committed to ensuring protection of all personal information that we hold, and to provide and to protect all such data. We recognize our obligations in updating and expanding this program to meet the requirements of GDPR.
Wave2 is dedicated to safeguarding the personal information under our control and in maintaining a system that meets our obligations under the new regulations. We already have a consistent level of data protection and security across our organization to ensure compliance.
- Information Audit — We carried out an audit of information previously held and ensured that it was compliant with the new regulations.
- Policies and Procedures — we have revised data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
- Basic Practices – fundamentally we do not gather, store, or use any personal data.
- Data Protection – our main policy and procedure document for data protection has been revised to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy and the rights of individuals.
- Data Retention and Erasure – we have updated our retention policy and schedule to ensure that we meet the “data minimization” and “storage limitation” principles and that personal information is stored, archived and destroyed in accordance with our obligations. We have procedures in place to meet the new “Right to Erasure” obligation.
- Data Breaches – our procedures ensure that we have safeguards in place to identify, assess, investigate and report any personal data breach as early as possible. Our procedures have been explained all employees.
- International Data Hosting – Wave2 stores all data in Microsoft Azure hosted data systems in the USA. We have robust procedures in place to secure the integrity of the data.
- Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge
- Privacy Notice/Policy – we have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
- Obtaining Consent – we have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information
- Direct Marketing – we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
- Data Protection Impact Assessments (DPIA) – where we process personal information that is considered high risk, we have developed stringent procedures for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
- Processor Agreements – we have not used any third-party to process personal information on our behalf.
Data Subject Rights
We provide easy-to-access information via email request of an individual’s right to access any personal information that Wave2 processes about them and to request information about:
- what personal data we hold about them
- the purposes of the processing
- the categories of personal data concerned
- the recipients to whom the personal data has/will be disclosed
- how long we intend to store your personal data for
- if we did not collect the data directly from them, information about the source
- the right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- the right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- the right to lodge a complaint or seek judicial remedy and who to contact in such instances.
Information Security and Technical and Organizational Measures
Wave2 takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction.
If you have any questions about our GDPR compliance policies, please contact firstname.lastname@example.org.
Law Enforcement and Transparency
- In General: Although we acknowledge that government sometimes must act to protect citizens’ safety and security. Wave2 has never received any user information requests from law enforcement or government agencies, nor any national security letter, FISA court order, or any other classified request of any kind. If we ever receive such a request, we will review it carefully and make sure it follows the law (including the Fourth Amendment). If we believe a request is overly broad, we will seek to narrow it. If we have a good faith belief that there is an emergency involving the danger of death or severe physical injury, we may disclose limited information necessary to prevent that harm.
- Website Logs, Cookies, Services, and APIs: We will only disclose information collected through our Services, including maps and associated data and location information, in response to a subpoena or court order.
By using our websites, Services, and/or APIs or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail or by sending an email to you.
Wave2 websites, Services and APIs are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children.
If you are a parent or guardian and wish to review information collected from your child, or have that information modified or deleted, you may contact us as described below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it.