Last revised: March 01, 2023
This GDPR Privacy Addendum (the “GDPR Privacy Addendum”) supplements the information contained in our Privacy Notice (our “Privacy Notice”) and applies solely to the users of our Services (including the use of our Website located at https://contextlabs.com) who are located in the European Economic Area, the United Kingdom, or Switzerland. We adopt this GDPR Privacy Addendum to comply with the European Union’s General Data Protection Regulation, and any laws implementing the foregoing by any member states o the European Economic Area, the United Kingdom (including the UK Data Protection Act and the UK-GDPR), and or Switzerland (collectively, the “GDPR”). Unless otherwise defined in this GDPR Privacy Addendum, any terms defined in the GDPR, or our Privacy Notice have the same meaning when used in this GDPR Privacy Addendum. When this GDPR Privacy Addendum is applicable to you, it takes precedence over anything contradictory in our Privacy Notice.
- Data Controller, Data Protection Officer, and Representative
Context Labs is the data controller of your Personal Data. Context Labs has appointed a Data Protection Officer and has appointed a representative in the United Kingdom in compliance with the General Data Protection Regulation and the UK Data Protection Act and UK-GDPR. Context Labs has an establishment in the European Union and is not required to appoint a representative elsewhere in the European Union and has elected not to do so. Context Labs, its Data Protection Officer, or its representative may be contacted in any manner set forth below in the “Contact Information” Section of this GDPR Privacy Addendum.
- Information We Collect About You and How We Collect It
The Personal Data we collect and the ways in which we collect it is described in our Privacy Notice.
The Personal Data we collect from you is required to enter into a contract with Context Labs, for Context Labs to perform under the contract, and to provide you with our Services. If you refuse to provide such Personal Data or withdraw your consent to our processing of Personal Data (when appropriate), then in some cases we may not be able to enter into the contract or fulfill our obligations to you under it.
- Lawful Basis for Processing Your Personal Data
The processing of your Personal Data is lawful only if it is permitted under the GDPR. We have a lawful basis for each of our processing activities (except when an exception applies as described below):
- Legitimate Interests. We will process your Personal Data as necessary for our legitimate interests. Our legitimate interests are balanced against your interests and rights and freedoms, and we do not process your Personal Data if your interests or rights and freedoms outweigh our legitimate interests. Our legitimate interests are to: facilitate communication between Context Labs and you; detect and correct bugs and to improve our Services; safeguard our IT infrastructure and intellectual property; detect and prevent fraud and other crime; promote and market our business; and develop our Services.
- To Fulfill Our Obligations to You under our Contract. We process your Personal Data in order to fulfill our obligations to you pursuant to our contract with you to deliver our Services to you, to the extent applicable.
- As Required by Law. We may also process your Personal Data when we are required or permitted to by law; to comply with government inspections, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.
- Consent. When our processing is not otherwise covered by one of the above lawful bases, we may process your personal Data based on your consent. When necessary, we will ask for your explicit, affirmative consent. By using our Services, you consent to our collection, use, and sharing of your Personal Data as described in our Privacy Notice and this GDPR Privacy Addendum. If you do not consent to the terms of our Privacy Notice and this GDPR Privacy Addendum, please do not use our Services or the Website.
- Special Categories of Information
We do not ask you to provide, and we do not knowingly collect, any special categories of Personal Data from you.
- Automated Decision Making
We do not currently use your Personal Data with any automated decision-making process or technologies may produce a legal effect concerning you or similarly significantly affect you, including profiling. Any changes pertaining to the use of Personal Data with automated decision-making will be updated in this GDPR Privacy Addendum and our Privacy Notice.
- How We Use Your Information
We use your Personal Data as described in our Privacy Notice.
- Disclosure of Your Information
We do not share or otherwise disclose your Personal Data for purposes other than to the entities and for the purposes described in our Privacy Notice.
- Your Rights Regarding Your Information and Accessing and Correcting Your Information
The GDPR provides you with certain rights with regards to our processing of your Personal Data. These rights replace the similar rights provided in our Privacy Notice or are supplemental to such rights. However, each of these rights may be subject to restrictions or verification from your employer. When we require confirmation or approval from your employer, we will inform you of this.
- Access and Update. You may contact us through the Contact Information below if you wish to review or change any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We also may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
- Restrictions. You have the right to restrict our processing of your Personal Data under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Data is determined to be unlawful, or if we no longer need your Personal Data for processing but we have retained it as permitted by law.
- Portability. To the extent the Personal Data you provide Context Labs is processed based on your consent and that we process it through automated means, you have the right to request that we provide you a copy of, or access to, all or part of such Personal Data in structured, commonly used, and machine-readable format. You also have the right to request that we transmit this Personal Data to another controller, when technically feasible.
- Withdrawal of Consent. To the extent that our processing of your Personal Data is based on your consent, you may withdraw your consent at any time by closing your account. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your Personal Data.
- Complaints. You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
- How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods listed under Contact Information below. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee subject to a maximum set by applicable law.
- Consent to Processing of Personal Data In Other Countries Outside the European Economic Area or the United Kingdom
In order to provide our Services, we may send and store your Personal Data outside of the EEA or the United Kingdom, including to the United States. Accordingly, your Personal Data may be transferred outside the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data. Your information may be processed and stored in the United States and United States federal, state, and local governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your information through the laws of the United States. By using our Services, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where you reside or are located, including in the United States.
Your Personal Data is transferred by Context Labs to another country only if it is required or permitted under the GDPR and provided that there are appropriate safeguards in place to protect your Personal Data. To ensure your Personal Data is treated in accordance with our Privacy Notice and this GDPR Privacy Addendum when we transfer it to a third party, Context Labs uses Data Protection Agreements between Context Labs and all other recipients of your data that include, where applicable, the standard contractual clauses adopted by the European Commission and/or the Information Commissioner’s Office in the United Kingdom (collectively, the “Standard Contractual Clauses”). The European Commission and the Information Commissioner’s Office in the United Kingdom have determined that the transfer of Personal Data pursuant to the Standard Contractual Clauses provides for an adequate level of protection of your Personal Data, however, the Standard Contractual Clauses may need to be supplemented in some cases with additional measures on a case-by-case basis after an analysis that such supplemental measures can provide you with an essentially equivalent level of protection as afforded in the EEA or the UK. When, as a result of this analysis, we believe this to be appropriate and necessary, the Standard Contractual Clauses have been supplemented in this way. Under these Standard Contractual Clauses, you have the same rights as if your Personal Data was not transferred to such third country. You may request a copy of the Data Protection Agreement by contacting us through the Contact Information below.
- Data Retention Periods
Unless you request us to delete your Personal Data (subject to the above) earlier, Context Labs will retain your Personal Data for the entire time that you keep your account open. After this period, we may retain your Personal Data for five (5) years, or for any of the reasons listed below, whichever is longer:
- for as long as necessary to comply with any legal requirement;
- on our backup and disaster recovery systems in accordance with our backup and disaster recovery policies and procedures;
- for as long as necessary to protect our legal interests or otherwise pursue our legal rights and remedies; and
- for data that has been aggregated or otherwise rendered anonymous in such a manner that you are no longer identifiable, indefinitely.
- Changes to This GDPR Privacy Addendum
We may change this GDPR Privacy Addendum at any time. It is our policy to post any changes we make to our GDPR Privacy Addendum on this page. If we make material changes to how we treat our users’ Personal Data, we will notify you through a notice on the Website’s home page. The date this GDPR Privacy Addendum was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this GDPR Privacy Addendum to check for any changes.
- Contact Information
If you have any questions, concerns, complaints, or suggestions regarding our Privacy Notice or this GDPR Privacy Addendum, have any requests related to your Personal Data described in the Privacy Notice or this GDPR Privacy Addendum, or otherwise need to contact us, you can do so at the contact information below or through the “Contact” page on our Website.
To Contact Context Labs (Controller) in the US
Context Labs LLC
222 Third Street
Cambridge, MA 02142
To Contact Context Labs (Controller) in the European Union
Context Labs B.V.
1015 BT Amsterdam
To Contact Context Labs in the UK