Sybrillo

Privacy Policy

PRIVACY POLICY OF SYBRILLO INC

Last modified: May 17, 2018

This Privacy Policy (the “Policy”) explains how Sybrillo Inc. (“Sybrillo”, “Company,” “we,” or “us”) collects, stores, uses, and discloses personal information from our users (“you”, “user”) in connection with the services (“Services”) available through the Sybrillo electronic camera stabilizer device (“Device”), the Sybrillo mobile device application (“Application”) and the website located at https://sybrillo.com (the “Website”).

Please read and make sure you understand this Policy. If you do not agree with this Policy or our practices, you may not use our Website and Application. This Policy may change from time to time and is incorporated into our Website Terms of Use. Your continued use of our Website/Application constitutes your acceptance of those changes. We encourage you to review this Policy periodically.

Sybrillo may from time to time handle personal data collected from individuals located within the European Union (“EU”) member countries. Consistent with the regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”) Sybrillo grants the enhanced data protection for the individuals located within the EU. Our adherence to the GDPR regarding the personal data collected from individuals located within the EU is detailed in this Policy.

Furthermore, Sybrillo complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, onward transfer and retention of personal data transferred from EU member countries and Switzerland to the United States, respectively. Sybrillo has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield principles (“Privacy Shield Principles”) of (i) Notice, (ii) Choice, (iii) Accountability of onward transfer, (iv) Security, (v) Data integrity and purpose limitation, (vi) Access and (vii) Recourse, enforcement and liability.

Our adherence to each of these principles is detailed in this Policy. If there is any conflict between the terms of the Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Sybrillo’s certification, please visit https://www.privacyshield.gov.

Sybrillo is under the jurisdiction as well as the investigatory and enforcement powers of the US Federal Trade Commission for purposes of the EU-US Privacy Shield framework and the Swiss-US Privacy Shield Framework.

What does this Privacy Policy cover?

This Policy covers Sybrillo's treatment of information that Sybrillo gathers when you are using the Services, the Application or accessing Sybrillo's Website as a user. Also, this Policy covers Sybrillo's treatment of your information that Sybrillo share with Sybrillo’s business partners. This Policy does not apply to the practices of third parties that Sybrillo does not own or control (such as third-party websites that you may access from the Website), or to individuals that Sybrillo does not employ or manage.

What information does Sybrillo collect?

The information we gather from users enables Sybrillo to personalize and improve our services and to allow our users to set up accounts on the Website. We collect the following types of information from our users:

2.1 Information You Provide to Us:

We receive and store any information you enter on our Website or provide to us in any other way using the Services. The types of information collected include, without limitation, email address, your full name, company name (optional), mailing address, phone number.

2.2 Information Collected Automatically:

We receive and store certain types of information whenever you interact with the Device, the Application or our Website using the Services.

When you visit our Website, Sybrillo automatically receives and records information on our server logs from your browser including your IP address, unique device identifier, browser characteristics, domain and other system settings, search queries, device characteristics, operating system type, language preferences, referring URLs, actions taken on our Website, page requested, parts visited of our Website, dates and times of Website visits and the items bought.

2.3 Information Collected Through the Application:

We receive and store certain types of information whenever you use your Device through the Application. The types of information collected include, without limitation your geographical location (GPS data), environmental characteristics (altitude, temperature), the time of use of the Device, the mode and functions used, and the data connected to the Facebook profile used for logging into the Application.

What About Cookies?

The Company collects mainly anonymous data from the Website, such as searches. The anonymized data can include user session data such as IP address, web browser type, the time spent on the page by the user, and user-clicked buttons. The Company processes anonymous data in order to improve the page, to bring it to perfection. During this procedure Sybrillo can incorporate “cookies”, which collect the visitor’s first level domain name, the date and the exact time of access. The “cookie” alone can’t be used to reveal the identity of the visitor. The “cookie” is a file, which is sent to the browser of the visitor and stored on the hard drive of visitor. Cookies don’t damage the computer of the visitor. The browser can be set to indicate when a cookie is received, so the visitor can decide to accept the so-called cookie or not. The Company does not collect or manage any information that would allow the identification of the User.

How Does Sybrillo Use My Information?

We may use your information, including your personal information - based on diverse purposes as well as the legal basis of the processing - as follows:

We process the following personal data for the purpose and on the legal basis of the performance of the contract, product and service fulfillment:

Full name

Email address

Mailing address

Company name (optional)

Phone number

The above information you provide is used for purposes such as responding to your requests for certain products and services, customizing the content you see, communicating with you about specials, sales offers, and new features, and responding to problems with our services. It is also used to manage payments, issuing the invoice or requests for information, or to otherwise serve you, provide any requested services and administer sweepstakes and contests.

We process the following personal information based on your consent (as the legal basis of this processing) for marketing purposes, to deliver coupons, mobile coupons, newsletters, receipt messages, e-mails, and mobile messages. We also send marketing communications and other information regarding services and promotions based on your consent and administer promotions:

Full name

Email address

Mailing address (optional)

Phone number (optional)

Personal data collected when you use the Device through the Application:

Geographical location (GPS data)

Environmental characteristics (altitude, temperature)

The time of use of the Device

The mode and functions used

Facebook profile

We conclude the following information from the above data:

Under which circumstances, where and for what time you used the Device

The most used function of the Application

The locations where the Devices are being used the most

How many places the individual Device visited

Events important for the warrant (e.g. how many times were the Device hit or damaged, etc.)

You shall always have the right to withdraw your consent at any time.

We process personal data for the purpose and on the legal basis of compliance with legal obligations to prevent fraudulent transactions, monitor against theft and otherwise protect our customers and our business. We also process personal data for legal compliance and to assist law enforcement and respond to subpoenas.

We process the following personal data for the purpose and on the legal basis of the legitimate interests of the Company, to improve the effectiveness of the Device, the Application or the Website, mobile experience, and marketing efforts, to conduct research and analysis, including focus groups and surveys and to perform other business activities as needed, or as described elsewhere in this Policy.

Personal data collected when you visit our Website:

IP address

Unique device identifier

Browser characteristics

Domain and other system settings

Device characteristics

Operating system type

Language preferences

Referring URLs

Actions taken on our Website

Page requested

Parts visited of our Website

Dates and times of Website visits

Items bought

We conclude the following information from the above data:

Purchase intent of the visitors

Number of recurring visits to our Website

Time spent on the Website by individual visitors

Locations with the highest number of sales

Willingness to spend

For collecting the above-mentioned data and making statistics and analysis we may use the following software and programs:

Name

Registered seat

Country

Shopify Inc.

150 Elgin Street, Suite 800

Ottawa, ON K2P 1L4

Canada

Google Analytics (Google LLC.)

1600 Amphitheatre Parkway Mountain View, CA 94043

United States

Facebook pixel, Instagram (Facebook Inc.)

1601 Willow Road Menlo Park, CA 94025

United States

LinkedIn

605 W Maude Ave; Sunnyvale, California 94085

California

Mailchimp

675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA

United States

Intercom Inc.

55 2nd Street

4th Floor

San Francisco, CA 94105

United States

Personal data collected when you use the Device through the Application:

Geographical location (GPS data)

Environmental characteristics (altitude, temperature)

The time of use of the Device

The mode and functions used

Facebook profile

We conclude the following information from the above data:

Under which circumstances, where and for what time you used the Device

The most used function of the Application

The locations where the Devices are being used the most

How many places the individual Device visited

Events important for the warrant (e.g. how many times were the Device hit or damaged, etc.)

Sybrillo uses both the above listed personal data, the derived aggregated data and the conclusions for statistical purpose also.

Cookies: Sybrillo may use automatically collected information and cookies information to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the Website; (b) provide custom, personalized advertisements, content, and information; (c) monitor the effectiveness of our marketing campaigns; and (d) monitor aggregate usage metrics such as total number of visitors and pages viewed.

Data integrity and purpose limitation: Sybrillo will only collect and retain personal data which is relevant to the purposes for which the data is collected, and we will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorized by you. We will take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete and current. We may occasionally contact you to determine that your data is still accurate and current.

How Long We Retain Your Personal Data?

We will retain your personal data for so long as it is needed to fulfill the purposes outlined in this Policy or until you withdraw your consent, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no longer or no legal basis to process your personal information, we will either delete or anonymize it, or, if this is not possible, then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Will Sybrillo share any of the information it receives?

Information about our users is an integral part of our business, and we may share such information with our affiliated entities. Except as expressly described below, we neither rent nor sell your information to other people or nonaffiliated companies. We may share your information when we have your permission.

6.1 Shopify Inc.: Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

Shopify payment: If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).

6.2 Third Party Service Providers: We may share certain personal information with third party vendors who supply software applications, web hosting and other technologies for the Website. We will only provide these third parties with access to information that is reasonably necessary to perform their work or comply with the law. Those third parties will never use such information for any other purpose except to provide services in connection with the Website. We may also share aggregated or de-identified information, which cannot reasonably be used to identify you. We may also request data process service for processing the personal data. During the service of data process, the data processor shall abide under the present Policy, relevant legislations in force, furthermore the provisions of the existing contracts of the Sybrillo. Sybrillo uses the data process service of the following companies:

Name

Registered seat

Country

Activity (data processing service)

Shopify Inc.

150 Elgin Street, Suite 800

Ottawa, ON K2P 1L4

Canada

Service provider hosting our Website

Intercom Inc.

55 2nd Street

4th Floor

San Francisco, CA 94105

United States

Provides the customer communication platform integrated to the Website.

Mailchimp

675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA

United States

Marketing automation platform, that helps us to keep connection with our customers and audience.

Sybrillo may also share personal information with third parties by the user in order to fulfill the services and perform the contract.

6.3 Transfer of Personal Data collected from individuals located within the EU:

If we transfer personal data collected from individuals located within the EU to a third-party acting as a data processor, and such third-party agent processes your personal information in a manner inconsistent with the GDPR or – having a registered seat in the United States of America – with the Privacy Shield Principles.

We only transfer personal data collected from individuals located within the EU to a third-party having a registered seat outside the EU or the United States of America acting as a data processor without appropriate safeguards when it is necessary for the performance of the contract. Sybrillo will make every effort to ensure that the personal data transferred is safe and secure and that the personal data is processed in a manner consistent with the GDPR.

6.4 Sybrillo may release your information:

6.4.1 in response to subpoenas, court orders or legal process, to the extent permitted and as restricted by law;

6.4.2 when disclosure is required to maintain the security and integrity of the Website or the Application, or to protect any user’s security or the security of other persons, consistent with applicable laws;

6.4.3 when disclosure is directed or consented to by the user who has input the personal information; or

6.4.4 in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of its assets, your information will, in most instances, be part of the assets transferred.

6.5 Opt-In for Promotions:

We do not share personally identifiable information with other third-party organizations for their marketing or promotional use without your consent or except as part of a specific program or feature for which you will have the ability to opt-in.

6.6 With Your Consent:

Except as set forth above, you will be notified when your information may be shared with third parties and will have the option of preventing the sharing of this information.

Please note that we may retain certain personal information after your account has been terminated. We reserve the right to use your information in any aggregated data collection after you have terminated your account, however we will ensure that the use of such information will not identify you personally.

6.7 Accountability for onward transfer:

Sybrillo will not transfer personal data originating in the EU or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your personal data as required by the Privacy Shield Principles. We acknowledge our liability for such data transfers to third parties.

By registration on the Website you give your express consent to the transfer of the personal data as detailed above.

Is information about me secure?

We take commercially reasonable measures to protect all collected information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Please understand that you can help keep your information secure by choosing and protecting your password appropriately, not sharing your password and preventing others from using your computer. Please understand that no security system is perfect and, as such, we cannot guarantee the security of the Website, or that your information won’t be intercepted while being transmitted to us. If we learn of a security systems breach, then we may either post a notice, or attempt to notify you by email and will take reasonable steps to remedy the breach.

Children's Privacy

Our Website and Application is not directed to children under 16 and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information of a child under 16 we will take steps to delete such information from our files as soon as possible. If you are aware of anyone under 16 using the Website or the Application, please contact us at hello@sybrillo.com.

Links to Third Party Sites and Services

This Website may contain links to third party websites operated by individuals or companies unrelated to us. Please be aware that we are not responsible for the privacy practices of such third party websites. We provide links to these websites for your convenience only and you access them at your own risk. We recommend that you review the privacy policies and terms of use posted on and applicable to such third party websites prior to utilizing them.

Your Privacy Rights

10.1 Access and Retention:

If you have a Website account, you can log in to view and update your account information. You have the right to obtain confirmation of whether or not we are processing personal data relating to you, have communicated to you such data so that you could verify its accuracy and the lawfulness of the processing and have the data corrected, amended or deleted where it is inaccurate or processed in violation of the Privacy Shield Principles.

We encourage you to contact us at hello@sybrillo.com with your questions or concerns, or to request edits to your personal information, or to have it removed from our database. Requests to access, change or remove your personal data will be handled within 30 days.

10.2 Additional Rights for EU Territory:

If you are from the territory of the EU, you may have the right to exercise additional rights available to you under applicable laws, including:

10.2.1 Right of Erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.

10.2.2 Right to Object to Processing: You may have the right to request Sybrillo to stop processing your personal information and/or to stop sending you marketing communications.

10.2.3 Right to Restrict Processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).

10.2.4 Right to Data Portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.

If you would like to exercise such rights, please contact us at hello@sybrillo.com. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

You also have the right to complain to the EU Data Protection Authority about our collection and use of your personal data. For more information, please contact your local EU Data Protection Authority.

Recourse, Enforcement and Liability

11.1 Sybrillo is committed to protecting your personal data as set forth in this Policy. If you think we are not in compliance with our Policy, or if you have any question or if you wish to take any other action concerning this Policy, contact us at hello@sybrillo.com. You can also contact us at our contact office at 541 Jefferson Ave., Suite 100 Redwood City, CA 94063. We will investigate your complaint, take the appropriate action and report back to you within 30 days. In addition, if you are from the territory of the EU, you also have the right to complain to the EU Data Protection Authority about our collection and use of your personal data. For more information, please contact your local EU Data Protection Authority.

11.2 If the personal data in question was transferred from the EU or Switzerland to the United States and you are not satisfied with our response, we have further committed to refer unresolved Privacy Shield complaints to the dispute resolution procedures of the EU Data Protection Authorities. Sybrillo will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints concerning personal data that is transferred from the EU to the United States brought under Privacy Shield. For complaints involving personal data transferred from Switzerland, we commit to cooperate with the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) and comply with the advice given by the FDPIC. Complaints regarding processing of personal data pertaining to data subjects located in the EU and Switzerland may be reported by the individual to the relevant Data Protection Authority.

These recourse mechanisms are available at no cost to you. Damages may be awarded in the accordance with the applicable law.

You may be able to invoke binding arbitration under certain conditions with the arbitrational mechanism of the Privacy Shield Panel of arbitrators, if you are not satisfied with the above recourse mechanism. The arbitration is available to you to determine, for residual claims, whether Sybrillo has violated its obligations under the Principles as to you, and whether any such violation remains fully or partially unremedied.

Your decision to invoke the binding arbitration option is entirely voluntary. The arbitral decisions will be binding on all parties to the arbitration.

Modifications to this Policy

We will modify this Policy if our privacy practices change. We will notify you of such changes by posting the modified version on our Website and indicating the date it was last modified, and, if the changes are significant, we will provide a more prominent notice (including by email in certain instances). The date this Policy was last modified is at the top of this page. Please periodically review this Policy so that you are familiar with the current Policy and aware of any changes.

Questions

If you have any questions concerning this Policy or the Services, please contact us at hello@sybrillo.com. You can also contact us at our contact office at 541 Jefferson Ave., Suite 100 Redwood City, CA 94063.