With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Lokker is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Lokker also complies with applicable United States state privacy laws, including those applicable to California citizens under the California Consumer Privacy Act.
Lokker is the provider of certain applications and services, and in connection with these applications and services Lokker provides certain marketing and technical services, which might also include technical support services (collectively “Services”) to its customers in the U.S., EEA, Switzerland and the United Kingdom through employees who may be located in the U.S. U.S.-based employees and U.S.-based customers may process Personal Data in connection with the Services to end users of the Services, customers, and prospective customers located anywhere in the world, including in the EEA, Switzerland or the United Kingdom.
Lokker collects data and information it receives when an individual uses a web browser or other similar web application or device to visit a website on the Internet. Lokker may also combine data and information it collects with data and information received from third parties. Some, but not all, of this data and information may be Personal Data.
Lokker may have access to certain non-identifying information of users and third parties, such as browser type and version, operating system, ad blocker type, and similar technical and other information made available by the user’s browser, device, or Internet provider. This information is not Covered Data (as defined below) and Lokker may collect, store, process, and use this information without limitation. For clarity, IP addresses are treated as Personal Data, as further described below.
Lokker may collect, store, and process the following categories of Personal Data: IP address, device identifiers, browsing and search history, full name, mailing address, email address, phone number, , and other personally identifiable information. Due to the nature of the Services, Lokker may also collect Sensitive Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; or concerns health or sex life and sexual orientation. Personal Data and Sensitive Personal Data are, collectively, the “Covered Data.”
When Lokker processes Covered Data, Lokker does so only for the purpose of providing Services pursuant to its customer’s or prospective customer’s instructions. Lokker will not sell any Covered Data to third parties. However, Lokker may collect, store, and process anonymized forms of Covered Data, and use that anonymized data for its own analytical and other purposes.
Lokker employees located in the U.S. may provide Services for customers located throughout the world, including in the EEA, Switzerland or the United Kingdom. To provide such Services, Lokker may access and use Covered Data. Lokker will apply the following Privacy Shield Principles to Covered Data physically or remotely transferred from the EEA, Switzerland or the United Kingdom to the U.S.
In providing the Services, Lokker processes the Covered Data that its customers or prospective customers request from, share with, or provide to Lokker. Lokker has no direct or contractual relationship with the subject of such Covered Data (a “Data Subject“). As a result, when a customer or prospective customer requests, shares or provides access to Covered Data, the customer or prospective customer is solely responsible for satisfying all legal obligations owed directly to the Data Subject under applicable data protection laws.
As required by applicable law (including, without limitation, the Privacy Shield), Data Subjects may have the right to access the Covered Data an organization holds about them. If such Covered Data is inaccurate or processed in violation of the Privacy Shield Principles, a Data Subject may also have a right to request that Covered Data be corrected, amended, or deleted.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
When Lokker receives Covered Data, it does so on its customer’s or prospective customer’s behalf. To request access to, or correction, amendment or deletion of, Covered Data, Data Subjects should contact the Lokker customer or prospective customer that collected their Covered Data. Lokker will cooperate with its customers’ and prospective customers’ reasonable requests to assist Data Subjects to exercise their rights, if any, existing under the Privacy Shield.
As required by applicable law (including, without limitation, the Privacy Shield), Data Subjects may have the right to opt out of (a) sale or disclosures of their Covered Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Covered Data for purposes materially different from those disclosed at the time of collection or subsequently authorized. Lokker’s customers are responsible for informing Data Subjects when they have the right to opt out of such uses or disclosures.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
Data Subjects who wish to limit the use or disclosure of their Covered Data should submit their request to Lokker's customer or prospective customer that controls the use and disclosure of their Covered Data. Lokker will cooperate with its customers’ and prospective customers’ instructions regarding Data Subjects’ choices. In some cases, Data Subjects might not have a legal right to limit use or disclosure of their Covered Data. Although Lokker strives to provide equal service to those Data Subjects that elect to limit the use of their Covered Data, some services (such as personalization services) might be adversely impacted due to the lack of data.
Lokker uses reasonable efforts to maintain the accuracy and integrity of Covered Data and to update it as appropriate. Lokker has implemented physical and technical safeguards to protect Covered Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Covered Data is stored on a secure network with firewall protection, and access to Lokker's electronic information systems requires user authentication via password or similar means. Lokker also employs access restrictions, limiting the scope of employees who have access to Covered Data subject to this Policy.
Further, Lokker uses secure encryption technology to protect certain categories of Covered Data. Despite these precautions, no data security safeguards guarantee 100% security all of the time.
Lokker will not retain Covered Data longer than allowed by applicable law or regulation.
Lokker's customers are responsible for limiting their collection of Covered Data to that which is necessary to accomplish the purposes disclosed to Data Subjects and compatible purposes. They also are responsible for providing Lokker with instructions for the processing of Covered Data consistent with such purposes. Lokker will process Covered Data only in accordance with the customer’s or prospective customer’s instructions. Lokker will not sell any Covered Data to third parties.
Lokker's customers also are responsible for ensuring that (a) Covered Data they collect is accurate, complete, current and reliable for its intended uses; and (b) Covered Data is retained only for as long as is necessary to accomplish the customer’s or prospective customer’s legitimate business purposes disclosed to the Data Subject and for compatible purposes. Lokker will cooperate with customers’ and prospective customers’ reasonable requests for assistance in meeting these obligations.
In the performance of Services, Lokker will request only the minimum amount of information required to perform the applicable Services and will retain such information only for as long as necessary to provide the Services or for compatible purposes, such as to provide additional Services, to comply with legal requirements, or to preserve or defend Lokker's legal rights.
To the extent Covered Data includes human resources (HR) data, Lokker commits to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable (collectively, “Panel”), and comply with the advice given by the Panel with regard to that HR data transferred from EU, Switzerland and/or the United Kingdom, as applicable, in the context of the employment relationship.
Lokker will not disclose Covered Data to a third party, except as stated below:
Lokker may disclose Covered Data to subcontractors and third-party agents who assist Lokker in providing Services to its customers or assist Lokker in processing data as permitted in this Policy. Before disclosing Covered Data to a subcontractor or third-party agent, Lokker will obtain assurances from the recipient that it will: (a) use the Covered Data only to assist Lokker as provided in this Policy; (b) provide at least the same level of protection for Covered Data as required by the Principles; and (c) notify Lokker if the recipient is no longer able to provide the required protections. Upon notice, Lokker will act promptly to stop and remediate unauthorized processing of Personal Date by a recipient.
Lokker's accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Lokker remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Lokker proves that it is not responsible for the event giving rise to the damage.
Lokker may also be required to disclose, and may disclose, Covered Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. To the extent permitted, Lokker will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.
Lokker has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Data Subjects with questions about how Lokker processes Covered Data, or Data Subjects who are EU or Swiss individuals, who wish to request access to, limit use of, or limit disclosure of Covered Data should first contact the Lokker customer or prospective customer that collected the Covered Data. Lokker's Legal Department can be contacted by emailing firstname.lastname@example.org.
This policy is executed in English and may be translated into other languages. In the event of any conflict or discrepancy between the English language version and a translated version, the English language version of this policy shall control.
Lokker may revise this Policy at any time. If Lokker decides to materially change this Policy, Lokker will post the revised Policy at this location.
Effective Date: August 11, 2020; last revised January 21, 2021.