Data Protection Framework
ELEMENT FOUR is based within the United States. We have developed our Privacy Policy with applicable best practices as recommended by NIST, ISO 27001 and the CIA Triad. 

1. Customer and Citizen Data
You may decide to send us your personal information via this website if you are seeking more information, requesting to attend one of our events, requesting access to our support ticket system, making payments for our Services, or for other similar purposes. Your decision to disclose your personal data is entirely voluntary, and by doing so, you are providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us.

We will at all times handle and store your personal data in accordance with industry best practices aligned with NIST, ISO 27001 and the CIA Triad. This includes the activities and procedures undertaken by our own personnel and authorized third parties (see Section 5), and the technical controls which we have implemented to prevent unauthorized access, compromise or theft of information from our applications, supporting computer systems and premises.

We use information about you as mentioned above and as follows:

• To provide our Services–for example, to set up and maintain your account or charge you for any of our paid products or services;
• To further develop our Services–for example by adding new features that we think our users will enjoy;
• To monitor and analyze trends and better understand how users interact with our Services, which helps us improve our Services and make them easier to use;
• To monitor and protect the security of our Services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of ELEMENT FOUR and others;
• To communicate with you (with you specific consent to do so) about services/promotions offered by ELEMENT FOUR, solicit your feedback, or keep you up to date on ELEMENT FOUR and our products/services; and
• To personalize your experience using our services, provide content recommendations and serve relevant advertisements.

How We Share Information

We do not sell our users’ private personal information. We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:

• Subsidiaries, Employees, and Independent Contractors: We may disclose information about you to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information in order to help us provide our Services or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Policy for personal information that we share with them.
• Third Party Vendors: We may share information about you with third party vendors who need to know information about you in order to provide their services to us. This group includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information) and those that help us understand and enhance our Services (like analytics providers). We require vendors to agree to privacy commitments in order to share information with them.
• As Required by Law: We may disclose information about you in response to a subpoena, court order, or other governmental request.
• To Protect Rights and Property: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of ELEMENT FOUR, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
• Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that ELEMENT FOUR goes out of business or enters bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
• With Your Consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so, such as the social media services that you connect to your site through our Publicize feature.
• Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
• Other Site Owners: If you have an account and leave a comment on a site that uses our Services, your IP address and the email address associated with your account may be shared with the administrator(s) of the site where you left the comment.
• Published Support Requests: And if you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other users.

Information Shared Publicly

Information that you choose to make public is–you guessed it–disclosed publicly. That means, of course, that information like your public profile, posts, other content that you make public on your website, and your “likes” and comments on other websites that may use our Services, are all available to others. We provide a stream of public data (like posts and comments) from sites that use our Services to provide that data to subscribers, who may view and analyze the content, but do not have rights to re-publish it, publicly. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.

2. Sensitive Personal Data
GDPR specifies a set of personal data categories which are considered to be “sensitive”, and which require special consideration by Data Controllers. This website, and any services available from this website, do not knowingly collect or process any sensitive personal data. 

3. Children’s Personal Data
This website, and any Services available from this website, are not directed to children under the age of 13. If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact ELEMENT FOUR Data Protection Officer (see Section 9) immediately so that we can take appropriate action.

4. ELEMENT FOUR Customer and EU Citizen Data Rights
As prescribed within data protection regulations, you have several rights connected to the provision of your personal data to ELEMENT FOUR using this website. These include your rights to request that ELEMENT FOUR:

• confirms to you what personal data it may hold about you, if any, and for what purposes
• changes the consent which you have provided in relation to your personal data
• corrects any inaccurate or incomplete personal data which may be held about you
• provides you with a complete copy of your personal data for you to move elsewhere
• stops processing your personal data, whilst an objection from you is being resolved
• permanently erases all your personal data promptly, and confirms to you that it has done so (there may be reasons why we may be unable to do this)

If/when an individual contacts the company requesting this information, this is called a Subject Access Request (SAR). Subject Access Requests from individuals should be made by email, addressed to the data controller at dpo@element-4.com. The data controller can supply a standard request form, although individuals do not have to use this.

Individuals may be charged $10 per subject access request. The data controller will aim to provide the relevant data within 14 days. The data controller will always verify the identity of anyone making a subject access request before handing over any information.

5. Website Cookies
This website uses cookies to record log data. We use both session-based and persistent cookies, dependent upon how you use or interact with this website. Cookies are small text files sent by us to your computer, or from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them, or until they expire.

We use cookies which are not specifics to your account but are unique and allow us to undertake website analytics and customization, among other similar things. If you decide to disable some or all cookies, you may not be able to use some of the functions on our website. We may use third-party cookies, for example Google Analytics, and you may choose to opt-out of third-party cookies from their website.

If you do not want these cookies to be served on your device, you are able to disable them by changing the settings on your browsers or third-party software can allow you to block cookies while you use this Website site. If you want to know how to do this, please look at the menu on your browser, or visit www.allaboutcookies.org for more information about cookies and how you can turn them off. Or, you can use third-party “anonymizer” services to mask information in your cookies, or even general data such as your IP address. In such cases you would not be able to take advantage of most of the personalization Services offered by ELEMENT FOUR. Please note that if you do decide to disable cookies you may not be able to access this Website, some of the features of this Website or this Website may not function properly. By continuing to use this Website you consent to the relevant cookies being set on your device.

7. External Links
This website may include relevant hyperlinks to external websites not controlled by ELEMENT FOUR. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be provided to you. You are advised, therefore, that your use of external links is at your own risk and we cannot be responsible for any damages or consequences caused by your use of them.

8. Changes to this Privacy Policy
We may change this Privacy Policy from time to time.  If you continue to access this website or use Services available from this website after those changes have come into effect, you will have agreed to the revised policy.

9. Contacting ELEMENT FOUR
If you have any questions about this Privacy Policy, would like to exercise any of your statutory rights, or to make a complaint, please write to:

The Data Protection Officer
ELEMENT FOUR, Inc.
email: dpo@element-4.com