Acker, Merrall & Condit Company
 
GDPR Compliance Policy
 
Last modified: May 24, 2018
 
This Policy on the General Data Protection Regulation (GDPR), applies to only those users based in European Union (EU) member states and the United Kingdom, or who are subject to EU law in relation to personal data we collect from them.
 
For the avoidance of doubt, for users based in the EU member states and the United Kingdom, or who are subject to EU law in relation to personal data we collect from them, this GDPR Compliance Policy is an extension of the Conditions of Use, the Privacy Policy and Cookies and Web Beacons Policy, and is incorporated therein by this reference, however, in the event of any contradiction between this GDPR Compliance Policy and (i) the Conditions of Use, or (ii) the Privacy Policy, or (iii) the Cookies and Web Beacons Policy, the GDPR Compliance Policy shall prevail to the extent of such inconsistency. All capitalized terms not otherwise defined in this GDPR Compliance Policy shall have the same definitions ascribed to them in the Privacy Policy.
 
The GDPR is the new comprehensive EU legislation on the protection of personal data and its free movement, which shall come into effect on May 25, 2018. The law intends to create uniform data privacy and protection laws throughout the EU member states and clarify, strengthen and elevate the rights of EU citizens and residents in relation to protecting their personal information. The GDPR applies to us in relation to any offers of products and services we make to you and any personal data we collect from you.
 
The information that is protected by the GDPR is “personal” and “sensitive personal” data. Personal data includes information such as your name, mailing address, e-mail address, financial information, photos and videos and online identifiers such as IP address and cookies..
 
GDPR requires that we follow privacy principles outlined in Article 5 of the GDPR and comply with at least one of the GDPR’s personal data processing conditions.
 
We generally do not collect sensitive personal data which includes, without limitation, information such as racial or ethnic origin, political opinions, religious, or philosophical beliefs, trade union membership, genetic, biometric and health data. GDPR requires that if we did or if we do, we should follow privacy principles outlined in Article 9 of the GDPR and comply with at least one of the GDPR’s personal data processing conditions relevant to sensitive personal data.
 
Data Controller
 
As your personal data controller, we are required to conduct data privacy impact assessments, obtain appropriate consent from you (which consent you may withdraw at any time) before collecting your personal data, implement privacy by design (a concept involving proactively putting in place measures that ensure the security of personal data and processes that use such information), and to respect the eight (8) rights of users which are explained below.
 
Your Data Rights
 
The eight (8) rights that you as the user have under the GDPR with regards to when your personal information is collected, include, the right (i) to receive transparent information about data processes; (ii) of access to one’s own personal data; (iii) of correction and amendment of personal data; (iv) to expunge personal data; (v) to curtail and restrict personal data processing; (vi) to use personal data for other purposes; (vii) to objection of the processing of personal data; and (viii) in relation to protection of personal data from automation processes.
 
Data Processor Requirements Under the GDPR
 
We utilize the services of certain data processors such as Google Analytics. In some respects we may be considered as acting as a data processor. The GDPR recognizes the responsibility of data processors to maintain, secure and process collected personal data. Going forward, our data processors will be required to (i) keep and maintain written records for such data processing they carry out for us, (ii) put in place appropriate security measures in relation to the protection of your personal data, and (iii) notify us as soon as possible of any data breaches that occur, which information we are in turn required to pass on to you. To the extent that, at any time or from time to time, we may be considered to be acting as data processors, we shall endeavor to comply with this requirement.
 
In case you have any questions regarding your personal data and the application of the GDPR, please contact us and we shall be happy to assist you.