This privacy policy (“Privacy Policy”) is intended to provide you with the specific details about how LIST Company, Inc. (“Company,” “we,” and “us”) collects and processes your personal and personally identifiable information through your use of the Company Website (“Website”). Company is the data processor and data controller of all information collected through the Website.
You understand and agree that Company may store and process your Personal Information on computers located outside of the European Union, including, but not limited to, in the United States. By using the Website, you agree to the collection and processing of your Personal Information outside of the European Union.
Before using the Website or providing information to us, please carefully review this Privacy Policy. By using or accessing the Website, you agree that we may collect and use your information in accordance with this Privacy Policy, as revised from time to time. If you have any questions or suggestions regarding our Privacy Policy, or if your personal information is not accurate or complete, please contact our Data Protection Officer at:
By providing Company with your personal or personally identifiable data and using the Website, you warrant that you are over the age of eighteen (18) or otherwise above the age of majority within your jurisdiction. If you are younger than eighteen (18) or the age of majority within your jurisdiction, please do not use the Company Website and please do not provide personal information to us.
2. Personal Information Collected
When you use the Website, we may collect personal or personally identifiable information from you (“PII”). PII may include any information capable of identifying an individual, but it does not include anonymized data.
We may collect and process the following categories of PII about you:
Communication Data. Communication data includes any communications that you may send to us through the website, email, chat, telephone, and social media. We process this data to communicate with you, to record logs of our communication, and to store information to respond to legal claims, including lawful requests by public authorities, including to meet national security or law enforcement requirements. Company’s lawful ground for processing this communication data is to respond to communications sent by you to us, to keep records of our communication, and to pursue or defend against legal claims.
User Data. User data includes data about how you use the Website and any data that you post to or authorize through the Website. We collect and process this data to operate the Website and to ensure that timely and relevant content is provided to you, to secure the Website, and to maintain backups of the Website. Company’s lawful ground for processing this user data is its legitimate business interests in administering and offering the Website.
Technical Data. Technical data includes data about your use of the Website, such as your IP address, your login data, your phone number, your operating system, your geolocation, and your time zone. Company may collect this data from your use of the Website and from advertising IDs. Company processes this data to analyze your use of the Website, to administer and secure the Website, to provide location-relevant content, to deliver relevant content and advertisements, and to understand the effectiveness of Company’s advertisements. Company’s lawful ground for collecting and processing this technical data is its legitimate interests in administering and offering the Website and to grow its business and marketing strategy.
Marketing Data. Marketing data includes data about your preferences in receiving information from and interacting with the Website, such as whether you would like to subscribe to the Company’s newsletters. Company collects this data from your use of the Website. Company’s lawful ground for collecting and processing this marketing data is its legitimate interests in administering and offering the Website and to grow its business and marketing strategy.
Personally Sensitive Data. Personally sensitive data includes data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, union membership, or information about your health. Company does not collect or use personally sensitive data in the Website.
Company will only use your PII for the purpose for which it was collected. In the event that Company needs to use your PII for an unrelated new purpose, Company will provide you with notice of this new use and will explain the lawful ground for such processing. Company may process your PII without your knowledge or consent where required or permitted by law.
Company does not use your PII to automatically make any decisions related to creditworthiness.
3. Collection of Data From Third Parties
Company may collect data about you through cookies and other technologies. This helps Company understand how you use the Website and to understand any patterns that may be associated with your use of the Website. This aids Company in developing or improving its Website in response to your needs or wants.
Company may use session or persistent cookies. Session cookies are only stored on your computer or mobile device during your use of the Website and are automatically deleted when you close your web browser. Persistent cookies are stored as a file on your computer or mobile device that remain on your computer or mobile device even after you close your web browser. Persistent cookies can be read by the website that created the cookie when you revisit it again. Company may use persistent cookies when it utilizes Google Analytics or other analytics providers, which is intended to track the origin and behavior of traffic to the Website.
Company may also receive data from third parties including analytics providers or third-party advertising networks such as those owned by Google, Facebook, Amazon, or Apple. These third parties may be based outside of the European Union.
4. Marketing Communications
As stated above, Company’s lawful ground for sending you marketing communications is either your consent or its legitimate business interests, such as to grow its business. Company may send you marketing communications if you have asked for information concerning its goods or if you have agreed to, and have not opted out from, receiving marketing communications. You may ask Company to stop sending you marketing messages at any time by logging into the Website, navigating to the Account Dashboard, and adjusting your marketing preferences or by following the opt-out link in any marketing message sent to you. If you opt out of receiving marketing communications, your opt-out does not extend to PII provided for other purposes.
5. Disclosure of Personal Information
Company may share your PII with the following parties:
• Other companies within the LIST Company, Inc. group of companies, which share technological infrastructure; • Third-party service providers that provide Company with information technology or other administrative services; • Company’s accountants, auditors, insurers, or attorneys; and • Government bodies that require Company to report its processing activities.
Company may also transfer PII to third parties when it sells, transfers, or merges any part of its business or assets.
Company requires all third parties that receive a transfer of PII from Company to maintain the same level of respect for the protection of PII as Company and Company only allows third parties to process your personal data for the specific purposes listed in this privacy policy.
6. Data Security
Company has put into place data security measures to protect your PII. Company allows access to your PII only by employees and service providers who have a need to know or access your PII on Company’s instructions. Company will notify you and any regulatory body of any breach of your PII or Company’s security measures if it is legally required to do so.
7. Retention of Data
Company will only retain your PII for so long as necessary to fulfill the purposes for which it is collected under this Privacy Policy or for the purposes of satisfying any legal, accounting, or reporting requirements, including to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
8. Right to Access
Under the law, you may have a right to request access to your PII for correction, transfer, erasure, or restriction, or to object to its processing or withdraw your consent. If you wish to exercise any of these rights, please contact Company’s Data Protection Officer as disclosed in this Privacy Policy.
You do not need to pay a fee to access your PII or to exercise your rights. However, Company may charge a reasonable fee if your request is unreasonable or excessive.
To confirm your request, Company may need to request specific information from you as a security measure to ensure that PII is not disclosed to an unauthorized third party. Company will attempt to respond to all legitimate requests within thirty days.
9. Third Party Links
Company’s Website may include links to third party websites and applications. By clicking on third party links, you may allow third parties to collect or share data about you. Company does not control these third-party links and you are advised to review their respective privacy policies.
10. Responding to Do Not Track Signals
You can generally opt-out of receiving personalized ads from third party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out pages on the NAI website and DAA website. Our websites are not currently set up to respond to browser do-not-track signals, but you can configure your browser settings to reject all cookies or prompt you before a cookie is set.
11. California Consumer Privacy Act
California residents have the right to request, up to twice in a year and free of charge, that the Company disclose to you the categories and specific pieces of personal information that the Company has collected from you upon the receipt of a verifiable consumer request, which is a request that the Company can reasonably verify. Upon receipt of a verifiable consumer request, the Company may provide the requested information by mail or electronically. California residents may request the categories of personal information collected, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting or selling personal information, the categories of third parties with whom the Company shares personal information, and the specific pieces of personal information the Company has collected.
California residents also have the right to request that the Company delete any personal information which the Company has collected from you. However, the Company is not required to delete any personal information that is necessary for the Company to maintain in order to complete a transaction or provide a requested good or service, detect, protect against, or prosecute security incidents, debug or repair errors, exercise free speech rights or to ensure the rights of others to exercise free speech rights, comply with the California Electronic Communications Privacy Act, engage in public or peer-reviewed research, enable solely internal uses, comply with legal obligations, or use the personal information, internally, in a manner that is compatible with the context in which you provided the information.
Though the Company does not sell your PII, California residents also have the right, at any time, to direct the Company to opt out of the sale of your personal information.
Requests for personal information under this section may be made by calling the Company at (864) 845-6767 or by emailing privacy@listcompanyinc.com.
12. Policy Shield
Company complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Company has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
In compliance with Privacy Shield Principles, Company commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Company at:
Company has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Through Company’s participation in Privacy Shield, it is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Additionally, under certain circumstances, you may be able to invoke binding arbitration for a violation of the privacy principles under the GDPR. To invoke arbitration, you must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with the Company and afford the Company an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Principles; (2) make use of the independent recourse mechanism under the Principles, which is at no cost to you; and (3) raise the issue through the Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce, at no cost to you. This arbitration option may not be invoked if the your same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties. In addition, this option may not be invoked if an EU Data Protection Authority or the Commissioner (1) has authority under Sections III.5 or III.9 of the Principles; or (2) has the authority to resolve the claimed violation directly with the organization. A DPA’s/the Commissioner's authority to resolve the same claim against an EU or a Swiss data controller does not alone preclude invocation of this arbitration option against a different legal entity not bound by the DPA/Commissioner's authority.
The Privacy Shield requires that the Company has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Company will remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Company proves that it is not responsible for the event giving rise to the damage.
13. Notification of Changes
Whenever Company changes its Privacy Policy, we will post those changes to this Privacy Policy and other places that we deem appropriate. Your use of the Company Website following these changes indicates your consent to the practices described in the revised Privacy Policy.
14. Contact Us
If you have any questions about this Privacy Policy or the manner by which we collect or use Personal Information about you, email us at privacy@listcompanyinc.com