Overview

Service Terms

Master Services Agreement (MSA)

Service Levels, Software Maintenance, and Support Services

Software Limitations and API Terms of Use

Terms for Authorized Users

EU Data Regulations

Global Privacy Hub

Data Processing Agreement (DPA)

Privacy Policy

Technical and Organizational Security Measures (TOM)

 

Privacy Policy

Last updated: February 26, 2026

This privacy policy (“Policy”) describes how Partium Technologies GmbH (“Company,” “we,” and “our”) collects, uses and shares Personal Data (as defined below) when using this website (the “Website”). This notification is solely relevant when Partium acts as the Controller of personal data. For example, this pertains to personal data of Partium website visitors, job candidates or business-to-business contact information. When Partium processes personal data on behalf of its customers, Partium functions as a Processor; that processing is not covered by this Policy. If you have inquiries concerning how Partium's customers use our solutions to process your personal data, please reach out to the IT administrators and privacy department of your organization directly.


1.   PURPOSE OF PROCESSING
What is Personal Data?

We collect information about you in a range of forms, including Personal Data. As used in this Policy, “Personal Data” is as defined in the European Data Protection Directive 95/46/EC/General Data Protection Regulation 2018 and any successor legislation, this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address and telephone number.


Why do we need your Personal Data?

If you used our Website, you may have been asked to agree to provide Personal Data. We will only process your Personal Data in accordance with applicable data protection and privacy laws. Your consent provides us with the legal basis we require under applicable law to process your data. You maintain the right to withdraw such consent at any time. If you do not agree to our use of your Personal Data in line with this Policy, do not use our Website.

We may use your Personal Data as follows:

  • to operate, maintain, and improve our services;
  • for marketing and sales activities as described in detail above;
  • as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce our Policy; (d) to protect our rights, privacy, safety or property, and/or that of you or others; and (e) as described in the “Sharing of your Personal Data” section below.

2.   COLLECTING YOUR PERSONAL DATA

We collect information about you in the following ways:

Information you give us voluntarily. This includes the Personal Data you provide when you opt to use our Website Forms.

Information automatically collected. We also automatically collect some technical and navigational information from your visit to our Website. The purpose of the information is for administering the Website, tracking visitors’ journey on the Website, and gathering demographic information.

The information collected includes:

  • browser type and version,
  • operating system,
  • referring/exit pages,
  • name of the retrieved files, information or webpages,
  • date and time stamp, and
  • IP address (Internet protocol address) of the end device from which Website is accessed.

Use of cookies. In the context of our Website, cookies and tracking mechanisms may be used. Cookies are small text files that may be stored on your device when visiting our Website. Tracking is possible using different technologies. In particular, we process information using pixel technology.
When visiting our Website, you will be asked in a cookie layer whether you consent to our using of any marketing cookies or tracking mechanisms, respectively.
In our privacy settings, you may withdraw the consent with effect for the future or grant your consent at a later point in time.

Third-party Service Providers. The Website incorporates content and services from other providers (e.g., YouTube, Google) who, in turn, may use cookies and active components. Partium has no influence on the processing of Personal Data by these providers. The Website may provide links to the websites and/or services of Third-party Service Providers. The option provided by Partium to configure settings for cookies used has no effect on cookies and active components from other providers (e.g., YouTube, Google).
Refer to the respective provider‘s privacy policies for information about how your data is handled by them.

 

Automated Decision Making and Profiling. We may use your personal image data for the purposes of automated decision-making, profiling, and visual search results. We may also use this data to fulfill obligations imposed by law, in which case we will inform you of any such processing and provide you with an opportunity to object.

Website Forms. We use the HubSpot service to provide the following online forms. For this we forward your data to HubSpot, which process the data exclusively on our behalf. See privacy policy for “HubSpot”.

  • Content download. In order to make our downloadable content available to you, we collect Personal Data from you with the following considerations:
    • Data collected: E-mail address, last name, first name, salutation, job title, telephone number.
    • Purpose: Personalized delivery of the requested content.
    • Legal basis: Art. 6 Clause 1.b of the GDPR.
  • Newsletter. If you subscribe to our newsletter, we will save your e-mail address and use it to send you the newsletter with the following considerations.
    • Data collected: E-mail address, last name, first name, salutation, job title, telephone number.
    • Purpose: Delivery of the requested newsletter subscription.
    • Legal basis: Art. 6 Clause 1.b of the GDPR.
    • Specific consent cancellation: You can unsubscribe from our newsletter at any time via a link included in each issue. We will delete your e-mail address from our distribution list. Alternatively, you can unsubscribe from the newsletter at any time by contacting us.
  • Contact form. In order to provide you with our contact form, we collect Personal Data from you with the following considerations:
    • Data collected: E-mail address, last name, first name, salutation, job title, telephone number.
    • Purpose: Contact you.
    • Legal basis: Art. 6 Clause 1.b of the GDPR.

3.   SHARING YOUR PERSONAL DATA

We may share your Personal Data as follows:

  • Our Third-party Service Providers and Affiliates. We may share your Personal Data with our Affiliates, defined as any entity that directly or indirectly controls, is controlled by, or is under common control with Partium, and Third-party Service Providers who provide services such as website traffic analysis and demographics. These third parties are only permitted to use your Personal Data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your Personal Data.
  • Data Controller. We may share your Personal Data with the data controller of the application or website where you utilized our service.
  • Corporate Restructuring. We may share Personal Data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
  • Other Disclosures. We may share Personal Data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.

4.   ANONYMOUS DATA

“Anonymous Data” means data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party. We may create Anonymous Data from the Personal Data we receive about you and other individuals whose Personal Data we collect.

 

5.   International Data Transfer

Your information, including Personal Data that we collect from you, may be transferred to, stored at, and processed by us and our affiliates outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our services, you agree to this transfer, storing, or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.


6.   SECURITY

We seek to use reasonable organizational, technical and administrative measures to protect Personal Data within our organization (see Partium's Technical and Organizational Security Measures for more details).

Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us using the details in Section 12 below.


7.   RETENTION

We will retain your Personal Data indefinitely unless you choose to revoke access.


8.   OUR POLICY ON CHILDREN

Our service is not directed to children under 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us using the details in Section 12 below. We will delete such information from our files as soon as reasonably practicable.


9.   SENSITIVE PERSONAL DATA

Subject to the following paragraph, we ask that you not send us, and you not disclose, any sensitive Personal Data (e.g., photographs of social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) (the "Sensitive Personal Data") on or through the Website or otherwise to us.

If you send or disclose any Sensitive Personal Data through our Website or otherwise to us, you consent to our processing and use of such sensitive Personal Data in accordance with this Policy. If you do not consent to our processing and use of such Sensitive Personal Data, you must not submit it.


10.   YOUR RIGHTS
  • Opt-out. You may contact us anytime to opt-out of: (i) our collection of Personal Data; (ii) any new processing of your Personal Data that we may carry out beyond the original purpose; or (iii) the transfer of your Personal Data outside the EEA. Your use of some of our services (e.g., Newsletter subscription) may be ineffective upon opt-out.
  • Erase and forget. In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.

If you wish to exercise any of these rights, contact us using the details in Section 12 below.


11.   COMPLAINTS

We are committed to resolving any complaints about our collection or use of your Personal Data. If you would like to make a complaint regarding this Policy or our practices in relation to your Personal Data, contact us using the details in Section 12 below. We will reply to your complaint as soon as we can and in any event, within 45 days. We hope to resolve any complaint brought to our attention. However, if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority.


12.   CONTACT INFORMATION

You may contact us in writing at legal@partium.io.


13.   EU PRIVACY POLICY

Privacy laws in the European Union (“EU”) give individuals certain rights in respect of their personal information. This policy provides a framework for responding to requests to exercise those rights. It is the Company’s policy to ensure that requests by individuals covered by this policy to exercise their rights in respect of their personal information are handled in accordance with applicable law.

This policy applies to all individuals based in the EU (“EU Individuals”). EU Individuals may be employees or former employees, contractors, consumers, end-users, employees of customers, service providers, employees of service providers and any other person based in the EU whose personal information the Company processes.

For the purposes of this policy, “EU Personal Data” means any information relating to an identified or identifiable EU Individual. An identifiable EU Individual is one who can be identified, directly or indirectly, by reference to an identifier, such as a name, identification number or online identifier. “Processing” means any operation or set of operations which is performed on EU Personal Data or sets of EU Personal Data, such as collection, use, storage, dissemination and destruction.

This policy only applies to the EU Personal Data Processed by the Company. Other individuals may also have rights regarding their personal information but they are not covered by this policy.


13.1.   Right to Access EU Personal Data

EU Individuals have the right to request access to their EU Personal Data Processed by the Company. Such requests are called subject access requests (“SARs”). EU Individuals can make SARs to find out what EU Personal Data the Company has about them.

When an EU Individual makes a SAR the Company must, unless there is an exemption under applicable law (see Section 13.8 "Exemptions" below), take the following steps.

  1. Log the date on which the request was received by the Company (to ensure that the relevant timeframe of one month for responding to the request is met).
  2. Confirm the identity of the EU Individual who is the subject of the EU Personal Data. This may be very straightforward in the case of a current employee but more difficult in the case of, e.g., a historic prospective customer or former employee. The Company may request additional information from the EU Individual to confirm his/her identity.
  3. Search databases, systems, applications, and other places where the EU Personal Data which are the subject of the request may be held.
  4. Confirm to the EU Individual whether or not EU Personal Data of the EU Individual making the SAR are being Processed.
  5. If EU Personal Data of the EU Individual are being Processed, provide the EU Individual with the following information in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in writing or by other (including electronic) means:
    1. the purposes of the Processing;
    2. the categories of EU Personal Data concerned (e.g., contact details, bank account information and details of sales activity);
    3. the recipients or categories of recipient to whom the EU Personal Data have been or will be disclosed, in particular recipients overseas (e.g. US-based service providers);
    4. where possible, the envisaged period for which the EU Personal Data will be stored, or, if not possible, the criteria used to determine that period;
    5. the existence of the right to request from the Company rectification or erasure of EU Personal Data or restriction of Processing of EU Personal Data or to object to such Processing;
    6. the right to lodge a complaint with the data protection authority in their country;
    7. where the EU Personal Data are not collected from the EU Individual, any available information as to their source;
    8. the existence of automated decision-making and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the EU Individual; and
    9. where EU Personal Data are transferred outside the EU, details of the appropriate safeguards to protect the EU Personal Data.
  6. Review the EU Personal Data requested to see if they contain the Personal Data of other individuals. If they do, the Company should consider redacting the Personal Data of those other individuals prior to providing the EU Individual with his/her EU Personal Data.
  7. Provide the EU Individual with a copy of the EU Personal Data Processed by the Company in a commonly used electronic form (unless the EU Individual either did not make the request by electronic means or has specifically requested not to be provided with the copy on electronic form) within one month of receipt of the request. If the request is complex, or there are a number of requests, the Company may extend the period for responding by a further two months. If the Company extends the period for responding it shall inform the EU Individual within one month of receipt of the request and explain the reason(s) for the delay.
  8. If the request is manifestly unfounded or excessive, e.g. because of its repetitive character, the Company may charge a reasonable fee, taking into account the administrative costs of providing the EU Personal Data, or refuse to act on the request.

If the Company is not going to respond to the request, it shall inform the EU Individual of the reasons for not taking action and of the possibility of lodging a complaint with the data protection authority in their country.


13.2.   Right to Erasure

EU Individuals have the right, in certain circumstances, to request that the Company erases their EU Personal Data. Where such a request is made, the Company must, unless there is an exemption under applicable law (see Section 13.8 "Exemptions" below), erase the EU Personal Data without undue delay if:

  1. the EU Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the EU Individual withdraws their consent to the Processing and consent was the basis on which the EU Personal Data were Processed and there is no other basis for the Processing;
  3. the EU Individual objects to the Processing of his or her EU Personal Data on the basis of the Company’s performance of a task carried out in the public interest or in the exercise of official authority vested in the Company, or on the basis of the Company’s legitimate interests which override the EU Individual’s interests or fundamental rights and freedoms;
  4. the EU Personal Data have been unlawfully Processed;
  5. the EU Personal Data have to be erased for compliance with a legal obligation to which the Company is subject; or
  6. the EU Personal Data have been collected in relation to the offer of e-commerce or other online services.

When an EU Individual makes a request for erasure in the circumstances set out above, the Company must, unless there is an exemption under applicable law (see remainder of this section and Section 13.8 "Exemptions" below), take the following steps.

  1. Log the date on which the request was received by the Company (to ensure that the relevant timeframe of one month for responding to the request is met).
  2. Confirm the identity of the EU Individual who is the subject of the EU Personal Data. This may be very straightforward in the case of a current employee but more difficult in the case of, e.g., a historic prospective customer or former end-user. The Company many request additional information from the EU Individual to confirm his/her identity.
  3. Search databases, systems, applications and other places where the EU Personal Data which are the subject of the request may be held and erase such data within one month of receipt of the request. If the request is complex, or there are a number of requests, the Company may extend the period for responding by a further two months. If the Company extends the period for responding it shall inform the EU Individual within one month of receipt of the request and explain the reason(s) for the delay.
  4. Where the Company has made the EU Personal Data public, the Company must, taking reasonable steps, including technical measures, inform those who are Processing the EU Personal Data that the EU Individual has requested the erasure by them or any links to, or copies or replications of, those EU Personal Data.
  5. Communicate the erasure of the EU Personal Data to each recipient to whom the EU Personal Data have been disclosed, unless this is impossible or involves disproportionate effort. The Company shall also inform the EU Individual about those recipients if the EU Individual requests it.
  6. If the request is manifestly unfounded or excessive, e.g. because of its repetitive character, the Company may charge a reasonable fee, taking into account the administrative costs of erasure or refuse to act on the request.

If the Company is not going to respond to the request, it shall inform the EU Individual of the reasons for not taking action and of the possibility of lodging a complaint with the data protection authority in their country.

In addition to the exemptions in Section 13.8 "Exemptions" below, the Company can also refuse to erase the EU Personal Data to the extent Processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires Processing by law and to which the Company is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company;
  3. for reasons of public interest in the area of public health;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

13.3.   Right to Portability

EU Individuals have the right, in certain circumstances, to receive their EU Personal Data which they have provided to the Company in a structured, commonly used and machine-readable format which they can then transmit to another Company. Where such a request is made, the Company must, unless there is an exemption under applicable law (see Exemptions below), provide the EU Personal Data without undue delay if:

  1. if the basis for the Processing of the EU Personal Data is consent or pursuant to a contract; and
  2. the Company’s Processing of those data is automated.

When an EU Individual makes a request for portability in the circumstances set out above, the Company must take the following steps.

  1. Log the date on which the request was received by the Company (to ensure that the relevant timeframe of one month for responding to the request are met).
  2. Confirm the identity of the EU Individual who is the subject of the EU Personal Data. This may be very straightforward in the case of a current employee but more difficult in the case of, e.g., a historic prospective customer or former end-user. The Company many request additional information from the EU Individual to confirm his/her identity.
  3. Search databases, systems, applications and other places where the EU Personal Data which are the subject of the request may be held and provide the EU Individual with such data (or, at the EU Individual’s request, transmit the EU Personal Data directly to another Company, where technically feasible) within one month of receipt of the request. If the request is complex, or there are a number of requests, the Company may extend the period for responding by a further two months. If the Company extends the period for responding it shall inform the EU Individual within one month of receipt of the request and explain the reason(s) for the delay.
  4. if the request is manifestly unfounded or excessive, e.g. because of its repetitive character, the Company may charge a reasonable fee, taking into account the administrative costs of erasure or refuse to act on the request.

If the Company is not going to respond to the request, it shall inform the EU Individual of the reasons for not taking action and of the possibility of lodging a complaint with the data protection authority in their country.


13.4.     Right to Rectification

EU Individuals have the right to have their inaccurate EU Personal Data rectified. Rectification can include having incomplete EU Personal Data completed, e.g. by the EU Individual providing a supplementary statement regarding the data. Where such a request is made, the Company must, unless there is an exemption under applicable law (see Section 13.8 "Exemptions" below), rectify the EU Personal Data without undue delay.

The Company must communicate the rectification of the EU Personal Data to each recipient to whom the EU Personal Data have been disclosed, unless this is impossible or involves disproportionate effort. The Company shall also inform the EU Individual about those recipients if the EU Individual requests it.


13.5.   Right to Restriction of Processing

EU Individuals have the right, unless there is an exemption under applicable law (see Section 13.8 "Exemptions" below), to restrict the Processing of their EU Personal Data if:

  1. the EU Individual contests the accuracy of the EU Personal Data, for a period to allow the Company to verify the accuracy of the EU Personal Data;
  2. the Processing is unlawful and the EU Individual opposes the erasure of the EU Personal Data and requests the restriction of their use instead;
  3. the Company no longer needs the EU Personal Data for the purposes of the Processing, but they are required by the EU Individual for the establishment, exercise or defence of legal claims; and
  4. the EU Individual has objected to the Processing (see Right to object to Processing below), pending verification of whether the Company has legitimate grounds to override the EU Individual’s objection.

Where Processing has been restricted, the Company must only Process the EU Personal Data (excluding storing them) with the EU Individual’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another person or for reasons of important public interest.

Prior to lifting the restriction, the Company must inform the EU Individual of the lifting of the restriction.

The Company must communicate the restriction of Processing of the EU Personal Data to each recipient to whom the EU Personal Data have been disclosed, unless this is impossible or involves disproportionate effort. The Company shall also inform the EU Individual about those recipients if the EU Individual requests it.


13.6.   Right to Object to Processing

EU Individuals have the right, in certain circumstances, to object to the Processing of their EU Personal Data. Where such an objection is made, the Company must, unless there is an exemption under applicable law (see Section 13.8 "Exemptions" below), no longer Process the EU Personal Data:

  1. if the basis for the Processing of the EU Personal Data is consent or pursuant to a contract; and
  2. the Company cannot demonstrate compelling legitimate grounds for the Processing which override the interests, rights and freedoms of the EU Individual, or the Processing is for the establishment, exercise or defense of legal claims.

Where EU Personal Data are processed for direct marketing purposes, EU Individuals have the right to object at any time to the Processing of their EU Personal Data for such marketing. If an EU Individual makes such a request, the Company must stop Processing the EU Personal Data for such purposes.

Where EU Personal Data are Processed for scientific or historical research purposes, EU Individuals have the right to object to such Processing, unless the Processing is necessary for the performance of a task carried out for reasons of public interest.


13.7.   Right Not to be Subjected to Automated Decision Making

EU Individuals have the right, in certain circumstances, not to be subject to a decision based solely on the automated Processing of their EU Personal Data, if such decision produces legal effects concerning them or similarly significantly affects them. Where such a request is made, the Company must, unless there is an exemption under applicable law (see Section 13.8 "Exemptions" below), no longer make such a decision unless it:

  1. is necessary for entering into, or performance of, a contract between the EU Individual and the Company (in which case the Company must implement suitable measures to safeguard the EU Individual’s rights, freedoms and legitimate interests, including the right to obtain human intervention, to express his/her point of view and to contest the decision);
  2. is authorised by applicable law which lays down suitable measures to safeguard the EU Individual’s rights, freedoms and legitimate interests (in which case the Company must implement suitable measures to safeguard the EU Individual’s rights, freedoms and legitimate interests, including the right to obtain human intervention, to express his/her point of view and to contest the decision); or
  3. is based on the EU Individual’s explicit consent.

EU Individuals who are subject to automated decision-making must be notified at the time their EU Personal Data of the fact that they will be subject to automated decision-making and informed of the logic involved and the envisaged consequences of such Processing.


13.8.   Exemptions

Before responding to any request, the Company should check whether there are any exemptions under applicable law which apply to the EU Personal Data which are the subject of the request. Exemptions may apply under applicable law where it is necessary and proportionate not to comply with the requests described above to safeguard:

  1. national security;
  2. defence;
  3. public security;
  4. the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
  5. the protection of judicial independence and judicial proceedings;
  6. the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
  7. a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in a. to e. above;
  8. the protection of the data subject or the rights and freedoms of others; or
  9. the enforcement of civil law claims.

14.   FOR EU INDIVIDUALS: PRIVACY SHIELD NOTICE FOR PERSONAL DATA TRANSFERS TO THE UNITED STATES

Partium complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries transferred to the United States pursuant to Privacy Shield. Partium has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, Partium is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to us using the details in Section 12 above. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, submit a written request to us using the details in Section 12 above.

In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Partium’s accountability for Personal Data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Partium remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the Principles, unless Partium proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Partium commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact us using the details in Section 12 above.

Partium has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.


15.   CHANGES TO THIS POLICY

We will post any modifications or changes to the Policy in the Website. We reserve the right to modify the Policy at any time, so we encourage you to review it frequently. The “Last updated” legend above indicates when this Policy was last changed. If we make any material change(s) to the Policy, we will notify you by posting the revised Privacy Policy on our Website.