Owner and Data Controller

Deeper Signals Inc.

430 West 34th #16E

New York, NY

10001

Owner contact email: privacy@deepersignals.com

We tried to keep this policy as simple as possible to helpyou understand what information we collect, how we use it, and what choices youhave about it.  You should read this policy in full.

Types of Data collected

Deeper Signals (“We” “Us”) collects, stores, and usesinformation you share on our website. This includes your name, e-mail address,and any other information you choose to enter on the website, including withoutlimitation your or your end users’ responses to personalized assessments.

If you post personal information of another person on ourwebsite, you must make sure you have that person’s consent to both thedisclosure and the processing of their personal data in accordance with thisprivacy policy.

We also record certain technical information whenever youuse our website. This includes information about your device and about yourvisits to and use of our website, such as your IP address, browser type andversion, page views, etc.

We also use cookies (small encrypted data files stored andsent by your browser whenever you visit our website) to store and retrieve yourlogin status, personality test results, and various website settings. Some ofthe cookies are account-specific while others are not. For more informationabout cookies, please see the following section.

Cookie Policy

Most of the functionality on our website (such as viewingyour personality quiz results or logging in) requires cookies. By using ourwebsite, and/or your active opt-in to our privacy policy, you consent to ouruse of cookies as described in this policy.

We use “persistent” cookies on our website. Persistentcookies will remain stored on your device until deleted, or until they reach aspecified expiry date.

We use cookies to enable our website to recognize you (asdistinct from other users) when you visit and keep track of your preferences inrelation to your use of our website.

We use cookies  to carry out other activities that arestrictly necessary for the operation of this Website, for example in relationto the distribution of traffic, to save browsing preferences and to optimizethe User's browsing experience, the setting of language preferences or for themanagement of first party statistics employed directly by the Deeper Signals.

We use Google Analytics to analyze the use of our website.Google Analytics is a web analysis service provided by Google LLC (“Google”).Google utilizes the Data collected to track and examine the use of thisWebsite, to prepare reports on its activities and share them with other Googleservices. Google may use the Data collected to contextualize and personalizethe ads of its own advertising network. This integration of Google Analyticsanonymizes your IP address. It works by shortening Users' IP addresses withinmember states of the European Union or in other contracting states to theAgreement on the European Economic Area. Only in exceptional cases will thecomplete IP address be sent to a Google server and shortened within the US.  For further details, please see Google’sprivacy policy. You can also opt out of GoogleAnalytics tracking at any time.

We use Hotjar Ltd.’s web analytics service (“Hotjar”) toanalyze our website usage.  Hotjarutilizes the Data collected to track and examine the use of this Website, to displaythe correct content to the user without personally identifying anyone.  For further details, please see theHotjarcookie policy.

We use Sentry’s Sentry.io tool (“Sentry”) to providereal-time error tracking to help us to reproduce and fix crashes. For furtherdetails, please see Sentry’s privacypolicy.

Most browsers allow you to reject all cookies, while somebrowsers allow you to reject just third party cookies. Blocking all cookieswill, however, have a negative impact upon the usability of many websites,including ours.

Whether Information Has to Be Provided by You and Why

The provision of contact and other relevant information isrequired from you to enable us to communicate with you and to provide theservices available on our website. If you don’t provide the informationrequested, we may not be able to provide the services which require the use ofthis information (e.g., certain features or assessments).

How Do We Use the Information We Collect?

We use the information we collect to provide you with ourassessment services. Consequently, we use your information to:​

  • Calculate     and display your personality quiz results to you
  • Send     you account-related messages, such as password recovery e-mails
  • Identify     you and ensure the security of your account – e.g., by verifying that you     own the e-mail address linked to your account
  • Provide     you with content and services relevant to you
  • Respond     to your questions or issue reporting

In addition, we use your information to conduct analytics onhow you use our website in order to better understand your needs and tooptimize our service and experience. For instance, by measuring the time youspend on a certain page before and after a design change, we can understandwhether there’s anything we need to tweak. In order to do that, we use thethird party service, Google Analytics to collect standard internet loginformation and details of visitor behaviour patterns (for example, how muchtime you spent reading your personality test results). We’ve already mentionedthese services in the Cookies section above.

In short, Personal Data may be freely provided by the User,or, in case of Usage Data, collected automatically when using this Website.Unless specified otherwise, all Data requested by this Website is mandatory andfailure to provide this Data may make it impossible for this Website to provideits services. In cases where this Website specifically states that some Data isnot mandatory, Users are free not to communicate this Data without impactingthe functioning of the Service. Users who are uncertain about which PersonalData is mandatory are welcome to contact us at the contact information providedin this document.

Users are responsible for any third-party Personal Dataobtained, published or shared through this Website and confirm that they havethe third party's consent to provide the Data to Deeper Signals.

Mode and place of processing the Data

Methods of processing

We use all reasonable security and access control measuresto secure our accounts on third party services and websites and the data storedtherein.

The Data processing is carried out using software, followingorganizational procedures and modes strictly related to the purposes indicated.In addition to Deeper Signals, in some cases, the Data may be accessible tocertain types of persons in charge, involved with the operation of this Website(administration, sales, marketing, legal, system administration) or externalparties (such as third-party technical service providers, mail carriers, hostingproviders, IT companies, communications agencies) appointed, if necessary, asData Processors by Deeper Signals to assist us with the delivery of theservices to our Users. The updated list of these parties may be requested fromDeeper Signals at any time, and these parties do not have any right to use theinformation we share with them beyond what is necessary to assist us inproviding the service to our Users as described in this Privacy Policy.

 

Legal basis of processing

Deeper Signals may process Personal Data relating to Usersif one of the following applies:

  • Users     have given their consent for one or more specific purposes. Note: Under     some legislations Deeper Signals may be allowed to process Personal Data     until the User objects to such processing (“opt-out”), without having to     rely on consent or any other of the following legal bases. This, however,     does not apply, whenever the processing of Personal Data is subject to     European data protection law;
  • provision     of Data is necessary for the performance of an agreement with the User     and/or for any pre-contractual obligations thereof;
  • processing     is necessary for compliance with a legal obligation to which Deeper     Signals is subject;
  • processing     is related to a task that is carried out in the public interest or in the     exercise of official authority vested in Deeper Signals;
  • processing     is necessary for the purposes of the legitimate interests pursued by     Deeper Signals or by a third party.

In any case, Deeper Signals will gladly help to clarify thespecific legal basis that applies to the processing, and in particular whetherthe provision of Personal Data is a statutory or contractual requirement, or arequirement necessary to enter into a contract.

Place

The Data is processed on Deeper Signals' servers and in anyother places where the parties involved in the processing are located.

Depending on the User's location, data transfers may involvetransferring the User's Data to a country other than their own. To find outmore about the place of processing of such transferred Data, Users can checkthe section containing details about Data Transfer.

Users are also entitled to learn about the legal basis ofData transfers to a country outside the European Union or to any internationalorganization governed by public international law or set up by two or morecountries, such as the UN, and about the security measures taken by DeeperSignals to safeguard their Data.

If any such transfer takes place, Users can find out more bychecking the relevant sections of this document or inquire with Deeper Signalsusing the information provided in the contact section.

​How long do we retain your data and how can you manageyour data?

If you have an account on our website, you can use theProfile section to change most of your personal details. For instance, itallows you to:

  • Update     your e-mail address
  • Edit     your profile name
  • Change     your gender and all other demographic information provided
  • Delete     your account

Personal Data will be processed securely and stored for aslong as required by the purpose they have been collected for. Therefore:

  • Personal     Data collected for purposes related to the performance of the services we     provide to you, such as providing you with personality quiz results, shall     be retained for an unlimited amount of time, or until you request that we     delete your personal data
  • Personal     data collected from you on behalf of a contract with an organization that     employees you will be retained for as long as is required to provide the     services to such organization, or until the specific data privacy     agreement with said organization obligates us to delete or anonymize your     data.
  • Any     Personal Data collected for the purposes of Deeper Signals’s legitimate     interests shall be retained as long as needed to fulfill such purposes.     You will find specific information regarding the legitimate interests     pursued by Deeper Signals within the relevant sections of this document or     by contacting us.

Deeper Signals may be allowed to retain Personal Data for alonger period whenever the User has given consent, as long as such consent isprovided with clear intent not withdrawn. Furthermore, Deeper Signals may beobliged to retain Personal Data for a longer period whenever required to do sofor the performance of a legal obligation.

Once the retention period expires, all personallyidentifiable data shall be permanently deleted or permanently and irrevocablyanonymized. Therefore, the right to access, the right to erasure, the right torectification and the right to data portability cannot be enforced afterexpiration of the retention period.

The purposes of processing

The Data concerning the User is collected to allow theDeeper Signals to provide its Services, as well as for the following purposes:Registration and authentication, Displaying content from external platforms,Hosting and back-end infrastructure, Interaction with data collection platformsand other third parties, Analytics.

Users can find further detailed information about suchpurposes of processing and about the specific Personal Data used for eachpurpose in the respective sections of this document.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes andusing the following services:

Google Analytics with anonymized IP (Google LLC)

Google Analytics is a web analysis service provided byGoogle LLC (“Google”). Google utilizes the Data collected to track and examinethe use of this Website, to prepare reports on its activities and share themwith other Google services.​

Google may use the Data collected to contextualize andpersonalize the ads of its own advertising network.

This integration of Google Analytics anonymizes your IPaddress. It works by shortening Users' IP addresses within member states of theEuropean Union or in other contracting states to the Agreement on the EuropeanEconomic Area. Only in exceptional cases will the complete IP address be sentto a Google server and shortened within the US.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States – Privacy Policy– OptOut.

Data Transfer

Deeper Signals is allowed to transfer Personal Datacollected within the EU to third countries that the EU has deemed not to haveadequate data privacy protections in place only pursuant to an authorizedtransfer mechanism, which may include Standard Contractual Clauses in the formprovided by the European Commission, or pursuant to an Article 49 derogationfor specific situations, including without limitation a user’s explicitconsent, necessity for the performance of a contract, necessity for theconclusion or performance of a contract concluded in the interest of the datasubject, or necessity for the establishment, exercise or defense of legalclaims.

This means that Data recipients have committed to processPersonal Data in compliance with the data protection standards set forth by EUdata protection legislation. For further information, Users are requested tocontact Deeper Signals through the contact details provided in the presentdocument.

Displaying content from external sources

This type of service allows you to view content hosted onexternal platforms directly from the pages of this Website and interact withthem.​

This type of service might still collect web traffic datafor the pages where the service is installed, even when Users do not use it.

Google Fonts (Google LLC)

Google Fonts is a typeface visualization service provided byGoogle LLC that allows this Website to incorporate content of this kind on itspages.

Personal Data collected: Usage Data and various types ofData as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy. PrivacyShield participant.

Hosting

This type of service has the purpose of hosting Data andfiles that enable this Website to run and be distributed as well as to providea ready-made infrastructure to run specific features or parts of this Website.Some of these services work through geographically distributed servers, makingit difficult to determine the actual location where the Personal Data arestored.

Amazon Web Services (AWS) (Amazon Web Services, Inc.)

Amazon Web Services is a hosting and backend serviceprovided by Amazon.com Inc.

Personal Data collected: various types of Data as specifiedin the privacy policy of the service.

Place of processing: European Union

Widgets

This type of service allows Users to interact with datacollection platforms or other services directly from the pages of this Websitefor the purpose of saving and reusing data.

If one of these services is installed, it may collectbrowsing and Usage Data in the pages where it is installed, even if the Usersdo not actively use the service.

Authentication services

By registering or authenticating, Users allow this Websiteto identify them and give them access to dedicated services.

Depending on what is described below, third parties mayprovide registration and authentication services. In this case, this Websitewill be able to access some Data, stored by these third-party services, forregistration or identification purposes.

Google OAuth (Google LLC)

Google OAuth is a registration and authentication serviceprovided by Google LLC and is connected to the Google network.

Personal Data collected: various types of Data as specifiedin the privacy policy of the Google OAuth service.

Place of processing: United States – Privacy Policy.Privacy Shield participant.

The rights of Users

Users may exercise certain rights regarding their Dataprocessed by Deeper Signals.

Under the GDPR you have a number of important rights free ofcharge. In summary, those include rights to:

  • Withdraw     their consent at any time. Users have the right to withdraw consent where     they have previously given their consent to the processing of their     Personal Data.
  • Object     to processing of their Data. Users have the right to object to the     processing of their Data if the processing is carried out on a legal basis     other than consent. Further details are provided in the dedicated section     below.
  • Access     their Data. Users have the right to learn if Data is being processed by     Deeper Signals, obtain disclosure regarding certain aspects of the     processing and obtain a copy of the Data undergoing processing.
  • Verify     and seek rectification. Users have the right to verify the accuracy of     their Data and ask for it to be updated or corrected.
  • Restrict     the processing of their Data. Users have the right, under certain     circumstances, to restrict the processing of their Data. In this case,     Deeper Signals will not process their Data for any purpose other than     storing it.
  • Have     their Personal Data deleted or otherwise removed. Users have the right,     under certain circumstances, to obtain the erasure of their Data from     Deeper Signals.
  • Receive     their Data and have it transferred to another controller. Users have the     right to receive their Data in a structured, commonly used and machine     readable format and, if technically feasible, to have it transmitted to     another controller without any hindrance. This provision is applicable     provided that the Data is processed by automated means and that the     processing is based on the User's consent, on a contract which the User is     part of or on pre-contractual obligations thereof.
  • Lodge     a complaint. Users have the right to bring a claim before their competent     data protection authority.

If you’d like to exercise any of those rights, please emailus at: hello@deepersignals.com. Please send the request from the e-mail addressassociated with your account in order for us to process it.

​Details about the right to object to processing

Where Personal Data is processed for the purposes of thelegitimate interests pursued by Deeper Signals, Users may object to suchprocessing by providing a ground related to their particular situation tojustify the objection.

Users must know that, however, should their Personal Data beprocessed for direct marketing purposes, they can object to that processing atany time without providing any justification. To learn, whether Deeper Signalsis processing Personal Data for direct marketing purposes, Users may refer tothe relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to theus through the contact details provided in this document. These requests can beexercised free of charge and will be addressed by Deeper Signals as early as possibleand always within one month.

Additional information about Data collection andprocessing

​Legal action

The User's Personal Data may be used for legal purposes byDeeper Signals in Court or in the stages leading to possible legal action arisingfrom improper use of this Website or the related Services.

The User declares to be aware that Deeper Signals may berequired to reveal personal data upon request of public authorities.

 

Additional information about User's Personal Data

In addition to the information contained in this privacypolicy, this Website may provide the User with additional and contextualinformation concerning particular Services or the collection and processing ofPersonal Data upon request.

System logs and maintenance

For operation and maintenance purposes, this Website and anythird-party services may collect files that record interaction with thisWebsite (System logs) use other Personal Data (such as the IP Address) for thispurpose.

Information not contained in this policy

More details concerning the collection or processing ofPersonal Data may be requested from Deeper Signals at any time. Please see thecontact information at the beginning of this document.

How “Do Not Track” requests are handled

This Website does not support “Do Not Track” requests. Todetermine whether any of the third-party services it uses honor the “Do NotTrack” requests, please read their privacy policies. In addition, your browserallows you to disable cookies from this website, or any other website in thebrowser settings.

Changes to this privacy policy

Deeper Signals reserves the right to make changes to thisprivacy policy at any time by giving notice to its Users on this page andpossibly within this Website and/or - as far as technically and legallyfeasible - sending a notice to Users via any contact information available toDeeper Signals. It is strongly recommended to check this page often, referringto the date of the last modification listed at the bottom.

Should the changes affect processing activities performed onthe basis of the User’s consent, Deeper Signals shall collect new consent fromthe User, where required.

GOLDEN GOOSE PRIVACY INFORMATION NOTICE

The following terms are relevant only to end-user who use the Deeper Signals platform via Golden Goose and their affiliates.

Golden Goose S.p.A., as data controller, informs you that the processing of some personal data is necessary to (i) carry out the analysis of questions and tests aimed at providing personality assessment for the development, enhancement and integration of employees within the Golden Goose working reality, as well as for (ii) activities of participation in workshops and training.

a. Type of data processed and nature of data provision 

The data involved in the process are:

(i) data of a common nature, preferences, opinions, character indications, collected through questionnaires and tests by the company Golden Goose Spa to carry out the tests and personality assessment,

(ii) data of a personal nature and job position processed for participation in workshops and training.

The provision of personal data is optional. Participation in tests, training and workshops is entirely voluntary. Failure to provide data or to participate will only result in the impossibility of taking part in the employee development campaign promoted by Golden Goose S.p.A.

b. Purpose of processing and legal basis

The data provided will be processed by Golden Goose S.p.A. for the following purposes:

(i) to carry out the activities of administration and analysis of questions and tests aimed at creating personality assessments focused at the best development, enhancement and integration of employees within the Golden Goose working reality. This processing, being an automated processing aimed at creating a personality profile of the data subject, will be carried out only with your express consent.

(ii) organising and enabling participation in workshops and training. This processing will be carried out on the basis of the company's obligation to allow you to access and benefit from the training activities and workshops made available to you.

All processing will be carried out mainly by electronic or telematic means, with logic related to the purposes for which the data were collected and in compliance with current security regulations, for the purposes specified.

c. Automated processing aimed at verifying the profile of the data subject

The processing of data relating to the personality assessment tests is an automated processing activity aimed at studying a character profile of the data subject. It therefore involves an automated analysis of the answers aimed at creating a profile. This profile does not affect the existing contractual and employment relationship with Golden Goose but provides information that can be used to improve the working environment and enhance individual resources and personalities within the company group. However, you can always ask for more information about the creation of your profile, as well as the logic used for the analysis. You may also request that your profile and the data relating to it be modified, corrected or deleted. You can send these requests to the DPO as identified below.

d. Recipients of the data

The data will be processed by the Deeper Signals and by the company Amazon Web Services, both service providers of Golden Goose SpA. The data may also be shared with companies of the Golden Goose group for the purpose of resource management and to allow a harmonization of the activity of enhancing the value of employees and a uniform approach within the group (with specific reference to the activities carried out by Golden Goose SpA also in relation to the employees of group companies).

Data will be processed through systems, platforms and databases located within the European borders, without prejudice to the possible need to carry out specific activities (including technical assistance) that may be performed outside the EU, while ensuring the necessary data security measures.

e. Storage period 

On the basis of the purposes identified, the data will be kept for the time strictly necessary to fulfil the purposes indicated and in any case not after the end of the working relationship.


f. Data Protection Officer 

The company Golden Goose Spa, pursuant to article 37 of the GDPR EU 2016/679, has identified and appointed a Data Protection Officer (DPO) who can be contacted at the e-mail address privacy@goldengoose.com.


g. Rights of the data subject 

The following rights of the data subject are guaranteed: access to the data, rectification, erasure, restriction, data portability and objection. The data subject also has the right to withdraw consent at any time. All of the above rights may be exercised, at any time and without charge, by writing to the Golden Goose DPO at privacy@goldengoose.com or by sending a request in writing to Golden Goose Spa, Via Privata Ercole Marelli 10, 20139 Milano. 

If you believe that one or more of your rights have been violated, we remind you that you can lodge a complaint with the Privacy Authority as indicated at the following link:http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.