LSCo has subscribed to and will comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield (the “Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of Personal Information (as defined below) that is transferred from the European Economic Area (“EEA”) and Switzerland to the United States, respectively. LSCo has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). LSCo created this Privacy Shield Policy to help you learn about how we handle Personal Information that is collected in the EEA and Switzerland and transferred to LSCo in the U.S.
If there is any conflict between this Policy and the Principles, the Principles will govern. To learn more about the Frameworks please visit www.privacyshield.gov. You can view our certification at https://www.privacyshield.gov/list
Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our Site, register on the Site, place an order, fill out a form, respond to a survey, and in connection with other activities, services, features or resources we make available on our Site and at our Events. Users may be asked for, as appropriate, name, company, email address, mailing address and phone number. Users may, however, visit our Site anonymously, and beyond registration, attendees are not required to provide additional information at our Events. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain Site-related activities or to register for the Events.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Web browser cookies
How we use collected information
Lean Startup Company may collect and use Users personal information for the following purposes:
- To run, operate and improve our Site and Events
- We may need your information to display content on the Site correctly.
- To improve and personalize your user experience.
- To help us respond to your support needs more efficiently.
- In the aggregate to understand how our Users as a group use the services and resources provided on our Site.
- To improve our products and services.
- To process payments.
- We use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
- To run a promotion, contest, survey or other Site feature.
- To send Users information they agreed to receive about topics we think will be of interest to them.
- To send periodic emails.
- We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests.
- We may use information provided at Events and via the Site for business development purposes.
Your choices and opting-out
We recognize how important your online privacy is to you, so we offer the following options for controlling the targeted ads you receive and how we use your data:
- You can opt-out of receiving targeted ads served by us: You can opt out of receiving targeted ads served by us or on our behalf by clicking on the blue icon in the corner of the ads we serve or by clicking here. Please note that, if you delete your cookies or upgrade your browser after having opted out, you will need to opt out again. Further, if you use multiple browsers or devices you will need to execute this opt out on each browser or device. If you opt-out we may collect some data about your online activity for operational purposes (such as fraud prevention) but it won’t be used by us for the purpose of targeting ads to you.
- You can opt-out of receiving targeted ads served by us or other advertising companies: AdRoll is also a member of the Network Advertising Initiative (NAI) and adheres to the NAI Code of Conduct. You may use the NAI opt out tool here, which will allow you to opt out of seeing targeted ads from us and from other NAI approved member companies.
- We comply with the Self-Regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA). You may opt out of receiving targeted ads from other companies that perform ad targeting services, including some that we may work with as Advertising Partners via the DAA website here.
- We adhere to the European Interactive Advertising Digital Alliance (EDAA) guidelines for online advertising and you may opt out via their Your Online Choices website.
- Please note that when using the ad industry opt-out tools described above:
- If you opt-out we may still collect some data about your online activity for operational purposes (such as fraud prevention) but it won’t be used by us for the purpose of targeting ads to you.
- If you use multiple browsers or devices you may need to execute this opt out on each browser or device.
- Other ad companies’ opt-outs may function differently than our opt-out.
- Please note that when using the ad industry opt-out tools described above:
- You can opt-out of our tracking your online activity for targeted advertising purposes (Do Not Track): We respond to “do not track” or “DNT” signals sent from your browser. If the website of one of our Advertisers receives a DNT signal, during that visit, we will not link data we collect to your browser identifier so that new data collected about you will not be used by us for targeted advertising purposes, but older data collected about you may still be used.
The only exception to these choices for both sensitive and non-sensitive Personal Information would be where we are required to disclose your Personal Information pursuant to government or judicial order, law or regulation to meet national security or law enforcement requirements.
- Our organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
- Under certain conditions, there is the possibility for the individual to invoke binding arbitration.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures designed to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sharing your personal information
We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners and advertisers for the purposes outlined above. We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission. Please find the Third Party “Data Processor” platforms we use listed below:
The information you provide relating to Lean Impact is used cooperatively by Lean Startup Co. and Ann Mei Chang to share updates regarding the Lean Impact book, services and events. For more information about Ann Mei’s privacy practices please visit her website.
- Analytics DPA
- DPA – Executed
If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site. We may use third party service providers to send these emails. We may share your information with these third parties for those limited purposes provided that you have given us your permission.
Third party websites
Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.
Information for Users in Europe and Elsewhere Outside The U.S.
If you use our Sites outside of the United States, you understand that we may collect, process, and store your personal information in the United States and other countries. The laws in the U.S. regarding personal information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. If applicable, you may have a right to claim compensation for damages caused by a breach of relevant data protection laws.
Users in the European Union (EEA) and Switzerland
If you are a resident of the EEA or Switzerland, the following information applies.
Purposes of processing and legal basis for processing
As explained above, we process personal data in various ways depending upon your use of our Site and Events. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests in providing the Site and Events where those interests do not override your fundamental rights and freedom related to data privacy.
Right to lodge a complaint
Users that reside in the EEA or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.
In compliance with the Privacy Shield Principles, LSCo commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact LSCo at: [email protected] or via postal mail at: 340 S. Lemon Ave, Unit 2197, Walnut, CA 91789.
LSCo has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Personal information we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities. Upon the start of enforcement of the General Data Protection Regulation (GDPR), we will ensure that transfers of personal information to a third country or an international organization are subject to appropriate safeguards as described in Article 46 of the GDPR.
Accountability for Onward Transfer
We will not transfer Personal Information originating in the EU to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Information as required by the Principles of the EU-US Privacy Shield Framework. We will only transfer data to our agents, resellers or third-party service providers (such as accountants, attorneys, consultants and other service providers) who need the information in order to provide services or to perform activities on behalf of LSCo. We acknowledge our liability for such data transfers to third parties.
If you are a resident of the EEA or Switzerland, you are entitled to the following rights once the GDPR becomes effective:
- The right to request data erasure – you have the right to have your data erased from our Websites if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.
- The right to restrict or object to our processing – you have the right to restrict or object to our processing if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.
- The right to object to automated decision-making – you have a right to avoid being subject to automated decision-making and insist on human intervention if we make an automated decision that produces a legal or a similarly significant effect on you.
Your California Privacy Rights
California Civil Code Section 1798.83 permits customers of Company who are California residents to request certain information regarding its disclosure of their personal information to third parties for their direct marketing purposes. To make such a request, please send an email to: [email protected].
Your acceptance of these terms
By using this Site and/or attending our Events, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site or attend our Events. Your continued use of the Site and attendance at our Events following the posting of changes to this policy will be deemed your acceptance of those changes.