Privacy Policy

Post Savage, will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

How Long Do We Keep Your Personal information?

General Retention Periods

We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our services and/or Platform, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements). We will also retain personal information we collect from you, for your convenience, where you have an active account, have not requested to delete or you have asked us to retain it. Additionally, we cannot delete information when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives or you have asked us to keep it or we believe it will be most convenient for you), we will securely store your personal information and isolate it from any analytics tracking until deletion is possible.

For any questions about data retention, please contact [email protected].

Disclosure of Personal Information

Post Savage, may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us.

As explained in more detail above, we share your Personal Information with certain categories of third parties who assist us in providing our Platform and with our business.

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, Post Savage, has disclosed the following categories of Personal Information for a business purpose:

Personal Identifiers

Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Commercial information

Internet or other similar network activity

Inferences drawn from other Personal Information

Protected classification characteristics under California or federal law

Government identifiers

Complete account access credentials

Other personal information

We disclose your Personal Information for a business purpose to the following categories of service providers or third parties:

Companies that do things to help us provide the Platform and/or our services: hosting service providers, user engagement and email service providers, certain analytics providers, payment service providers, communication tools, identity verification providers or other tools we may provide you.

Professional service providers, such as auditors, lawyers, consultants, accountants and insurers.

Your Rights and Choices

U.S. Data Privacy Laws provide individuals with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes some of your rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive your request and verify your identity (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

The categories of Personal Information we collected about you.

The categories of sources for the Personal Information we collected about you.

Our business or commercial purpose for collecting or selling that Personal Information.

The categories of third parties with whom we share that Personal Information.

The specific pieces of Personal Information we collected about you (also called a data portability request).

If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:

sales, identifying the Personal Information categories that each category of recipient purchased; and

disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.

Deletion Request and Correction Request Rights

You have the right to request that we delete or correct any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive your request and verify your identity (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) or correct (and direct our service providers to correct) your Personal Information from our records, unless an exception applies. As an alternative to correction, we may delete the inaccurate information if it does not negatively impact you or if you consent to this deletion. Post Savage, reserves the right to deny a correction request if allowed under the law or if we determine that the contested information is more likely than not accurate, based on the totality of circumstances. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which the Personal Information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide products or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

Debug products to identify and repair errors that impair existing intended functionality.

Exercise free speech, ensure the right of another individual to exercise that Consumer’s right of free speech, or exercise another right provided for by law.

Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

Enable solely internal uses that are reasonably aligned with individual expectations based on your relationship with us.

Comply with a legal obligation.

Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Limit Use and Disclosure of Sensitive Personal Information

You have the right to request that we limit use, delete any of your Sensitive Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive your request and verify your identity (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. We may deny your request to limit certain uses and disclosures of your Sensitive Personal Information for the following purposes: 

Providing the Platform or our products and services as reasonably expected;

Detecting security incidents affecting personal information on our Platform, provided that the use of the individual’s Sensitive Personal Information is reasonably necessary and proportionate for this purpose;

Resisting malicious, fraudulent, or illegal actions against us and prosecuting persons responsible for such actions, provided that the use of the Consumer’s Sensitive Personal Information is reasonably necessary and proportionate for this purpose;

Ensuring the physical safety of an individual, provided that the use of the Consumer’s Sensitive Personal Information is reasonably necessary and proportionate for this purpose;

Short-term, transient use, including non-personalized advertising shown as part of a Consumer’s current interaction with our Platform, provided that we do not build a profile about the individual or alter the individual’s experience outside their current interaction with us;

Performing services on behalf of another business (g., maintaining accounts, processing orders or transaction);

Verifying or maintaining the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, or improving, upgrading, or enhancing the services or device owned, manufactured, manufactured for, or controlled by us; or

To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about a consumer.

Exercising Access, Data Portability, and Deletion Rights

Only you, or a person you authorize to act on your behalf, may make a verifiable data request related to your Personal Information. You may also make a verifiable data request on behalf of your minor child.

To exercise the access, data portability, and deletion rights described above, please submit a verifiable request to us by emailing [email protected]. You may only make a verifiable data request for access or data portability twice within a 12-month period. The verifiable data request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative. We consider requests made through our portal with a verified email as a reasonable step toward verification.

Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Please note, certain U.S. Data Privacy Laws require us to consider a number of factors to verify your identity, which may occur on a case-by-case basis.

Response Timing and Format

We endeavor to respond to a verifiable data request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, our response we provide will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable data request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Sale; Non-Discrimination

Post Savage, does not sell personal information. However, certain laws can define “sale” in a broad manner that captures nearly all business activity. For example, under the CCPA, “personal information” includes information that is not necessarily directly tied to an individual’s identity but may be associated with a device. This includes identifiers such as IP addresses, web cookies, web beacons, and mobile Ad IDs. In many cases, this type of information does not directly identify you, but they are unique identifiers that could be linked to you and therefore covered by the CCPA. The term “sell” is broadly defined by the CCPA to include not just selling in exchange for money, but also sharing personal information (including information that does not directly identify an individual as described above) in exchange for anything of value. Under the CCPA’s broad definition of “sell,” which includes even the common flow of information in the digital analytics and advertising ecosystem, Post Savage, could be defined as “selling” personal information. Like most companies that operate websites, Post Savage, uses online analytics to measure the ways users engage with our Platform and to provide targeted marketing. These analytics, in turn, inform how we perform online advertising. To provide these analytics and facilitate online advertising, we use third-parties that collect device identifiers and place tags, cookies, beacons, and similar tracking mechanisms on our digital properties and on third-party digital properties as set forth in our Cookie Notice.  You may opt-out of this sharing by submitting a request via email to [email protected].

We will not discriminate against you in a manner prohibited by the U.S. Data Privacy Laws because you exercise your rights. While you may request to delete your Personal Information under U.S. Data Privacy Laws, such deletions may affect Post Savage, ability to offer the Platform or to sell our products and services to you.

Categories of Recipients of Personal Data

The categories of recipients of Personal Data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.

Purpose of the Processing and Legal Bases

Post Savage, processes your personal information for a number of different purposes. Some are essential for us to provide the Platform you use or to fulfill our legal obligations, some help us run the Platform efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases we must have a reason and a legal ground for processing your personal information. Some of the most common legal grounds we rely on are briefly explained below.

Performance of a Contract: We may process your personal data for the purpose of performing under the terms of a contract to which you are a party - in other words, your ability to use the Platform. For instance, if you process payments for your end customers through the Platform, we will process your data to carry out the payment transaction.

Legitimate Interests We may process personal data where it is necessary for our legitimate business interests, but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. We generally rely on legitimate interests to provide and maintain the Platform that works well and securely, to carry out fraud prevention, and to generally improve the Platform. When we rely on this legal basis, if required, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.

Consent: Post Savage, will rely on consent where it is required, such as when we are asking you to confirm your marketing preferences or when you submit sensitive data. When we rely on consent, you will be asked to confirm that you give your permission to Post Savage, to process your personal data. You have the right to withdraw your consent at any time if you no longer want to be part of the Post Savage, processing activity where your consent was sought.

Legal Obligation Post Savage, will on occasion be under a legal obligation to obtain and disclose your personal data or may cooperate in a legal or governmental investigation. Where possible, we will notify you when processing your data due to a legal obligation; however, this may not always be possible. Post Savage, may determine that it needs to provide your data to prevent criminal activity or help to detect criminal activity; in which case, we may share information with law enforcement without notifying you. It is essential that Post Savage, complies with its legal, regulatory, and contractual requirements, so if you object to this processing, Post Savage, will not be able to provide its Platform to you.

Below are the general purposes and corresponding legal bases (in brackets) for which we may use your personal information:

Providing you access to and use of the Platform [depending on the context, performance of a contract, legitimate interests, and in some cases, legal claims].

Processing and completing transactions, and sending you related information, including purchase confirmations and invoices and important notices [depending on the context, performance of a contract or legitimate interests].

Responding to your queries and requests, or otherwise communicating directly with you [depending on the context, performance of a contract, legitimate interests, and in some cases, legal claims].

Improving the content and general administration of the Platform, including system maintenance and upgrades, enabling new features and enhancements [legitimate interests].

Detecting fraud, illegal activities or security breaches [legitimate interests].

Ensuring compliance with applicable laws [compliance with a legal obligation].

Conducting statistical analyses and analytics by monitoring and analyzing trends, usage, and activities in connection with the Platform [consent where required (e.g. 3rd-party cookies), or legitimate interests].

Increasing the number of customers who use our Platform through marketing and advertising [consent where required, or legitimate interests].

Sending commercial communications, in line with your communication preferences, about products and services, features, newsletters, offers, promotions, and events [consent and in some cases, depending on location, with existing customers, legitimate interests].

Providing information to regulatory bodies when legally required, and only as outlined below in this Privacy Notice [legal obligation, legal claims, legitimate interests].

How Long Do We Keep Your Personal Data?

We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Platform, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR.

Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.

When we have no ongoing business need to process your personal information, we will either delete or anonymize it. If you have questions about, or need further information concerning, our data retention periods, please send an email at [email protected]. 

Staying in Control of Your Information: Your Rights

If you are in the EEA or the U.K., you have certain rights in relation to your personal data, including those set forth below. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, if an exception applies, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.

Access: You can request more information about the personal data we hold about you and request a copy of such personal data.

Rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.

Erasure: You can request that we erase some or all of your personal data from our systems.

Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all of our Platform.

Portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.

Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes, such as for direct marketing purposes.

Restriction of Processing: You can ask us to restrict further processing of your personal data.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request under those circumstances.

We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.

In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Platform.

Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.

Exercising Your Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable request to us via email at [email protected].