The following sections on GDPR applies to individuals in the European Economic Area (“EEA”). If you are not sure whether the GDPR section applies to you, please refer to the text of the regulation here or consult with an attorney as Indiegogo is not able to give you legal advice.</p> Who is the Data Controller? <p>Indiegogo is the “data controller” of personal data collected by all of Indiegogo, and we are responsible for deciding how personal data is collected, used, and disclosed. Campaign Owners may also be data controllers of certain data that you provide to Campaign Owners when you make a Contribution to a Campaign or through any of our other Services.</p> <p>You should be aware that when you provide information to us using a third-party site or platform, the information you provide may be separately collected by the third-party site or platform. The information we collect is covered by the Indiegogo Privacy Policy only, and the information the third-party site or platform collects is subject to the third-party site or platform’s privacy practices. Privacy choices you have made on the third party’s site or platform will not apply to our use of the information we have collected directly through our Site or Services. Please also keep in mind that our Site and Services may contain links to other sites not owned or controlled by us and we are not responsible for the privacy practices of those sites. We encourage you to be aware when you leave our Site or Services and to read the policies of other sites that may collect your personal information.</p> Legal bases for use of your information &amp. controls and choices <p>The laws in the European Economic Area (“EEA”) and some other jurisdictions require us to provide Users, to the extent those laws apply to such Users, with the following information:</p> Legal grounds for use and disclosure of personal information <p>The legal grounds for use and disclosure of personal information include any of the below reasons:</p> <ol> <li>As necessary to perform our obligations under any contract with you, including to provide for Campaign disbursement, manage your Campaign or otherwise comply with the Indiegogo Terms of Use.</li> <li>On the basis of consent, such as to send you certain information, including marketing communications, to share your information with partners when you have requested we do that, or to collect and process your information for research purposes if you have Contributed to a Campaign, or otherwise agreed.</li> <li>For our legitimate interests or the legitimate interests of others such as to ensure the security of our Sites, operate and improve our business and our Sites, respond to your questions, engage in certain marketing, make and receive payments, comply with our legal obligations, prevent fraud, conduct analysis, enforce our Terms, engage in a business change (e.g., sale, merger), to know the User to whom we are providing the Service, and to create anonymous data.</li> <li>To protect the vital interests of the individual or others. For example, we may collect or share personal data to help resolve an urgent medical situation.</li> </ol> Controls and choices <ol> <li>In addition, Users in the European Economic Area and some other jurisdictions outside the United States have certain legal rights to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them (including, in some cases, in portable form), and to obtain its correction, update, amendment or deletion in appropriate circumstances. They may also object to our uses or disclosures of personal data, to request a restriction on its processing, or withdraw any consent, though such actions typically will not have retroactive effect. They also will not affect our ability to continue processing data in lawful ways (for example, if you opt out of the use of your telephone number for direct marketing, we might still decide to contact you by phone regarding potential fraud on your account).</li> <li>Users in the European Economic Area have the right to opt-out of all of our processing of their personal data for direct marketing purposes. To exercise this right, you may take control of your data in the top right-hand corner.</li> <li>The rights and options described above are subject to limitations and exceptions under applicable law. In situations in which we process personal data on behalf of our User, we may refer the request to the relevant User and cooperate with their handling of the request, subject to any special contractual arrangement with that User.</li> <li>In addition to these rights, Users in the European Economic Area have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.</li> </ol> How we protect your information and data retention <p>The security, integrity, and confidentiality of your information are extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect User information from unauthorized access, disclosure, use, and modification. We regularly review our security procedures to consider appropriate new technology and methods. However, please be aware that despite our best efforts, no security measures are perfect or impenetrable.</p> <p>We will retain your personal information for the length of time needed to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. To dispose of personal data, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time.</p> Data transfers, storage, and processing globally <p>We operate globally and may transfer your personal information to third parties in locations around the world for the purposes described in this privacy policy. Wherever your personal information is transferred, stored or processed by us, we will take steps to safeguard the privacy of your personal information.</p> Privacy Shield <p>To bring you the Services, we operate globally. Indiegogo complies with the EU-US and Swiss-US Privacy Shield principles (the “Principles”) regarding the collection, use, sharing, and retention of personal information from the European Union, United Kingdom, and Switzerland, as described in our EU-US Privacy Shield certification and Swiss-US Privacy Shield certification. If you have a Privacy Shield-related complaint, please contact us at privacy@indiegogo.com. As part of our participation in Privacy Shield, if you have a dispute with us concerning our adherence to the Principles, we will seek to resolve it through our internal complaint resolution process and under certain conditions, through the Privacy Shield arbitration process.</p> <p>Residents of the European Union, United Kingdom, or Switzerland may elect to arbitrate unresolved complaints but prior to initiating such arbitration, you must: (1) contact us and afford us the opportunity to resolve the issue. (2) seek assistance from our designated independent recourse mechanism above. and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. Each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the individual.</p> <p>Privacy Shield participants are subject to the investigatory and enforcement powers of the US Federal Trade Commission and other authorized statutory bodies. Under certain circumstances, participants may be liable for the transfer of personal information from the EU, United Kingdom, or Switzerland to third parties outside the EU, United Kingdom, and Switzerland. As required under the principles, when we receive information under the Privacy Shield and then transfer it to a third-party service provider acting on our behalf, Indiegogo has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage. Learn more about the EU-US Privacy Shield and Swiss-US Privacy Shield here