10. United Kingdom and European Union Privacy Rights
If you reside in the European Union, you may have certain privacy rights under Regulation (EU) 2016/679, the General Data Protection Regulation ("GDPR"), to the extent the GDPR does not conflict with the laws of the United Kingdom. Even if we do not have a legal obligation to do so under the laws of the United Kingdom, we may respond to your requests made per the GDPR. However, voluntary responses are not a waiver of our legal rights and obligations under the laws of the United Kingdom or the arbitration provisions found within our website’s Terms and Conditions of Use.
Small or Medium-Sized Enterprise Status
We are a small or medium-sized enterprise (“SME”). This means that because of the size of our business, to the extent (if any) the GDPR governs our relationship with you, some of GDPR’s obligations do not apply because we are an SME.
How to Make A Request
To make a GDPR request, please contact us by using one of the contact methods listed on our Website’s “Contact” page at www.spectralcore.com/contact-us. We will respond within thirty (30) days of receipt of your request.
Requests to Access Personal Data
If we grant your request to access personal data, we will: (1) confirm whether or not we are processing your personal data; (2) provide you with a copy of any of your personal data that we possess; and (3) provide you with information about how we process such data (e.g. purposes, categories, recipients, etc.).
Requests to Delete Data
If you request that we delete your personal data that we possess, we will do so unless: (1) the data is needed to exercise the right of freedom of expression; (2) we have a legal obligation to keep the data; (3) we must keep the data for reasons of public interest; or (4) the data has been processed so that it is anonymized.
Any personal data we processed unlawfully will be deleted. If you were a minor when we collected the personal data, we will delete the data upon request.
If we believe any third parties have acquired your personal data through us, we will take reasonable steps to inform them that you have requested erasure of such data.
Objections to Processing of Personal Data
If your request is an objection to the processing of your personal data for directing marketing purposes, we will cease using your data for such purposes.
As a general rule, we will comply with objections to processing personal data except: (1) where it is not technically or commercially feasible to do so; or (2) we have a legal obligation that overrides your individual rights and freedoms.
Portability Requests
If we collected personal data from you because of a contract between us or based on your consent, and we processed that data by automated means (in structured machine-readable format), you can request that data be transmitted by us to another company or organization.
We will provide such data to the recipient third party in a commonly used open format electronic file (e.g. CSV, JSON, XML, etc.).
Denied Requests
If we reject your request, we will provide you with the reason(s) for doing so. You may then choose to file a complaint with the Data Protection Authority and request a judicial remedy to the extent such a request is not in conflict with the laws of laws of the United Kingdom or the arbitration provisions of our website’s Terms and Conditions of Use).
Processing Fees
As a general rule, there is no fee for processing your GDPR request. However, we reserve the right to refuse your request or charge a reasonable fee for processing it if the request is manifestly unfounded or excessive. For example, it would be excessive to make a repetitive second request to access your personal data one month after we provided you with the data from a prior request.
Automated Processing
We may make decisions through automated processing (e.g. algorithms) of personal data that are legally binding or significantly affect you.
Any such automated decision-making is done per your express consent or because it is necessary for reasons of substantial public interest under applicable law.
Such an automated decision may be made based on relevant law. However, if the decision is made for other reasons, we will inform you of the process’ logic and potential consequences of the decision. To the extent that the GDPR does not conflict with the laws of the United Kingdom or the arbitration provisions found within our website’s Terms and Conditions of Use, you may also have a right to obtain human intervention and contest the automated decision.