Lister Digital Services Privacy Notice
Effective on: 11/18/2024
Introduction and Scope
Lister Digital Services Inc. (“Lister Digital”, “we”, “us”, “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Notice (the “Notice”) addresses individuals whose Personal Data we may receive from our clients as we provide them with our digital and support services (collectively, the “Services”).
Controllership and Basis of Processing
In the context of this Notice, Lister Digital acts as service provider, also known as a “data processor”, for the Personal Data we process for our clients when providing our Services. This means that our clients determine the type of Personal Data they provide for us to process on their behalf. We typically have no direct relationship with the individuals whose Personal Data we receive from our clients. Within the scope of this Notice, we process Personal Data based on the documented instructions of our clients. To learn about our clients’ lawful bases for processing your Personal Data, please read their privacy notices.
How We Receive Personal Data
We may receive your Personal Data when:
- our clients (including their employees, contractors, and other representatives) provide it to us; or
- we receive it from other companies within our corporate group.
Categories of Personal Data
Our clients have full control over the categories of Personal Data which we process. Therefore, we cannot reasonably foresee and list all the types of Personal Data we may be asked to process, and we are unaware of the exact categories of Personal Data being processed. Generally, we process:
- biographical information (such as first and last name);
- contact information (such as email address, postal address, and phone numbers); and
- employment information (such as position and company).
Purposes of Processing
We process Personal Data for the purpose of providing our Services, as a data processor, on behalf of our clients.
Data Retention
We retain Personal Data for as long as instructed by our respective client (who acts as a data controller). We may retain Personal Data for longer if required by law to do so.
Sharing Personal Data with Third Parties
We may share Personal Data with other entities within our corporate group, as well as outside service providers. These third parties process Personal Data on our behalf and agree to use the Personal Data only to assist us in providing our Services or as required by law. Our service providers may provide:
- hosting services
- cloud storage services
- operational services
- document management, collaboration, and editing services.
Some of these third parties may be located outside of the United States. However, before transferring your Personal Data to these third parties, we will require the third party to maintain at least the same level of privacy and security for your Personal Data that we do. We remain liable for the protection of your Personal Data – within the scope of our Data Privacy Framework certification – that we transfer to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.
Additionally, some of these third parties may be located outside of the European Union, the European Economic Area, the United Kingdom, or Switzerland. In some cases, the European Commission may not have determined that the countries’ data protection laws provide a level of protection equivalent to European Union law. We will only transfer your Personal Data to third parties in these countries when there are appropriate safeguards in place. These safeguards may include the 2021 European Commission approved standard contractual data protection clauses.
Other Disclosure of Your Personal Data
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental, law enforcement officials, or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our affiliates, but only if necessary for business purposes, as described in the section above.
If we have to disclose your Personal Data to governmental, law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
Data Integrity & Security
We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. This includes unauthorized access, disclosure, alteration, or destruction.
Access & Review / Limiting the Use and Disclosure of Your Personal Data
If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.
If we have received your Personal Data in reliance on the Data Privacy Framework, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized.
Requests should be sent directly to the Lister Digital client who provided your Personal Data to us. We have limited rights to access the Personal Data our clients submit to us. Therefore, if you contact us with such a request, please provide the name of the Lister Digital client who provided your Personal Data to us. We will forward your request to that client and provide any needed assistance as they respond to your request.
EU-U.S. and Swiss-U.S. Data Privacy Frameworks
With respect to personal data processed in the scope of this Notice, Lister Digital complies with the EU-U.S. Data Privacy Framework (and its UK Extension) and Swiss-U.S. Data Privacy Framework (the “Data Privacy Framework”) as adopted and put forward by the U.S. Department of Commerce regarding the processing of personal data. Lister Digital commits to upholding and has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles.
To learn more about the Data Privacy Framework, and to view Lister Digital’s certification, please visit https://www.dataprivacyframework.gov/s/ and https://www.dataprivacyframework.gov/s/participant-search, respectively.
Dispute Resolution
Where a privacy complaint or dispute cannot be resolved through Lister Digital’s internal processes, Lister Digital has agreed to participate in the VeraSafe Data Privacy Framework Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
Binding Arbitration
If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.
U.S. Regulatory Oversight
Lister Digital is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
European Union Supervisory Authority Oversight
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date.
Contact Us
If you have any questions about this Notice or our processing of your Personal Data, please contact our Data Protection Officer by using the following contact details:
Data Protection Officer
Lister Digital Services Inc.
1900 South Norfolk Street,
STE 350, San Mateo,
California, 94403, United States.
Phone no. 650-577-2300
e-mail: bounteous.dpo@bounteous.com
Please allow up to four weeks for us to reply.
European Union/United Kingdom Representative
VeraSafe has been appointed as Lister Digital’s representative in the European Union or United Kingdom as applicable, for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to Lister Digital only on matters related to the processing of personal information. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at:
EU: +420 228 881 031
U.K: +44 (20) 4532 2003
Alternatively, VeraSafe can be contacted at:
For data protection matters pertaining to EU:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
For data protection matters pertaining to U.K:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom