Privacy Policy

Warning – this is looong + boring (but important)

Hi. This Privacy Policy is designed to achieve a couple of things:

  1. To describe how WIMZKL, LLC (“we” “our” “us” or “WIMZKL”) collects and uses your personal information, in order to comply with data protection laws within the United States of America (US) + the European Union (EU), including the EU-U.S. + Swiss – U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively, in addition to the EU’s General Data Protection Regulation (GDPR).
  2. To help educate others about these complicated things by making every effort to make them more friendly to diverse audiences.

By the way, if there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more please visit https://www.privacyshield.gov/.

We believe in and are committed to respecting and protecting your privacy, which is why the practices described here are for this site and any others owned and operated by us.

By using our sites, you accept our practices. We may make changes to our Privacy Policy at our sole discretion at any time but will post those updates here. If you don’t agree with them, please don’t use our site(s). Your continued use of our site(s) after we make changes to our Privacy Policy means you accept those changes.

We are the data controller responsible for this site, WIMZKL, LLC, a limited liability company registered in Illinois, USA. Please contact us about anything relevant to this policy in two ways:

  • Snail mail: Privacy at WIMZKL, 2436 Prairie Ave. Evanston, IL USA 60201
  • or Email: privacy [at] wimzkl.com

If you have any questions about anything here, please contact us using the information above.

Our Privacy Policy addresses things like:

  • Children + COPPA
  • Your rights to your own information
  • The use of cookies and tracking technologies
  • The kinds of information about you we might collect
  • Why we collect it
  • Your right to access your information
  • How that information is used

What is “Personal Information”?
“Personal Information” is personally identifiable information such as your name, address, date of birth, phone number, and email address. In the scope of services we provide, the information that is typically collected includes your first name, last name, and business email address. We don’t use any of this for any marketing purposes.

Visiting Our Website
You are free to browse our site(s) without providing any information. We do collect Personal Information, however, when you use our contact form or email us about our services.

Under the age of 16?

We care about the safety + privacy of children online + comply with the Children’s Online Privacy Protection Act of 1998 (COPPA).

Our site isn’t intended to be used by anyone under 16 years old, so we don’t intentionally gather Personal Information from visitors under that age. If you happen to be under the age of 16, please do not submit any personal information via our contact form or email. Thanks.

It’s possible, however, that we could receive information pertaining to someone under 16 by fraud or deception by a 3rd party. If we are notified of this, as soon as we verify the information, we will, especially where required by law to do so, immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will securely delete the information comprehensively from our servers + systems.

If you would like to notify us of our receipt of information about persons under 16, please do so in a timely manner by sending an email to privacy [at] wimzkl.com

Your rights

Subject to certain limitations, you have the following rights:

  • to request access to your information + information related to the use + processing of your information;
  • to request the correction or deletion of your information;
  • to request that we restrict our use of your information;
  • to receive information which you have provided to us in a structured, commonly used + machine-readable format (e.g. a CSV file) + the right to have that information transferred to another data controller (including a 3rd party data controller);
  • to object to the processing of your information for certain purposes;
  • to withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information. Please note –> if you withdraw your consent, this will not affect the lawfulness of our use + processing of your information on the basis of your consent before the point in time you withdrew your consent.

In accordance with Article 77 of the GDPR, you also have the right to lodge a complaint with a supervisory authority, in particular your state of residence or place of work of an alleged infringement of the GDPR.

You can also find out further information about your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 + 34 of the GDPR, which is available here.

Verifying your identity where you request access to your information

Whenever you request access to your information, we are required by law to use all reasonable measures to verify your identity before doing so. These measures are designed to protect your information + to reduce the risk of identity fraud, identity theft or general unauthorised access to your information.

How we verify your identity

We will attempt to verify your identity using information we have. If it is not possible to identity you from such information, or if we have insufficient information about you, we may require original or certified copies of certain documentation in order to be able to verify your identity before we are able to provide you with access to your information.

We will be able to confirm the precise information we require to verify your identity in your specific circumstances if + when you make such a request.

Cookies and Stuff

We don’t use cookies or tracking technologies, such as hidden pixels, gifs or Web beacons, analytics or behavioral profiling tools of any kind. We don’t like to be tracked or profiled + we presume you don’t, either.

All of our new business leads come from inquiries built from relationships, real connections to real people, rather than from covertly collecting information on the habits of strangers. The battles of taste may never be won, but this is how we choose to do things, even if it costs us a few leads every now + then.

Click here http://optout.aboutads.info for information on how you can opt out of behavioral tracking on websites that use such tools.

Likewise, if you prefer not to allow cookies to be read or installed on your devices, you can adjust your web browser settings to reject these or just alert you whenever sites attempt to install them. Here are a coupe of great sites for more information about this: www.allaboutcookies.org or www.youronlinechoices.eu.

“Do Not Track” is a privacy preference that you can set in your web browsers. When someone turns on a Do Not Track signal in their browser, the browser sends a message to websites requesting that they do not track them. For information about Do Not Track, please visit www.allaboutdnt.org

Here’s some useful information about cookies:

And here’s some good info about how different browsers handle cookies:

We don’t even use Google Analytics, which is a web analytics service many organizations use to analyze how you are interacting with Websites. Here’s some useful information about Google Analytics: www.google.com/analytics/learn/privacy.html.

What Personal Information Do We Collect?

Contact Form + Email

When you contact us through our contact form or via email, you submit Personal Information that may include names, email addresses, phone numbers, city, state, country and company information, as well as any other information in the body of the email in order to provide you a prompt response.

When you do that, you consent to collection, use, and disclosure of your Personal Information in accordance with our Privacy Policy. Other information we might collect includes public information available on the Internet or information obtained from other service providers in order to better understand your business and deliver the best experience or solution possible in our work together:

Legal basis for processing: Our legitimate interests (Article 6(1)(f) of the GDPR)

Legitimate interest(s): Responding to inquiries, messages we receive + keeping records of that correspondence.

Transfer + storage of your information: We use a 3rd party email provider to store messages you send to us. Our 3rd party email providers are based in the United States of America + Switzerland.

Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission.

Safeguard(s) used: Our 3rd party email provider has self-certified its compliance with the EU-U.S. Privacy Shield which is available here. The EU-U.S. Privacy Shield is an approved certification mechanism under Article 42 of the GDPR, which is permitted under Article 46(2)(f) of the GDPR. You can access the European Commission decision on the adequacy of the EU-U.S. Privacy Shield here

Phone

When you contact us by phone, we collect your phone number + any information provided to us during your conversation with us. We do not record phone calls:

Legal basis for processing: Our legitimate interests (Article 6(1)(f) of the GDPR)

Legitimate interest(s): Responding to inquiries, messages we receive + keeping records of that correspondence.

Transfer + storage of your information: Information about your call, such as your phone number + the date + time of your call, is processed by our 3rd party telephone service provider + stored in the United States of America.

Post (Snail Mail)

If you contact us by post, we will collect any information you provide to us in any postal communications you send us:

Legal basis for processing: Our legitimate interests (Article 6(1)(f) of the GDPR).
Legitimate interest(s): Responding to inquiries, messages we receive + keeping records of that correspondence.

Transfer + storage of your information: Information you send us by post is stored in the United States of America.

Processing your payment

After purchasing services from us you will need to make payment for the services you have ordered. In order to process your payment we use a 3rd party payment processor, PayPal:

Legal basis for processing: Necessary to perform a contract (Article 6(1)(b) of the GDPR).

Reason why it’s necessary to perform a contract: To fulfil your contractual obligation to pay for the services you have ordered from us.

3rd party payment processors

The 3rd party payment processor we use collects, uses + processes your information, including payment information, in accordance with their privacy policy. You can access their privacy policy via the following link:

Transfer + storage of your information: PayPal may transfer information relating to your transaction + the processing of your transaction outside the European Economic Area. Where they do so, they will put appropriate safeguards in place.

Information Received from 3rd Parties

Generally, we do not receive information about you from 3rd parties. The 3rd parties from which we receive information about you will generally include other businesses + clients we work with from time to time who may recommend our services to you. These could be business in any industry, sector, sub-sector or location.

It is also possible that 3rd parties with whom we have had no prior contact may provide us with information about you, but only with your consent.

Information we obtain from 3rd parties will generally be your name + contact details, but will include any additional information about you which they provide to us:

Legal basis for processing: Necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the GDPR).

Reason why it’s necessary to perform a contract: Where a 3rd party has passed on information about you to us (such as your name + email address) in order for us to provide services to you, we will process your information in order to take steps at your request to enter into a contract with you + perform a contract with you (as the case may be).

Legal basis for processing: Consent (Article 6(1)(a) of the GDPR).
Consent: Where you have asked that a 3rd party to share information about you with us + the purpose of sharing that information is not related to the performance of a contract or services by us to you, we will process your information on the basis of your consent, which you give by asking the 3rd party in question to pass your information on to us:

Legal basis for processing: Our legitimate interests (Article 6(1)(f) of the GDPR).

Legitimate interests: Where a 3rd party has shared information about you with us + you have not consented to the sharing of that information, we will have a legitimate interest in processing that information in certain circumstances.

For example, we would have a legitimate interest in processing your information to perform our obligations under a sub-contract with the 3rd party, where the 3rd party has the main contract with you. Our legitimate interest is the performance of our obligations under our sub-contract.

Similarly, 3rd parties may pass on information about you to us if you have infringed or potentially infringed any of our legal rights. In this case, we will have a legitimate interest in processing that information to investigate + pursue any such potential infringement.

Information obtained by us from 3rd parties

In certain circumstances (for example, to verify the information we hold about you or obtain missing information we require to provide you with a service) we will obtain information about you from certain publicly accessible sources, both EU + non-EU, such as business directories, media publications, social media + websites (including your own website, if you have one). We may do this, for example, if we have insufficient information to be able to contact you or to better understand your business for the purposes of working together.

Legal basis for processing: Necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the GDPR).
Reason why it’s necessary to perform a contract: Where you have entered into a contract or requested that we enter into a contract with you, in certain circumstances, we will obtain information about you from public sources in order to enable us to understand your business + provide services to you or services to a sufficient standard.

For example, we would obtain +/or verify your email address from your website or from a directory where you ask us to send you information by email but we do not possess the information or we need to confirm that we have recorded your email address correctly:

Legal basis for processing: Our legitimate interests (Article 6(1)(f) of the GDPR).

Legitimate interests: In certain circumstances, we will have a legitimate interest in obtaining information about you from public + private sources. For example, if you have infringed or we suspect that you have infringed any of our legal rights, we will have a legitimate interest in obtaining + processing information about you from such sources in order to investigate + pursue any suspected or potential infringement.

Legitimate Interests – How Do We Use Your Information?

We may process your Personal Information for our legitimate business purposes. We make efforts to consider and balance any potential impact on you and your rights under applicable data protection laws.

Legitimate business purpose primarily include how to improve our services or to investigate fraud or for other legal purposes.

For example, this website is hosted by 3rd party technology infrastructure located in the United States of America that automatically logs the IP address you use to access this site as well as other information about your visit, such as the pages you accessed, information requested, the date + time of the request, the source of your access to this website (e.g. the website or URL (link) which referred you to our site), + your browser version + operating system.

Our 3rd party hosting provider stores server logs to ensure network + IT security + so that the server + website are resistant + resilient to compromise. This includes analyzing log files to help identify + prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks + other cyber attacks, by detecting unusual or suspicious activity.

Unless we are engaged in investigating suspicious or potential criminal activity, we do not make, nor do we allow our website server provider to make any attempt to identify you or your online browsing habits from the information collected via server logs:

Legal basis for processing: compliance with a legal obligation to which we are subject (Article 6(1)(c) of the GDPR).

Legal obligation: we have a legal obligation to implement appropriate technical + operational measures to ensure a level of security appropriate to the risk of our processing of information about individuals. Recording access to our website using server log files is such a measure:

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the GDPR).

Legitimate interests: we have a legitimate interest in using your information for the purposes of ensuring network + information security.

Distribution of Information
We reserve the right to disclose your Personal Information under the following conditions: (1) when permitted or required by law; (2) when trying to protect against or prevent actual or potential fraud or unauthorized transactions; or (3) when investigating fraud which has already taken place. The information is never provided to other organizations for marketing purposes.

It may go without saying but to be explicit: we ask that you don’t use our site or services for any means that are deceptive, malicious, or with the intention to abuse or misuse any computer system, organization, or person. Use of our site or services for any of the purposes outlined in this paragraph are strictly prohibited.

Disclosure of Your Information to Service Providers

We use a number of 3rd parties to provide us with services which are necessary to run our business or to assist us with running our business + who process your information for us on our behalf. These include the following:

  • Telephone providers (USA),
  • Email providers (USA + Switzerland),
  • IT service providers (USA + Switzerland),
  • Hosting provider (USA).

Your information will be shared with these service providers only where necessary to enable us to run our business.

Disclosure of Criminal Acts or Threats to Public Security to a Competent Authority

If we suspect that criminal or potential criminal conduct has occurred, we will in certain circumstances need to contact an appropriate authority, such as the FBI. This could be the case, for instance, if we suspect that a fraud or a cyber crime has been committed or if we receive threats or malicious communications towards us or 3rd parties.

We will generally only need to process your information for this purpose if you were involved or affected by such an incident in some way:

Legal basis for processing: Our legitimate interests (Article 6(1)(f) of the GDPR).
Legitimate interests: Preventing crime or suspected criminal activity (such as fraud).

Enforcement of Our Rights

We will use your information in connection with the enforcement or potential enforcement of our legal rights, including sharing information with debt collection agencies if you do not pay amounts owed to us when you are contractually obliged to do so. Our legal rights may be contractual (where we have entered into a contract with you) or non-contractual (such as legal rights that we have under copyright law, for example):

Legal basis for processing: Our legitimate interests (Article 6(1)(f) of the GDPR).
Legitimate interest: Enforcing our legal rights + taking steps to enforce our legal rights.

Legal Dispute or Proceedings

We may need to use your information if we are involved in a dispute with you or a 3rd party for example, either to resolve the dispute or as part of any mediation, arbitration, court resolution or similar process:

Legal basis for processing: Our legitimate interests (Article 6(1)(f) of the GDPR).
Legitimate interest(s): Resolving disputes + potential disputes.

Compliance with Laws, Regulations + Other Legal Requirements

We will use + process your information in order to comply with legal obligations to which we are subject. For example, we may need to disclose your information pursuant to a court order or subpoena if we receive one in connection with suspected or potential money laundering matters:

Legal basis for processing: Compliance with a legal obligation (Article 6(1)(c) of the GDPR).
Legal obligation(s): 
Legal obligations to disclose information which are part of the laws of Illinois or if they have been integrated into the United States of America’s legal framework (for example in the form of an international agreement which the United States has signed with the EU).

Legal basis for processing: Our legitimate interests (Article 6(1)(f) of the GDPR).
Legitimate interest: Where the legal obligations are part of the laws of another country + have not been integrated into the United States’ legal framework, we have a legitimate interest in complying with these obligations.

Third Parties
To provide our products and services, we may occasionally use third-party businesses to provide and perform specialized products and services for data processing. When we provide Personal Information to these businesses, they are not permitted to use the Personal Information for any reason outside of the scope for which we contracted them:

Legal basis for processing: Legitimate interests (Article 6(1)(f) of the GDPR).
Legitimate interest(s): 
Sharing your information with a prospective purchaser, seller or similar person in order to allow such a transaction to take place.

We may share your information with 3rd parties, which are either related to or associated with the running of our business, where it is necessary for us to do so. These 3rd parties include our accountants, advisors, affiliates, business partners, independent contractors + insurers:

Legal basis for processing: Our legitimate interests (Article 6(1)(f) of the GDPR).
Legitimate interest: Running + managing our business efficiently.

Payment processing

When you pay for services, if you select PayPal, information about your order + the processing of your order may be transferred outside the European Economic Area.

PayPal

If you are a citizen of the EU making payment from outside the US, PayPal may transfer information they process about your order outside the EU. Where they do so, they will ensure appropriate safeguards are in place. You can access PayPal’s privacy policy here.

Selling of Personal Information
We will never sell your Personal Information.  To anyone. For any reason. Ever.

Commitment to Data Security
Your Personal Information is kept secure. Only authorized employees, agents, and contractors (who have agreed to keep information secure and confidential) have access to this information.

We (and our 3rd party service providers) use a variety of industry standard security measures to prevent unauthorized access, use, or disclosure of your Personal Information. These security measures consist of but are not limited to data encryption and physical security. Keep in mind that no method of transmission or electronic storage is 100% secure 100% of the time. We make every effort by industry standards to protect your Personal Information, but we cannot guarantee its absolute security. That’s just the way it is.

Changes to Your Personal Information
We’re happy to provide you with information about whether or not we hold any of your Personal Information. Upon verification, you may choose to exercise your right to request that we  securely delete your Personal Information from our servers + systems . Note that there may be specific circumstances in which we cannot delete your Personal Information. When we delete your Personal Information, it will be erased from our records. However, the Personal Information may still be archived in our backups in accordance with our retention policies.

If you would like to access your Personal Information and/or correct, amend, or delete the information where it is inaccurate, please contact us at privacy [at] wimzkl.com

Data Retention

We will retain your Personal Information for the period necessary to fulfill the purpose outlined in this Privacy Policy unless a longer retention period is required for some reason, such as by applicable data privacy law.

In any other circumstances, we will retain your information for no longer than necessary, taking into account the following:

  • the purpose(s) + use of your information both now + in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or to contact you in the future);
  • whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation);
  • whether we have any legal basis to continue to process your information (such as your consent);
  • how valuable your information is (both now + in the future);
  • any relevant agreed industry practices on how long information should be retained;
  • the levels of risk, cost + liability involved with us continuing to hold the information;
  • how hard it is to ensure that the information can be kept up to date + accurate;
  • any relevant surrounding circumstances (such as the nature + status of our relationship with you).

Accuracy
We take reasonable steps to ensure that your Personal Information is accurate, complete, current and otherwise reliable for its intended use.

Enforcement
If we obtain knowledge that one of our service providers or partners is in violation of this Privacy Policy, we will take reasonable steps to prevent the unauthorized use or disclosure of your Personal Information. We take data privacy seriously and agree to take commercially reasonable measures to ensure the proper handling of your Personal Information by our partners and service providers.

Wow

You read all the way to the end? You’re either a policy wonk, bored or stealing this to use on your own site.

If you’re stealing this, cool, but please give us a nod of credit, wontcha?  We worked hard on it.

Thanks for reading.