This Privacy policy (“Policy”) describes how THEBRAINPROJECT AMERICA INC., 1801 Robert Fulton Drive, Suite 400, Reston, Virginia 20191 (the “Company”, “we”, “us”, or “our”) may collect, use, and disclose your personal information when you visit, use our services, or make a purchase from https://axoltbrain.com/ (the “Site”) or otherwise communicate or engage with us in your respective capacity of Site visitor, customer, supplier, contractor or other individual whose information we have processed pursuant to this Policy (collectively “you”, “your” or “data subject”).

Please read this Policy carefully. Save for cases where laws require your explicit consent, you agree to the collection, use and disclosure of your personal information as described in this Policy already by accessing our Site and by using our services (subscription to our newsletter, making purchases via our e-shop, contacting our customer support, etc.). Two important terms used frequently in this Policy: when we use the term "personal information", we are referring to information that identifies, relates to, describes or can be associated with you, and when we use the term “processing” we are referring generally to us collecting, using in any way or extent, or disclosing any personal information.

If you do not agree with the terms of processing of your personal data set out in this Policy, please do not access our Site and do not use any of its services.

Should any of the terms of this Policy or of any particular processing activity described in this Policy be unclear to you, please feel free to contact us at: dataprotection@axoltbrain.com for clarification. 

Position of the Company

In processing your personal information, the Company acts as a Business (for the purposes of the California Privacy Laws) and as a Controller (for the purposes of the GDPR Regulation).

Different protection standards

Depending on the country you are residing in or accessing our Site from (and possibly also other geographical and jurisdictional factors), data subjects whose information we are processing may be subject to different protection standards (such as US, EU or other legal frameworks on data protection). Accordingly, please note that some parts of this Policy may only be applicable to certain group of data subjects. 

Whilst we tried to clearly highlight all key parts of this Policy that have such different application, you can contact us at: dataprotection@axoltbrain.com for clarification what protection standards apply to you e.g. with respect to any particular data processing activity or other data protection matter of your interest.

Changes to this Policy

We do not exclude that the scope of personal information collected, used and/or disclosed by us, or the manner in which we do any of that, may change or expand in the future e.g. in order to ensure more efficient operations of our Site or our commercial activities (incl. customer support). Any such changes will be duly reflected and published in an updated version of this Policy, and notified to the data subjects affected as and where required.

Furthermore, we may also update this Privacy Policy from time to time for other operational, legal, or regulatory reasons.

Each updated version of this Policy published on our Site is clearly dated in its upper left corner (Last updated).

To operate our Site, market and sell our products and provide other services, such as our newsletter and customer support, etc., we may collect, use or disclose (and may have collected, used or disclosed over the past 12 months) various personal information about you from a variety of sources, and in connection with a variety of purposes, as set out below. Scope of information and purposes for which we collect, use or disclose it varies depending on the capacity in which you interact with us – a Site visitor, potential customer, existing customer, supplier or other contractor, etc.

What personal information do we process and how do we collect them?

Primarily, we process personal information that you directly submit to us through our Site or via e-mail, and which may include:

• basic contact details (incl. your full name, address, phone number, email address)

if you are our customer, in addition to the basic contact details also:

• order information (incl. your billing address, shipping address, phone number and email address for handling the order, your payment confirmation)
• information on your account with our Site (incl. your username, password, security questions)
• shopping information (incl. the items you view, put in your cart or add to your wishlist)
• customer support information (incl. any personal information you choose to include in communications with our customer support)

if you are our business partner (contractor, supplier, etc.), in addition to the basic contact details also:

• business information – if you are our supplier or contractor (incl. your business ownership and contact information, your representatives’ information, invoicing information, etc.)

Some services on our Site may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Furthermore, we also process personal information that we automatically collect about your interaction with our Site and the services it offers (“Usage Data”). To do this, we may use cookies, pixels and similar technologies (“Cookies”). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Site or the services it offers. More information about the Cookies and how to manage or block them can be found below in the Cookies Policy.

Finally, we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

• companies who support our Site and our services, such as Shopify and its services (such as fulfilment agents, delivery services, etc.)
• our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfill your orders and provide you with products or services you requested
• when you visit our Site, open or click on emails we send you, or interact with our Site or services it offers or our advertisements, third parties we work with may also automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

Any personal information we obtain from third parties will be processed by us in accordance with this Policy. We are not responsible or liable for the accuracy of any information provided to us by third parties and are not responsible for any third party's policies or practices. For more information, see the section below, Third Party Websites and Links.

How we process personal information?

• Methods of processing

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction or loss of personal information we process.

The processing is carried out using computers and/or IT enabled tools, following organizational procedures and otherwise in the manner adequate to respective purposes of processing. In some cases, personal information is shared with third parties involved in our processing – please refer to section How we share personal information below for more details. 

• Locations

Geographically, we process personal information at the premises of our Company’s operations, location of cloud storage used by our Company, and in other places where the third parties involved in the processing are located. Depending on a particular data subject’s location, our processing of their personal information may involve transferring it to a country other than their own.

When selecting our technology providers and third party suppliers and contractors, and allocating personal information processing activities amongst them, we take into consideration also geographic location of their operations to ensure due performance of personal information processing involved.

• Retention of personal information

Unless specified otherwise in this document, we process and store personal data for as long as required by the purpose(s) they have been collected for. In some cases, we may store certain personal information even longer, as required by applicable law (e.g. due to mandatory archiving duties), or based on specific data subject’s consent.

What are the purposes of processing personal information?

We may process personal information for various purposes further outlined below.

• Providing our products and services

To provide customers with our products and services, we use personal information in the extent necessary to duly fulfil our contracts with customers, as well as desirable to optimize customers’ experience. This includes processing of personal information as part of the processing of customers’ orders and payments, fulfillment and shipment of their orders, creation, maintenance and management of customers’ accounts, informing customers of events related to their respective accounts, purchases, returns, exchanges or other transactions, facilitation of any returns, exchanges and other customers’ claims and rights, enabling them to post customer reviews, etc.

• Research, customer satisfaction and product development

We may use personal information of our customers and other visitors of our Site for various research purposes relating to our Site’s operation and reach, positioning of our brand and products and services, as well as further development and optimization of our products and services (incl. enhancement of customer satisfaction with them). 

• Marketing and advertising

We may use personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you advertisements for products or services. This may also include using personal information to better tailor our services and advertising on our Site and other websites.

• Relations with suppliers and contractors

We use personal information that may be necessary or desirable for due performance and efficient management and administration of our contracts with our suppliers, contractors and other contractual partners we engage with.

• Security and fraud prevention

We may use personal information to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity relating to the use of our Site, our services or other parts of our IT infrastructure or that of our partners and suppliers.

• Compliance

Where necessary, we may use personal information to ensure our full compliance with laws (accounting, taxation, social and labor, anti-money laundering, etc.) and legally binding procedures (such as court orders, subpoenas, official enquiries, etc.), as well as to assert, enforce or defend our rights, claims or assets, or to protect you, us or others against injury, harm or loss.

How do we share personal information?

In certain circumstances, we may share personal information to third parties in accordance with this Policy. All third parties with whom we so share personal information use such personal information in accordance with their own privacy rules.

Such circumstances may include sharing relevant personal information:

• with vendors or other third parties who perform services on our behalf (e.g., internet and cloud service providers, payment processors, fulfilment and shipping partners, customer support partners and data analytics providers)
• with business and marketing partners, including Shopify, to provide services and advertise
• when a data subject directs us, requests or otherwise consents to our disclosure of their personal information to third parties (e.g. to ship products to such data subject – our customer), or through data subject’s use of social media widgets or login integrations, with their consent
• with our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business
• in connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend our services, our rights, and the rights of our customers or others

We do not use or disclose sensitive personal information for the purposes of inferring characteristics about you.

This section is relevant specifically for US data subjects.

Notice at collection

It is intended to provide them with timely notice about the categories of personal information collected or disclosed in the past 12 months so that these data subjects can exercise meaningful control over our use of that information.

As we are launching our business activities in the US and allowing public access to our Site from the US only shortly after the current date of this Policy, over the past 12 months we have not collected or disclosed any category of personal information of US data subjects to any third parties.

This section is relevant specifically for EU data subjects and contains references to provisions of EU legislation – General Data Protection Regulation (“GDPR”).

On what legal basis we process personal information?

We collect and process personal information on various respective legal bases in connection with different purposes of processing:

Purpose of processing

(from section What are the purposes of processing personal information? above)

Legal basis

• Providing our products and services

Primarily, processing is necessary for the performance of our contracts with customers (contract on supply of purchased products), or in order to take steps at the request of customers prior to entering into a contract (Article 6(1)(b) of GDPR). 

Some ancillary processing activities may be performed as necessary for the purposes of our legitimate interest (to provide best products and services to our customers) (Article 6(1)(f) of GDPR).

• Research, customer satisfaction and product development

Primarily, processing is necessary for the purposes of our legitimate interest (to provide best products and services to our customers) (Article 6(1)(f) of GDPR).

Some ancillary processing activities may be performed based on data subject’s consent to such processing (Article 6(1)(a) of GDPR).

• Marketing and advertising

Primarily, processing is performed based on data subject’s consent to such processing  (Article 6(1)(a) of GDPR).

Some processing activities may be performed as necessary for the purposes of our legitimate interest (to achieve best possible economic results and sales) (Article 6(1)(f) of GDPR).

• Relations with suppliers and contractors

Primarily, processing is necessary for the performance of our contracts with customers (contract on supply of purchased products), or in order to take steps at the request of customers prior to entering into a contract (Article 6(1)(b) of GDPR). 

Some ancillary processing activities may be performed as necessary for the purposes of our legitimate interest (to achieve best possible economic results and sales) (Article 6(1)(f) of GDPR).

• Security, fraud prevention
• Compliance

Primarily, processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(c) of GDPR).

Some ancillary processing activities may be performed as necessary for the purposes of our legitimate interest (to ensure due protection of our operations) (Article 6(1)(f) of GDPR).

User generated content and user account credentials

The services on our Site may enable you to post product reviews and other user-generated content. If you choose to submit user generated content to any public area of the Site, this content will be public and accessible by anyone.

We do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available, or for the accuracy, use or misuse of any information that you disclose or receive from third parties.

If you choose to use the Site and our services, and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately.

Third Party Websites and Links

Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Site or our services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators.

International use

Please note that we may transfer, store and process your personal information outside the country you live in, including the United States. Your personal information is also processed by staff and third party service providers and partners in these countries.

If we transfer your personal information out of Europe, we will rely on recognized transfer mechanisms, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Security

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information processed by our Company. Data subjects from EU benefit from all rights listed with an asterix [*] below.

Please note that not all these rights are absolute. Some of them may only apply under certain circumstances, or subject to various exceptions or conditions. In some cases, we may be entitled by law to decline your request for the exercise of some of these rights.

• Right to access / know*. You may have a right to request access to personal information that we hold about you, including details relating to the ways in which we use and share your information.
• Right of copy / portability*. You may have a right to receive a copy of the personal information we hold about you, as well as to request that we transfer it to a third party designated by you.
• Right to correct*. You may have a right to request that we correct inaccurate personal information we maintain about you.
• Right to delete / right to be forgotten*. You may have a right to request that we delete personal information we maintain about you.
• Restriction or objection to processing*. You may have the right to ask us to stop or restrict our processing of your personal information.
• Right to withdraw your consent*. Where we rely on your consent to process your personal information, you may have the right to withdraw such consent.
• Right to appeal: You may have a right to appeal our decision if we decline to process your request. Where applicable, you can do so by replying directly to our denial.
• Managing Communication Preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.

You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided below. We will not discriminate against you for exercising any of these rights. 

In order to verify the identity of the individual submitting any request and to ensure that the person contacting us and exercising the rights of a data subject is entitled to do so (i.e. actually is such data subject, or may act on their behalf), before providing any substantive response to the request we may ask for the relevant identity document or other details of the inquiring person and the relevant data subject (if it is a different person). In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. 

We will respond to any request exercising the data subject’s rights in a timely manner as required under applicable law.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint or have concerns about the way we use or share your personal information, depending on where you live you may have the right to appeal our decision by contacting us (using the contact details set out below), or contact or directly submit your complaint with your local data protection authority.

What are cookies?

Cookies are small text files that are sent by a website, upon its loading, to your computer or mobile device where it is stored by your web browser. Cookies may store information such as your IP address or other identifier, your browser type, and information about the content you view and interact with on the website, etc. By storing such information, cookies can create record of your preferences and settings for online services and analyze how you use online services.

First-party cookies originate on the website a user visits and primarily serve to ensure proper funcionality of such website and track user’s engagement with it. Third-party cookies are generated by other website operators (typically search engines, platforms, data handlers, etc.) and are used by websites to target advertisement, share user’s preferences and collect analytics across multiple sites, improve security, etc.

Depending on their purposes, cookies are classified into categories, such as necessary (used automatically), performance, functional, analytic, advertisement, etc. 

How do we use cookies?

As most of the websites, our Digital Services use first-party and some third-party cookies that are strictly necessary for your use of our Digital Services (e.g. remebering settings, preferences and other material user inputs between individual pages of our website, keeping you logged in, etc.).

With your consent (or unless you decline it – depending on the legislative requirements of the jurisdiction applicable to you), we may also use cookies serving other purposes, e.g. to understand how our Digital Services perform, how you interact with them, to keep our Digital Services secure, provide advertisements that are relevant to you, and all in all to provide you with a better and improved user experience and help speed up your future interactions with our Digital Services.

Managing cookies – your choices

Upon your first interaction with our Digital Services (unless legislation applicable to you does not require this), you will be presented with a cookie settings banner which offers you an overview of relevant cookie categories and a choice to accept or reject their use on our Digital Services, with the exception of strictly necessary cookies which are used automatically.

In addition to this, different browsers provide different methods to block and/or delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. For convenience, listed below are the links to the support information on how to manage, block and/or delete cookies from the major web browsers.

1. Chrome: https://support.google.com/chrome/answer/95647?hl=en
2. Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac
3. Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies
4. Internet Explorer: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d
5. If you are using any other web browser, you may consult their respective official support documents.

Should you have any questions about our privacy practices or this Policy, or if you would like to exercise any of the rights available to you, please send us an e-mail at dataprotection@axoltbrain.com or contact us at 1801 Robert Fulton Drive, Suite 400, Reston, VA, 20191, United States.