Privacy Policy

Owner: Sound Concepts, Inc of 782 S. Auto Mall Drive Suite A, American Fork, UT 84003, United States (we/us).

Services: We use a platform called Brightools, which is a sales automation tool designed to help you share your story with others. Namely, we supply program applications to help you build your business, assess and communicate with [prospective clients and [your customers], help manage leads and share digital content on social media and messaging platforms. (Services).

Sites: We also have three websites where you can sign up to our Services or find out more information about what we do: https://www.soundconcepts.com/, http://brightools.com/ and http://mybuildersystem.com. (Sites).

At Sound Concepts Inc., we take data privacy very seriously. The following information sets out the uses to which we will put the information that we have about you and the legal basis for doing so, as well as explaining to you the rights that you have over the way that we use your information. This policy should be read in conjunction with our Data Retention Policy and Data Protection Policy.

For the purposes of the General Data Protection Regulation (GDPR), and [any subsequent EU member state legislation covering data protection], we are the data controller for the contact details, billing details and other account information we collect from our users in the EU upon registration to our Services on one of the Sites namely the entity that collects and processes your data for various purposes, including asking one or more third parties to do so on our behalf, details of which are set out below (where applicable). However, you remain the data controller for all personal data of your device contacts (see the 'Contact Data' section below for more details).

As we are based outside the European Union (EU) and as required by the GDPR, we have appointed a representative who will deal with all data protection related queries on our behalf. Please address all queries relating to this policy and/or data protection more generally to [Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].

Your Personal Data

In order to use our Services, basic user information about you is collected upon registration, either by us or by a third party authorised to do so. The information we collect about you might include the following:

(Personal Data)

How we collect information

Personal Data will be collected when you sign up to our Services and in the course of your use of the Services and the Sites.

We may collect information from you whenever you contact us or have any involvement with us for example when you:

Where we collect information from

We collect information:

The Purposes for Which We Collect Your Data

The information that we collect about you will be used for the following purposes:

(Purposes)

We will never sell, licence or rent your Personal Data to anyone.

Legal Justification for Processing Your Data

The use of your Personal Data for these Purposes set out above is lawful because one or more of the following applies:

(Lawful Uses)

Contact Data

As part of our Services, you have the option of uploading some or all of your device contacts (Contact(s)).
You may ask us to create bespoke links to marketing material or ask us to send other communications to these Contact(s).

For the avoidance of doubt, you, as user of our Services, are the data controller in relation to the Contact(s) and their personal data and we are the data processors.

When you sign up to our Services, you will be asked to agree to the terms of a data processing agreement with us and which provides further detail of this arrangement, which requires that you distribute your own privacy notice to your Contact(s), and which will include information about us and our processing of the Contact(s)' Personal Data.

You are not required to upload your Contact(s) to use our Services, so if you do not agree to the terms of our data processing agreement; please do not upload your Contact(s). Uploading your Contacts without a data processing agreement in place and without the Contacts having received a privacy notice from you will put you (or your employer, if doing this on behalf of your employer) in breach of [UK and] European data protection legislation, as well as the domestic laws of individual member states of the European Union and which could result in sanctions from the relevant data protection authority.

We ask you to enter into a data processing agreement with us because it is necessary for us (and you, as data controller) to meet our obligations under the GDPR.

Anti Spam Policy

Spam is unsolicited email also known as UCE (Unsolicited Commercial Email).

We have a 'no tolerance' spam policy. Our customer support actively monitors large import lists and emails going to a large number of contacts. Any customer found to be using our Services for the purposes of sending spam will be immediately cut-off from use of the Services. If you know of or suspect any violators, please notify us immediately at support@mysecureoffice.com

As you will see in our data processing agreement, any Contact(s) which you upload or communicate with when using our Services or ask us to do so on your behalf must have a pre-existing business relationship with you (or there must be another lawful ground which you can rely upon to contact them) and must have been clearly and fully notified by you in advance by means of the sending of a privacy notice to them about the collection and use of his or her contact details by you.

This is echoed in our strict permission-based philosophies:

Communication - By accepting our data processing agreement and other terms, you have agreed to use only permission-based lists and never to sell or rent your lists.

Unsubscribe - Every email generated from our Services contains an unsubscribe link which allows your Contact(s) to opt-out of future emails and automatically updates your database of Contacts in order to avoid the chance of sending unwanted emails to visitors who have unsubscribed.

Contact Information - All of your emails are pre-filled with your Contacts' information. You are required to make sure this information is up to date and accurate.

For more information, please contact Customer Support at support@mysecureoffice.com.

Security of Your Data

We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.

We take precautions to protect your information. When you submit Personal Data when using our Services or Site, this is protected both online and offline. Wherever we collect Personal Data, it is encrypted and transmitted to us in a secure way.

We work to protect the security and unauthorised use of your information and data during transit by using Secure Sockets Layer (SSL) software. This encrypts information between our servers and the applications which form part of our Services. We also ensure that our apps are talking only to our servers through SSL pinning. If we store your password, it is encrypted in our database and we use password tokenization during login validation and data exchanges with our servers.

Whilst we encrypt Personal Data transmitted online, we also protect your Personal Data offline. We always ensure only authorised persons have access to your information, which means only our employees and contractors, and that everyone who has access is appropriately trained to manage your information. Only employees and contractors who need access to the information to perform a specific and necessary function are granted access to Personal Data and we will do our best to ensure that that they act only in line with our Data Protection Policy and are under an appropriate duty of confidence. The computers/servers on which we store Personal Data are kept in a secure environment.

Please note, as no data transmissions over the internet can be guaranteed to be one hundred percent secure, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. However, we will take all steps necessary to ensure that your Personal Data is treated securely in accordance with this Privacy Policy.

Transfers to Third Parties

Your information [will/may] be passed to the following third parties:

The transfer of your Personal Data is lawful because it is necessary for us to perform our obligations under the contract we have entered into with you for the Purpose(s), or because it is necessary for the purposes of a legitimate interest pursued by us, or by a third party, and we have reasonably determined that these legitimate interests are not overridden by your fundamental rights and freedoms which require protection of the personal data.

When we transfer Personal Data to a third party, they are acting as an agent on our behalf. Sound Concepts, Inc. remains liable if such Personal Data is processed in a manner inconsistent with this policy, unless Sound Concepts, Inc. is able to prove that they are not responsible for the event giving rise to the claim.

We may also transfer your Personal Data where we are under a duty to disclose or share it in order to comply with a legal obligation. We are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).

Your Personal Data may also be transferred to another company in the event of the transfer of our assets to a third party. In that event, we will endeavour, where possible, to notify you prior to the event and offer you the chance to cease use of the Services and remove your Personal Data from our database. In any event, we will endeavour to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected. If the transferee is based outside of the EU, the provisions of sub-paragraph (ii) below will also apply.

(i) Outside the EU

We do send your Personal Data outside of the EU because our servers are based outside the EU, and our head office is outside the EU, in the United States. However, we meet our obligations under the applicable legislation by ensuring that any Personal Data we control has the same protection as if it were being held within the EU because we have self-certified ourselves under the EU-US Privacy Shield regime. For further details, please see our entry in the register for the Privacy Shield Framework here.

Where we transfer Personal Data outside the EU other than in the above circumstances, we will meet our obligations under the GDPR in relation to that transferee company:

Sound Concepts, Inc. complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Sound Concepts, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

Dispute and Unresolved Dispute Resolution

In compliance with the Privacy Shield Principles, Sound Concepts, Inc. commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Sound Concepts, Inc. at: support@mysecureoffice.com

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact TrustArc, our U.S.-based third-party dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit at https://feedback-form.truste.com/watchdog/request. When searching, please select www.soundconcepts.com or Sound Concepts. This service is provided at no cost to you.

You have the right, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by Sound Concepts, Inc. or through TurstArc, our third-party dispute resolution provider. More information can be found at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Storage of Data

Your information will be always be stored in accordance with our Data Retention Policy and in any event, only for so long as is reasonably necessary in order to carry out the Purpose(s).

Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for [two] years. We may periodically ask you to renew your consent.

If you ask us to stop contacting you with marketing materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.

Cookies

Cookies are small text files that are placed on your computer by apps that you use or websites that you visit. They are widely used in order to make apps or websites work, or work more efficiently, as well as to provide information to us. The table below explains the cookies we use and why. We do not do this to track individual users or to identify them, but to gain useful knowledge about how users use the Services and Site, so that we can keep improving it for you.

The law states that we can store cookies on your machine if they are essential to the operation of the Services and Sites but that for all other purposes, we need your permission to do so.

Below is a table of non-essential cookies which we also store about your use of the Sites:

If you do not wish to receive cookies from us or on any other website, you can turn cookies off on your web browser: please follow your browser provider's instructions in order to do so. In a few cases, some of our Services and Sites' features may not function as a result. Most web browsers allow some control of cookies through its settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org, www.allaboutcookies.org or www.civicuk.com/cookie-control/browser-settings.

Your Rights Under EU Data Protection Laws

You have the right to request details of the processing activities that we carry out with your Personal Data through making a Subject Access Request. Such requests have to be made in writing. More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request, please contact us at [details][Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].

You also have the following rights:

All of these rights are subject to certain safeguards and exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact [Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner's Office. Further details about how to complain can be found here.

Children

Our services are not intended for anyone under sixteen and we do not knowingly collect personal information from anyone under sixteen.

Use of Aggregated/Anonymised Data

We may use information obtained about you from monitoring your use of the Services and Sites solely for internal purposes, including the performance and evaluation of the Services and Sites. Data collected by monitoring will be aggregated and anonymised.

We are entitled to do this because the resulting data will not personally identify you and will therefore no longer constitute personal data for the purposes of data protection laws.

We may also use the information we gather to notify you about important functionality changes and alterations to the Services and Sites, or offer of products, services or information that might be of particular interest to you (where you have consented to this).

The use of your information for these purposes is lawful because it is necessary for the purposes of legitimate interests pursued by us, our application and our website developers in order to keep the Services and Sites up to date and provide additional services to our users from time to time.

Mailing Lists

If you subscribe to our mailing lists for news releases and other information, we may also ask you to answer various general questions about yourself. You will be asked to specify the areas in which you are interested so that we can tailor the information which we send to you to cover the new products and special offers which we believe you might be interested in.

Newsletter

If you subscribe to our newsletter and at any time you wish to stop receiving this or any other information you may have requested from us or any other company, please email or write to support@mysecureoffice.com or click the Unsubscribe/Opt-out link at the bottom of any newsletter you may receive from us.

Amendments to this Privacy Policy

We may occasionally modify this Privacy Policy, such variations becoming effective thirty days after posting to the Sites and of which we shall send you notification of such variations based on your notification preference.

Translations Coming Soon

Privacy Policy

Owner: Sound Concepts, Inc of 782 S. Auto Mall Drive Suite A, American Fork, UT 84003, United States (we/us).

Services: We use a platform called Brightools, which is a sales automation tool designed to help you share your story with others. Namely, we supply program applications to help you build your business, assess and communicate with [prospective clients and [your customers], help manage leads and share digital content on social media and messaging platforms. (Services).

Sites: We also have three websites where you can sign up to our Services or find out more information about what we do: https://www.soundconcepts.com/, http://brightools.com/ and http://mybuildersystem.com. (Sites).

At Sound Concepts Inc., we take data privacy very seriously. The following information sets out the uses to which we will put the information that we have about you and the legal basis for doing so, as well as explaining to you the rights that you have over the way that we use your information. This policy should be read in conjunction with our Data Retention Policy and Data Protection Policy.

For the purposes of the General Data Protection Regulation (GDPR), and [any subsequent EU member state legislation covering data protection], we are the data controller for the contact details, billing details and other account information we collect from our users in the EU upon registration to our Services on one of the Sites namely the entity that collects and processes your data for various purposes, including asking one or more third parties to do so on our behalf, details of which are set out below (where applicable). However, you remain the data controller for all personal data of your device contacts (see the 'Contact Data' section below for more details).

As we are based outside the European Union (EU) and as required by the GDPR, we have appointed a representative who will deal with all data protection related queries on our behalf. Please address all queries relating to this policy and/or data protection more generally to [Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].

Your Personal Data

In order to use our Services, basic user information about you is collected upon registration, either by us or by a third party authorised to do so. The information we collect about you might include the following:

(Personal Data)

How we collect information

Personal Data will be collected when you sign up to our Services and in the course of your use of the Services and the Sites.

We may collect information from you whenever you contact us or have any involvement with us for example when you:

Where we collect information from

We collect information:

The Purposes for Which We Collect Your Data

The information that we collect about you will be used for the following purposes:

(Purposes)

We will never sell, licence or rent your Personal Data to anyone.

Legal Justification for Processing Your Data

The use of your Personal Data for these Purposes set out above is lawful because one or more of the following applies:

(Lawful Uses)

Contact Data

As part of our Services, you have the option of uploading some or all of your device contacts (Contact(s)).
You may ask us to create bespoke links to marketing material or ask us to send other communications to these Contact(s).

For the avoidance of doubt, you, as user of our Services, are the data controller in relation to the Contact(s) and their personal data and we are the data processors.

When you sign up to our Services, you will be asked to agree to the terms of a data processing agreement with us and which provides further detail of this arrangement, which requires that you distribute your own privacy notice to your Contact(s), and which will include information about us and our processing of the Contact(s)' Personal Data.

You are not required to upload your Contact(s) to use our Services, so if you do not agree to the terms of our data processing agreement; please do not upload your Contact(s). Uploading your Contacts without a data processing agreement in place and without the Contacts having received a privacy notice from you will put you (or your employer, if doing this on behalf of your employer) in breach of [UK and] European data protection legislation, as well as the domestic laws of individual member states of the European Union and which could result in sanctions from the relevant data protection authority.

We ask you to enter into a data processing agreement with us because it is necessary for us (and you, as data controller) to meet our obligations under the GDPR.

Anti Spam Policy

Spam is unsolicited email also known as UCE (Unsolicited Commercial Email).

We have a 'no tolerance' spam policy. Our customer support actively monitors large import lists and emails going to a large number of contacts. Any customer found to be using our Services for the purposes of sending spam will be immediately cut-off from use of the Services. If you know of or suspect any violators, please notify us immediately at support@mysecureoffice.com

As you will see in our data processing agreement, any Contact(s) which you upload or communicate with when using our Services or ask us to do so on your behalf must have a pre-existing business relationship with you (or there must be another lawful ground which you can rely upon to contact them) and must have been clearly and fully notified by you in advance by means of the sending of a privacy notice to them about the collection and use of his or her contact details by you.

This is echoed in our strict permission-based philosophies:

Communication - By accepting our data processing agreement and other terms, you have agreed to use only permission-based lists and never to sell or rent your lists.

Unsubscribe - Every email generated from our Services contains an unsubscribe link which allows your Contact(s) to opt-out of future emails and automatically updates your database of Contacts in order to avoid the chance of sending unwanted emails to visitors who have unsubscribed.

Contact Information - All of your emails are pre-filled with your Contacts' information. You are required to make sure this information is up to date and accurate.

For more information, please contact Customer Support at support@mysecureoffice.com.

Security of Your Data

We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.

We take precautions to protect your information. When you submit Personal Data when using our Services or Site, this is protected both online and offline. Wherever we collect Personal Data, it is encrypted and transmitted to us in a secure way.

We work to protect the security and unauthorised use of your information and data during transit by using Secure Sockets Layer (SSL) software. This encrypts information between our servers and the applications which form part of our Services. We also ensure that our apps are talking only to our servers through SSL pinning. If we store your password, it is encrypted in our database and we use password tokenization during login validation and data exchanges with our servers.

Whilst we encrypt Personal Data transmitted online, we also protect your Personal Data offline. We always ensure only authorised persons have access to your information, which means only our employees and contractors, and that everyone who has access is appropriately trained to manage your information. Only employees and contractors who need access to the information to perform a specific and necessary function are granted access to Personal Data and we will do our best to ensure that that they act only in line with our Data Protection Policy and are under an appropriate duty of confidence. The computers/servers on which we store Personal Data are kept in a secure environment.

Please note, as no data transmissions over the internet can be guaranteed to be one hundred percent secure, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. However, we will take all steps necessary to ensure that your Personal Data is treated securely in accordance with this Privacy Policy.

Transfers to Third Parties

(i) Within the EU

Your information [will/may] be passed to the following third parties:

The transfer of your Personal Data is lawful because it is necessary for us to perform our obligations under the contract we have entered into with you for the Purpose(s), or because it is necessary for the purposes of a legitimate interest pursued by us, or by a third party, and we have reasonably determined that these legitimate interests are not overridden by your fundamental rights and freedoms which require protection of the personal data.

We may also transfer your Personal Data where we are under a duty to disclose or share it in order to comply with a legal obligation.

Your Personal Data may also be transferred to another company in the event of the transfer of our assets to a third party. In that event, we will endeavour, where possible, to notify you prior to the event and offer you the chance to cease use of the Services and remove your Personal Data from our database. In any event, we will endeavour to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected. If the transferee is based outside of the EU, the provisions of sub-paragraph (ii) below will also apply.

(ii) Outside the EU

We do send your Personal Data outside of the EU because our servers are based outside the EU, and our head office is outside the EU, in the United States. However, we meet our obligations under the applicable legislation by ensuring that any Personal Data we control has the same protection as if it were being held within the EU because we have self-certified ourselves under the EU-US Privacy Shield regime. For further details, please see our entry in the register for the Privacy Shield Framework here.

Where we transfer Personal Data outside the EU other than in the above circumstances, we will meet our obligations under the GDPR in relation to that transferee company:

Storage of Data

Your information will be always be stored in accordance with our Data Retention Policy and in any event, only for so long as is reasonably necessary in order to carry out the Purpose(s).

Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for [two] years. We may periodically ask you to renew your consent.

If you ask us to stop contacting you with marketing materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.

Cookies

Cookies are small text files that are placed on your computer by apps that you use or websites that you visit. They are widely used in order to make apps or websites work, or work more efficiently, as well as to provide information to us. The table below explains the cookies we use and why. We do not do this to track individual users or to identify them, but to gain useful knowledge about how users use the Services and Site, so that we can keep improving it for you.

The law states that we can store cookies on your machine if they are essential to the operation of the Services and Sites but that for all other purposes, we need your permission to do so.

Below is a table of non-essential cookies which we also store about your use of the Sites:

If you do not wish to receive cookies from us or on any other website, you can turn cookies off on your web browser: please follow your browser provider's instructions in order to do so. In a few cases, some of our Services and Sites' features may not function as a result. Most web browsers allow some control of cookies through its settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org, www.allaboutcookies.org or www.civicuk.com/cookie-control/browser-settings.

Your Rights Under EU Data Protection Laws

You have the right to request details of the processing activities that we carry out with your Personal Data through making a Subject Access Request. Such requests have to be made in writing. More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request, please contact us at [details][Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].

You also have the following rights:

All of these rights are subject to certain safeguards and exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact [Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner's Office. Further details about how to complain can be found here.

Children

Our services are not intended for anyone under sixteen and we do not knowingly collect personal information from anyone under sixteen.

Use of Aggregated/Anonymised Data

We may use information obtained about you from monitoring your use of the Services and Sites solely for internal purposes, including the performance and evaluation of the Services and Sites. Data collected by monitoring will be aggregated and anonymised.

We are entitled to do this because the resulting data will not personally identify you and will therefore no longer constitute personal data for the purposes of data protection laws.

We may also use the information we gather to notify you about important functionality changes and alterations to the Services and Sites, or offer of products, services or information that might be of particular interest to you (where you have consented to this).

The use of your information for these purposes is lawful because it is necessary for the purposes of legitimate interests pursued by us, our application and our website developers in order to keep the Services and Sites up to date and provide additional services to our users from time to time.

Mailing Lists

If you subscribe to our mailing lists for news releases and other information, we may also ask you to answer various general questions about yourself. You will be asked to specify the areas in which you are interested so that we can tailor the information which we send to you to cover the new products and special offers which we believe you might be interested in.

Newsletter

If you subscribe to our newsletter and at any time you wish to stop receiving this or any other information you may have requested from us or any other company, please email or write to support@mysecureoffice.com or click the Unsubscribe/Opt-out link at the bottom of any newsletter you may receive from us.

Amendments to this Privacy Policy

We may occasionally modify this Privacy Policy, such variations becoming effective thirty days after posting to the Sites and of which we shall send you notification of such variations based on your notification preference.

Translations Coming Soon

Privacy Policy

Owner: Sound Concepts, Inc of 782 S. Auto Mall Drive Suite A, American Fork, UT 84003, United States (we/us).

Services: We use a platform called Brightools, which is a sales automation tool designed to help you share your story with others. Namely, we supply program applications to help you build your business, assess and communicate with [prospective clients and [your customers], help manage leads and share digital content on social media and messaging platforms. (Services).

Sites: We also have three websites where you can sign up to our Services or find out more information about what we do: https://www.soundconcepts.com/, http://brightools.com/ and http://mybuildersystem.com. (Sites).

At Sound Concepts Inc., we take data privacy very seriously. The following information sets out the uses to which we will put the information that we have about you and the legal basis for doing so, as well as explaining to you the rights that you have over the way that we use your information. This policy should be read in conjunction with our Data Retention Policy and Data Protection Policy.

For the purposes of the General Data Protection Regulation (GDPR), and [any subsequent EU member state legislation covering data protection], we are the data controller for the contact details, billing details and other account information we collect from our users in the EU upon registration to our Services on one of the Sites namely the entity that collects and processes your data for various purposes, including asking one or more third parties to do so on our behalf, details of which are set out below (where applicable). However, you remain the data controller for all personal data of your device contacts (see the 'Contact Data' section below for more details).

As we are based outside the European Union (EU) and as required by the GDPR, we have appointed a representative who will deal with all data protection related queries on our behalf. Please address all queries relating to this policy and/or data protection more generally to [Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].

Your Personal Data

In order to use our Services, basic user information about you is collected upon registration, either by us or by a third party authorised to do so. The information we collect about you might include the following:

(Personal Data)

How we collect information

Personal Data will be collected when you sign up to our Services and in the course of your use of the Services and the Sites.

We may collect information from you whenever you contact us or have any involvement with us for example when you:

Where we collect information from

We collect information:

The Purposes for Which We Collect Your Data

The information that we collect about you will be used for the following purposes:

(Purposes)

We will never sell, licence or rent your Personal Data to anyone.

Legal Justification for Processing Your Data

The use of your Personal Data for these Purposes set out above is lawful because one or more of the following applies:

(Lawful Uses)

Contact Data

As part of our Services, you have the option of uploading some or all of your device contacts (Contact(s)).
You may ask us to create bespoke links to marketing material or ask us to send other communications to these Contact(s).

For the avoidance of doubt, you, as user of our Services, are the data controller in relation to the Contact(s) and their personal data and we are the data processors.

When you sign up to our Services, you will be asked to agree to the terms of a data processing agreement with us and which provides further detail of this arrangement, which requires that you distribute your own privacy notice to your Contact(s), and which will include information about us and our processing of the Contact(s)' Personal Data.

You are not required to upload your Contact(s) to use our Services, so if you do not agree to the terms of our data processing agreement; please do not upload your Contact(s). Uploading your Contacts without a data processing agreement in place and without the Contacts having received a privacy notice from you will put you (or your employer, if doing this on behalf of your employer) in breach of [UK and] European data protection legislation, as well as the domestic laws of individual member states of the European Union and which could result in sanctions from the relevant data protection authority.

We ask you to enter into a data processing agreement with us because it is necessary for us (and you, as data controller) to meet our obligations under the GDPR.

Anti Spam Policy

Spam is unsolicited email also known as UCE (Unsolicited Commercial Email).

We have a 'no tolerance' spam policy. Our customer support actively monitors large import lists and emails going to a large number of contacts. Any customer found to be using our Services for the purposes of sending spam will be immediately cut-off from use of the Services. If you know of or suspect any violators, please notify us immediately at support@mysecureoffice.com

As you will see in our data processing agreement, any Contact(s) which you upload or communicate with when using our Services or ask us to do so on your behalf must have a pre-existing business relationship with you (or there must be another lawful ground which you can rely upon to contact them) and must have been clearly and fully notified by you in advance by means of the sending of a privacy notice to them about the collection and use of his or her contact details by you.

This is echoed in our strict permission-based philosophies:

Communication - By accepting our data processing agreement and other terms, you have agreed to use only permission-based lists and never to sell or rent your lists.

Unsubscribe - Every email generated from our Services contains an unsubscribe link which allows your Contact(s) to opt-out of future emails and automatically updates your database of Contacts in order to avoid the chance of sending unwanted emails to visitors who have unsubscribed.

Contact Information - All of your emails are pre-filled with your Contacts' information. You are required to make sure this information is up to date and accurate.

For more information, please contact Customer Support at support@mysecureoffice.com.

Security of Your Data

We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.

We take precautions to protect your information. When you submit Personal Data when using our Services or Site, this is protected both online and offline. Wherever we collect Personal Data, it is encrypted and transmitted to us in a secure way.

We work to protect the security and unauthorised use of your information and data during transit by using Secure Sockets Layer (SSL) software. This encrypts information between our servers and the applications which form part of our Services. We also ensure that our apps are talking only to our servers through SSL pinning. If we store your password, it is encrypted in our database and we use password tokenization during login validation and data exchanges with our servers.

Whilst we encrypt Personal Data transmitted online, we also protect your Personal Data offline. We always ensure only authorised persons have access to your information, which means only our employees and contractors, and that everyone who has access is appropriately trained to manage your information. Only employees and contractors who need access to the information to perform a specific and necessary function are granted access to Personal Data and we will do our best to ensure that that they act only in line with our Data Protection Policy and are under an appropriate duty of confidence. The computers/servers on which we store Personal Data are kept in a secure environment.

Please note, as no data transmissions over the internet can be guaranteed to be one hundred percent secure, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. However, we will take all steps necessary to ensure that your Personal Data is treated securely in accordance with this Privacy Policy.

Transfers to Third Parties

(i) Within the EU

Your information [will/may] be passed to the following third parties:

The transfer of your Personal Data is lawful because it is necessary for us to perform our obligations under the contract we have entered into with you for the Purpose(s), or because it is necessary for the purposes of a legitimate interest pursued by us, or by a third party, and we have reasonably determined that these legitimate interests are not overridden by your fundamental rights and freedoms which require protection of the personal data.

We may also transfer your Personal Data where we are under a duty to disclose or share it in order to comply with a legal obligation.

Your Personal Data may also be transferred to another company in the event of the transfer of our assets to a third party. In that event, we will endeavour, where possible, to notify you prior to the event and offer you the chance to cease use of the Services and remove your Personal Data from our database. In any event, we will endeavour to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected. If the transferee is based outside of the EU, the provisions of sub-paragraph (ii) below will also apply.

(ii) Outside the EU

We do send your Personal Data outside of the EU because our servers are based outside the EU, and our head office is outside the EU, in the United States. However, we meet our obligations under the applicable legislation by ensuring that any Personal Data we control has the same protection as if it were being held within the EU because we have self-certified ourselves under the EU-US Privacy Shield regime. For further details, please see our entry in the register for the Privacy Shield Framework here.

Where we transfer Personal Data outside the EU other than in the above circumstances, we will meet our obligations under the GDPR in relation to that transferee company:

Storage of Data

Your information will be always be stored in accordance with our Data Retention Policy and in any event, only for so long as is reasonably necessary in order to carry out the Purpose(s).

Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for [two] years. We may periodically ask you to renew your consent.

If you ask us to stop contacting you with marketing materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.

Cookies

Cookies are small text files that are placed on your computer by apps that you use or websites that you visit. They are widely used in order to make apps or websites work, or work more efficiently, as well as to provide information to us. The table below explains the cookies we use and why. We do not do this to track individual users or to identify them, but to gain useful knowledge about how users use the Services and Site, so that we can keep improving it for you.

The law states that we can store cookies on your machine if they are essential to the operation of the Services and Sites but that for all other purposes, we need your permission to do so.

Below is a table of non-essential cookies which we also store about your use of the Sites:

If you do not wish to receive cookies from us or on any other website, you can turn cookies off on your web browser: please follow your browser provider's instructions in order to do so. In a few cases, some of our Services and Sites' features may not function as a result. Most web browsers allow some control of cookies through its settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org, www.allaboutcookies.org or www.civicuk.com/cookie-control/browser-settings.

Your Rights Under EU Data Protection Laws

You have the right to request details of the processing activities that we carry out with your Personal Data through making a Subject Access Request. Such requests have to be made in writing. More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request, please contact us at [details][Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].

You also have the following rights:

All of these rights are subject to certain safeguards and exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact [Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner's Office. Further details about how to complain can be found here.

Children

Our services are not intended for anyone under sixteen and we do not knowingly collect personal information from anyone under sixteen.

Use of Aggregated/Anonymised Data

We may use information obtained about you from monitoring your use of the Services and Sites solely for internal purposes, including the performance and evaluation of the Services and Sites. Data collected by monitoring will be aggregated and anonymised.

We are entitled to do this because the resulting data will not personally identify you and will therefore no longer constitute personal data for the purposes of data protection laws.

We may also use the information we gather to notify you about important functionality changes and alterations to the Services and Sites, or offer of products, services or information that might be of particular interest to you (where you have consented to this).

The use of your information for these purposes is lawful because it is necessary for the purposes of legitimate interests pursued by us, our application and our website developers in order to keep the Services and Sites up to date and provide additional services to our users from time to time.

Mailing Lists

If you subscribe to our mailing lists for news releases and other information, we may also ask you to answer various general questions about yourself. You will be asked to specify the areas in which you are interested so that we can tailor the information which we send to you to cover the new products and special offers which we believe you might be interested in.

Newsletter

If you subscribe to our newsletter and at any time you wish to stop receiving this or any other information you may have requested from us or any other company, please email or write to support@mysecureoffice.com or click the Unsubscribe/Opt-out link at the bottom of any newsletter you may receive from us.

Amendments to this Privacy Policy

We may occasionally modify this Privacy Policy, such variations becoming effective thirty days after posting to the Sites and of which we shall send you notification of such variations based on your notification preference.

Translations Coming Soon

Privacy Policy

Owner: Sound Concepts, Inc of 782 S. Auto Mall Drive Suite A, American Fork, UT 84003, United States (we/us).

Services: We use a platform called Brightools, which is a sales automation tool designed to help you share your story with others. Namely, we supply program applications to help you build your business, assess and communicate with [prospective clients and [your customers], help manage leads and share digital content on social media and messaging platforms. (Services).

Sites: We also have three websites where you can sign up to our Services or find out more information about what we do: https://www.soundconcepts.com/, http://brightools.com/ and http://mybuildersystem.com. (Sites).

At Sound Concepts Inc., we take data privacy very seriously. The following information sets out the uses to which we will put the information that we have about you and the legal basis for doing so, as well as explaining to you the rights that you have over the way that we use your information. This policy should be read in conjunction with our Data Retention Policy and Data Protection Policy.

For the purposes of the General Data Protection Regulation (GDPR), and [any subsequent EU member state legislation covering data protection], we are the data controller for the contact details, billing details and other account information we collect from our users in the EU upon registration to our Services on one of the Sites namely the entity that collects and processes your data for various purposes, including asking one or more third parties to do so on our behalf, details of which are set out below (where applicable). However, you remain the data controller for all personal data of your device contacts (see the 'Contact Data' section below for more details).

As we are based outside the European Union (EU) and as required by the GDPR, we have appointed a representative who will deal with all data protection related queries on our behalf. Please address all queries relating to this policy and/or data protection more generally to [Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].

Your Personal Data

In order to use our Services, basic user information about you is collected upon registration, either by us or by a third party authorised to do so. The information we collect about you might include the following:

(Personal Data)

How we collect information

Personal Data will be collected when you sign up to our Services and in the course of your use of the Services and the Sites.

We may collect information from you whenever you contact us or have any involvement with us for example when you:

Where we collect information from

We collect information:

The Purposes for Which We Collect Your Data

The information that we collect about you will be used for the following purposes:

(Purposes)

We will never sell, licence or rent your Personal Data to anyone.

Legal Justification for Processing Your Data

The use of your Personal Data for these Purposes set out above is lawful because one or more of the following applies:

(Lawful Uses)

Contact Data

As part of our Services, you have the option of uploading some or all of your device contacts (Contact(s)).
You may ask us to create bespoke links to marketing material or ask us to send other communications to these Contact(s).

For the avoidance of doubt, you, as user of our Services, are the data controller in relation to the Contact(s) and their personal data and we are the data processors.

When you sign up to our Services, you will be asked to agree to the terms of a data processing agreement with us and which provides further detail of this arrangement, which requires that you distribute your own privacy notice to your Contact(s), and which will include information about us and our processing of the Contact(s)' Personal Data.

You are not required to upload your Contact(s) to use our Services, so if you do not agree to the terms of our data processing agreement; please do not upload your Contact(s). Uploading your Contacts without a data processing agreement in place and without the Contacts having received a privacy notice from you will put you (or your employer, if doing this on behalf of your employer) in breach of [UK and] European data protection legislation, as well as the domestic laws of individual member states of the European Union and which could result in sanctions from the relevant data protection authority.

We ask you to enter into a data processing agreement with us because it is necessary for us (and you, as data controller) to meet our obligations under the GDPR.

Anti Spam Policy

Spam is unsolicited email also known as UCE (Unsolicited Commercial Email).

We have a 'no tolerance' spam policy. Our customer support actively monitors large import lists and emails going to a large number of contacts. Any customer found to be using our Services for the purposes of sending spam will be immediately cut-off from use of the Services. If you know of or suspect any violators, please notify us immediately at support@mysecureoffice.com

As you will see in our data processing agreement, any Contact(s) which you upload or communicate with when using our Services or ask us to do so on your behalf must have a pre-existing business relationship with you (or there must be another lawful ground which you can rely upon to contact them) and must have been clearly and fully notified by you in advance by means of the sending of a privacy notice to them about the collection and use of his or her contact details by you.

This is echoed in our strict permission-based philosophies:

Communication - By accepting our data processing agreement and other terms, you have agreed to use only permission-based lists and never to sell or rent your lists.

Unsubscribe - Every email generated from our Services contains an unsubscribe link which allows your Contact(s) to opt-out of future emails and automatically updates your database of Contacts in order to avoid the chance of sending unwanted emails to visitors who have unsubscribed.

Contact Information - All of your emails are pre-filled with your Contacts' information. You are required to make sure this information is up to date and accurate.

For more information, please contact Customer Support at support@mysecureoffice.com.

Security of Your Data

We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.

We take precautions to protect your information. When you submit Personal Data when using our Services or Site, this is protected both online and offline. Wherever we collect Personal Data, it is encrypted and transmitted to us in a secure way.

We work to protect the security and unauthorised use of your information and data during transit by using Secure Sockets Layer (SSL) software. This encrypts information between our servers and the applications which form part of our Services. We also ensure that our apps are talking only to our servers through SSL pinning. If we store your password, it is encrypted in our database and we use password tokenization during login validation and data exchanges with our servers.

Whilst we encrypt Personal Data transmitted online, we also protect your Personal Data offline. We always ensure only authorised persons have access to your information, which means only our employees and contractors, and that everyone who has access is appropriately trained to manage your information. Only employees and contractors who need access to the information to perform a specific and necessary function are granted access to Personal Data and we will do our best to ensure that that they act only in line with our Data Protection Policy and are under an appropriate duty of confidence. The computers/servers on which we store Personal Data are kept in a secure environment.

Please note, as no data transmissions over the internet can be guaranteed to be one hundred percent secure, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. However, we will take all steps necessary to ensure that your Personal Data is treated securely in accordance with this Privacy Policy.

Transfers to Third Parties

(i) Within the EU

Your information [will/may] be passed to the following third parties:

The transfer of your Personal Data is lawful because it is necessary for us to perform our obligations under the contract we have entered into with you for the Purpose(s), or because it is necessary for the purposes of a legitimate interest pursued by us, or by a third party, and we have reasonably determined that these legitimate interests are not overridden by your fundamental rights and freedoms which require protection of the personal data.

We may also transfer your Personal Data where we are under a duty to disclose or share it in order to comply with a legal obligation.

Your Personal Data may also be transferred to another company in the event of the transfer of our assets to a third party. In that event, we will endeavour, where possible, to notify you prior to the event and offer you the chance to cease use of the Services and remove your Personal Data from our database. In any event, we will endeavour to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected. If the transferee is based outside of the EU, the provisions of sub-paragraph (ii) below will also apply.

(ii) Outside the EU

We do send your Personal Data outside of the EU because our servers are based outside the EU, and our head office is outside the EU, in the United States. However, we meet our obligations under the applicable legislation by ensuring that any Personal Data we control has the same protection as if it were being held within the EU because we have self-certified ourselves under the EU-US Privacy Shield regime. For further details, please see our entry in the register for the Privacy Shield Framework here.

Where we transfer Personal Data outside the EU other than in the above circumstances, we will meet our obligations under the GDPR in relation to that transferee company:

Storage of Data

Your information will be always be stored in accordance with our Data Retention Policy and in any event, only for so long as is reasonably necessary in order to carry out the Purpose(s).

Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for [two] years. We may periodically ask you to renew your consent.

If you ask us to stop contacting you with marketing materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.

Cookies

Cookies are small text files that are placed on your computer by apps that you use or websites that you visit. They are widely used in order to make apps or websites work, or work more efficiently, as well as to provide information to us. The table below explains the cookies we use and why. We do not do this to track individual users or to identify them, but to gain useful knowledge about how users use the Services and Site, so that we can keep improving it for you.

The law states that we can store cookies on your machine if they are essential to the operation of the Services and Sites but that for all other purposes, we need your permission to do so.

Below is a table of non-essential cookies which we also store about your use of the Sites:

If you do not wish to receive cookies from us or on any other website, you can turn cookies off on your web browser: please follow your browser provider's instructions in order to do so. In a few cases, some of our Services and Sites' features may not function as a result. Most web browsers allow some control of cookies through its settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org, www.allaboutcookies.org or www.civicuk.com/cookie-control/browser-settings.

Your Rights Under EU Data Protection Laws

You have the right to request details of the processing activities that we carry out with your Personal Data through making a Subject Access Request. Such requests have to be made in writing. More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request, please contact us at [details][Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].

You also have the following rights:

All of these rights are subject to certain safeguards and exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact [Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner's Office. Further details about how to complain can be found here.

Children

Our services are not intended for anyone under sixteen and we do not knowingly collect personal information from anyone under sixteen.

Use of Aggregated/Anonymised Data

We may use information obtained about you from monitoring your use of the Services and Sites solely for internal purposes, including the performance and evaluation of the Services and Sites. Data collected by monitoring will be aggregated and anonymised.

We are entitled to do this because the resulting data will not personally identify you and will therefore no longer constitute personal data for the purposes of data protection laws.

We may also use the information we gather to notify you about important functionality changes and alterations to the Services and Sites, or offer of products, services or information that might be of particular interest to you (where you have consented to this).

The use of your information for these purposes is lawful because it is necessary for the purposes of legitimate interests pursued by us, our application and our website developers in order to keep the Services and Sites up to date and provide additional services to our users from time to time.

Mailing Lists

If you subscribe to our mailing lists for news releases and other information, we may also ask you to answer various general questions about yourself. You will be asked to specify the areas in which you are interested so that we can tailor the information which we send to you to cover the new products and special offers which we believe you might be interested in.

Newsletter

If you subscribe to our newsletter and at any time you wish to stop receiving this or any other information you may have requested from us or any other company, please email or write to support@mysecureoffice.com or click the Unsubscribe/Opt-out link at the bottom of any newsletter you may receive from us.

Amendments to this Privacy Policy

We may occasionally modify this Privacy Policy, such variations becoming effective thirty days after posting to the Sites and of which we shall send you notification of such variations based on your notification preference.

Translations Coming Soon

Privacy Policy

Owner: Sound Concepts, Inc of 782 S. Auto Mall Drive Suite A, American Fork, UT 84003, United States (we/us).

Services: We use a platform called Brightools, which is a sales automation tool designed to help you share your story with others. Namely, we supply program applications to help you build your business, assess and communicate with [prospective clients and [your customers], help manage leads and share digital content on social media and messaging platforms. (Services).

Sites: We also have three websites where you can sign up to our Services or find out more information about what we do: https://www.soundconcepts.com/, http://brightools.com/ and http://mybuildersystem.com. (Sites).

At Sound Concepts Inc., we take data privacy very seriously. The following information sets out the uses to which we will put the information that we have about you and the legal basis for doing so, as well as explaining to you the rights that you have over the way that we use your information. This policy should be read in conjunction with our Data Retention Policy and Data Protection Policy.

For the purposes of the General Data Protection Regulation (GDPR), and [any subsequent EU member state legislation covering data protection], we are the data controller for the contact details, billing details and other account information we collect from our users in the EU upon registration to our Services on one of the Sites namely the entity that collects and processes your data for various purposes, including asking one or more third parties to do so on our behalf, details of which are set out below (where applicable). However, you remain the data controller for all personal data of your device contacts (see the 'Contact Data' section below for more details).

As we are based outside the European Union (EU) and as required by the GDPR, we have appointed a representative who will deal with all data protection related queries on our behalf. Please address all queries relating to this policy and/or data protection more generally to [Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].

Your Personal Data

In order to use our Services, basic user information about you is collected upon registration, either by us or by a third party authorised to do so. The information we collect about you might include the following:

(Personal Data)

How we collect information

Personal Data will be collected when you sign up to our Services and in the course of your use of the Services and the Sites.

We may collect information from you whenever you contact us or have any involvement with us for example when you:

Where we collect information from

We collect information:

The Purposes for Which We Collect Your Data

The information that we collect about you will be used for the following purposes:

(Purposes)

We will never sell, licence or rent your Personal Data to anyone.

Legal Justification for Processing Your Data

The use of your Personal Data for these Purposes set out above is lawful because one or more of the following applies:

(Lawful Uses)

Contact Data

As part of our Services, you have the option of uploading some or all of your device contacts (Contact(s)).
You may ask us to create bespoke links to marketing material or ask us to send other communications to these Contact(s).

For the avoidance of doubt, you, as user of our Services, are the data controller in relation to the Contact(s) and their personal data and we are the data processors.

When you sign up to our Services, you will be asked to agree to the terms of a data processing agreement with us and which provides further detail of this arrangement, which requires that you distribute your own privacy notice to your Contact(s), and which will include information about us and our processing of the Contact(s)' Personal Data.

You are not required to upload your Contact(s) to use our Services, so if you do not agree to the terms of our data processing agreement; please do not upload your Contact(s). Uploading your Contacts without a data processing agreement in place and without the Contacts having received a privacy notice from you will put you (or your employer, if doing this on behalf of your employer) in breach of [UK and] European data protection legislation, as well as the domestic laws of individual member states of the European Union and which could result in sanctions from the relevant data protection authority.

We ask you to enter into a data processing agreement with us because it is necessary for us (and you, as data controller) to meet our obligations under the GDPR.

Anti Spam Policy

Spam is unsolicited email also known as UCE (Unsolicited Commercial Email).

We have a 'no tolerance' spam policy. Our customer support actively monitors large import lists and emails going to a large number of contacts. Any customer found to be using our Services for the purposes of sending spam will be immediately cut-off from use of the Services. If you know of or suspect any violators, please notify us immediately at support@mysecureoffice.com

As you will see in our data processing agreement, any Contact(s) which you upload or communicate with when using our Services or ask us to do so on your behalf must have a pre-existing business relationship with you (or there must be another lawful ground which you can rely upon to contact them) and must have been clearly and fully notified by you in advance by means of the sending of a privacy notice to them about the collection and use of his or her contact details by you.

This is echoed in our strict permission-based philosophies:

Communication - By accepting our data processing agreement and other terms, you have agreed to use only permission-based lists and never to sell or rent your lists.

Unsubscribe - Every email generated from our Services contains an unsubscribe link which allows your Contact(s) to opt-out of future emails and automatically updates your database of Contacts in order to avoid the chance of sending unwanted emails to visitors who have unsubscribed.

Contact Information - All of your emails are pre-filled with your Contacts' information. You are required to make sure this information is up to date and accurate.

For more information, please contact Customer Support at support@mysecureoffice.com.

Security of Your Data

We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.

We take precautions to protect your information. When you submit Personal Data when using our Services or Site, this is protected both online and offline. Wherever we collect Personal Data, it is encrypted and transmitted to us in a secure way.

We work to protect the security and unauthorised use of your information and data during transit by using Secure Sockets Layer (SSL) software. This encrypts information between our servers and the applications which form part of our Services. We also ensure that our apps are talking only to our servers through SSL pinning. If we store your password, it is encrypted in our database and we use password tokenization during login validation and data exchanges with our servers.

Whilst we encrypt Personal Data transmitted online, we also protect your Personal Data offline. We always ensure only authorised persons have access to your information, which means only our employees and contractors, and that everyone who has access is appropriately trained to manage your information. Only employees and contractors who need access to the information to perform a specific and necessary function are granted access to Personal Data and we will do our best to ensure that that they act only in line with our Data Protection Policy and are under an appropriate duty of confidence. The computers/servers on which we store Personal Data are kept in a secure environment.

Please note, as no data transmissions over the internet can be guaranteed to be one hundred percent secure, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. However, we will take all steps necessary to ensure that your Personal Data is treated securely in accordance with this Privacy Policy.

Transfers to Third Parties

(i) Within the EU

Your information [will/may] be passed to the following third parties:

The transfer of your Personal Data is lawful because it is necessary for us to perform our obligations under the contract we have entered into with you for the Purpose(s), or because it is necessary for the purposes of a legitimate interest pursued by us, or by a third party, and we have reasonably determined that these legitimate interests are not overridden by your fundamental rights and freedoms which require protection of the personal data.

We may also transfer your Personal Data where we are under a duty to disclose or share it in order to comply with a legal obligation.

Your Personal Data may also be transferred to another company in the event of the transfer of our assets to a third party. In that event, we will endeavour, where possible, to notify you prior to the event and offer you the chance to cease use of the Services and remove your Personal Data from our database. In any event, we will endeavour to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected. If the transferee is based outside of the EU, the provisions of sub-paragraph (ii) below will also apply.

(ii) Outside the EU

We do send your Personal Data outside of the EU because our servers are based outside the EU, and our head office is outside the EU, in the United States. However, we meet our obligations under the applicable legislation by ensuring that any Personal Data we control has the same protection as if it were being held within the EU because we have self-certified ourselves under the EU-US Privacy Shield regime. For further details, please see our entry in the register for the Privacy Shield Framework here.

Where we transfer Personal Data outside the EU other than in the above circumstances, we will meet our obligations under the GDPR in relation to that transferee company:

Storage of Data

Your information will be always be stored in accordance with our Data Retention Policy and in any event, only for so long as is reasonably necessary in order to carry out the Purpose(s).

Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for [two] years. We may periodically ask you to renew your consent.

If you ask us to stop contacting you with marketing materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.

Cookies

Cookies are small text files that are placed on your computer by apps that you use or websites that you visit. They are widely used in order to make apps or websites work, or work more efficiently, as well as to provide information to us. The table below explains the cookies we use and why. We do not do this to track individual users or to identify them, but to gain useful knowledge about how users use the Services and Site, so that we can keep improving it for you.

The law states that we can store cookies on your machine if they are essential to the operation of the Services and Sites but that for all other purposes, we need your permission to do so.

Below is a table of non-essential cookies which we also store about your use of the Sites:

If you do not wish to receive cookies from us or on any other website, you can turn cookies off on your web browser: please follow your browser provider's instructions in order to do so. In a few cases, some of our Services and Sites' features may not function as a result. Most web browsers allow some control of cookies through its settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org, www.allaboutcookies.org or www.civicuk.com/cookie-control/browser-settings.

Your Rights Under EU Data Protection Laws

You have the right to request details of the processing activities that we carry out with your Personal Data through making a Subject Access Request. Such requests have to be made in writing. More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request, please contact us at [details][Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].

You also have the following rights:

All of these rights are subject to certain safeguards and exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact [Dayne Deader, Data Protection Officer/Systems Engineer, Sound Concepts, Inc., 782 South Auto Mall Dr. Suite A, American Fork, UT 84003 or by email at sysadmin@soundconcepts.com].
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner's Office. Further details about how to complain can be found here.

Children

Our services are not intended for anyone under sixteen and we do not knowingly collect personal information from anyone under sixteen.

Use of Aggregated/Anonymised Data

We may use information obtained about you from monitoring your use of the Services and Sites solely for internal purposes, including the performance and evaluation of the Services and Sites. Data collected by monitoring will be aggregated and anonymised.

We are entitled to do this because the resulting data will not personally identify you and will therefore no longer constitute personal data for the purposes of data protection laws.

We may also use the information we gather to notify you about important functionality changes and alterations to the Services and Sites, or offer of products, services or information that might be of particular interest to you (where you have consented to this).

The use of your information for these purposes is lawful because it is necessary for the purposes of legitimate interests pursued by us, our application and our website developers in order to keep the Services and Sites up to date and provide additional services to our users from time to time.

Mailing Lists

If you subscribe to our mailing lists for news releases and other information, we may also ask you to answer various general questions about yourself. You will be asked to specify the areas in which you are interested so that we can tailor the information which we send to you to cover the new products and special offers which we believe you might be interested in.

Newsletter

If you subscribe to our newsletter and at any time you wish to stop receiving this or any other information you may have requested from us or any other company, please email or write to support@mysecureoffice.com or click the Unsubscribe/Opt-out link at the bottom of any newsletter you may receive from us.

Amendments to this Privacy Policy

We may occasionally modify this Privacy Policy, such variations becoming effective thirty days after posting to the Sites and of which we shall send you notification of such variations based on your notification preference.