MobiChord Inc. Privacy Policy

MobiChord, Inc. is committed to protecting your privacy. We feel, it is important for you to know how we handle the information we receive from you in connection with our contractual relationship.

  1. Controller

Regarding the processing of your personal data as described in sec. 3 hereinafter, MobiChord, Inc serves as “controller” in the sense of Art. 4 No. 7 GDPR. Our contact details are

MobiChord, Inc
26 S Rio Grande St #2072
Salt Lake City, UT 84101
United States of America
Phone:             +1 (801) 895-4180
Email:               info@mobichord.com

Authorized representative person: Herbert Uhl

You can contact our data protection officer by sending an email to privacy@mobichord.com

Representative designated by MobiChord pursuant to Art. 27 GDPR:

MobiChord GmbH
Landwehr 105
D-46325 Borken
Germany

  1. Compliance with EU-US Privacy Shield Principles

MobiChord complies with the EU-US Privacy Shield and the Swiss-US Privacy Shield Principles as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from customers in the European Union member countries and Switzerland. MobiChord has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Privacy Principles, the latter principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

The Federal Trade Commission (FTC) has jurisdiction over MobiChord’s compliance with the Privacy Shield.

All MobiChord employees who handle Personal Data from the European Union and/or Switzerland comply with the Principles stated in this policy.

MobiChord will renew its EU-US Privacy Shield and Swiss-US Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.

Prior to the re-certification MobiChord will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of customer personal data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, MobiChord will undertake the following:

  •          Review its privacy policy to ensure that the practices regarding the collection of individual customer personal data are described accurately.
  •          Ensure that the privacy policy informs Individuals of MobiChord’s commitment towards compliance with EU-US Privacy Shield and Swiss-US Privacy Shield Principles.
  •         Confirm that customers are made aware of the process for addressing complaints and any independent dispute resolution process (MobiChord may do so through its publicly posted website, customer contract, or both).
  •          Review its processes and procedures for training its stuff about MobiChord’s participation in the EU-US Privacy Shield and Swiss-US Privacy Shield program and the appropriate handling of individual’s personal data.

MobiChord prepares an internal verification statement on self-assessment that is singed by authorized corporate officer on an annual basis.

MobiChord has designated its corporate security officer to oversee its information security program, including its compliance with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles. Any material changes to this program will be reviewed and approved as necessary.

MobiChord will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects.

From time to time we may employ other companies and/or third parties (“agents”) to perform tasks on our behalf and with whom we may need to share, and may need to internationally transfer, the personal data to provide our services; for example, ServiceNow, Inc., Amazon Web Services, Inc. and others. MobiChord is liable under the EU-US Privacy Shield and Swiss-US Privacy Shield Principles for its agents to process transferred Personal Information in a manner consistent with the Principles.

In compliance with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles, MobiChord commits to resolve complaints about your privacy and our collection or use of your personal information. EU and Swiss individuals with questions or concerns about the use of their Personal Data should first contact MobiChord at privacy@mobichord.com.

If a Customer’s present or former employee question or concern cannot be satisfied through this process in timely manner MobiChord has further committed to refer unresolved privacy complaints under EU-US Privacy Shield and Swiss-US Privacy Shield to an independent dispute resolution mechanism, such as EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC).

MobiChord commits to cooperate with DPAs and the FDPIC and to comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

  1. Type and extent of data processing

If you enter into a business relationship with us, we collect personal data from you as follows:

  •       Name
  •       Email address
  •       Postal Address
  •       Telephone number
  •       Mobile phone number

We use these data for the following purposes:

  •       Identifying you as our contractual partner;
  •       Exercising our contractual rights and fulfilling our respective obligations;
  •       Correspondence with you;
  •       Invoicing our fees;
  •       Asserting possible claims in connection with our business relationship;
  •       Providing information about our products and services.

This data processing is based on a contract with you and is required for the mutual fulfillment of obligations under this contract. We are therefore obliged to process such data pursuant to Art.6 (1) lit. b GDPR.

The personal data collected by us for the conduct of the business relationship will be stored for the duration of contract and deleted 24 months thereafter, unless we are obliged by law (especially tax and commercial law) to store the data for a longer period, Art. 6 (1) lit. c GDPR or you have consented to a longer storage, Art. 6 (1) lit. a GDPR.

Furthermore, we will use your contact details (name, address, email address, telephone number, mobile phone number) to provide you with information regarding any goods distributed by us and any services rendered by us or one of our subsidiaries. If required by the applicable law, we will ask for your consent before sending you such information. In this case we are entitled to use your data for this purpose according to Art. 6 (1) lit. a GDPR. If we are allowed to provide you with information without your prior consent, the basis is Art. 6 (1) lit. f GDPR due to our legitimate interest to promote our goods and services to our customers. We will delete this data if you revoke your consent or if the legal basis for providing you with information without your consent ceases to be fulfilled.

We will only process personal information in ways that are compatible with the purposes we collected it for, or for the purposes you later authorize.  Before we use your personal data for a materially different purpose, we will provide you with the opportunity to opt-out.

  1. Disclosure and onward transfer

As part of our contractual relationship it might be necessary to transfer and disclose personal data to the following categories of recipients who reasonably need to know such data for the purpose of the contract between us and you:

  •       Mobile network operators
  •       Accounts receivables
  •       Technology partners, in particular ServiceNow, Inc. and Amazon Web Services, Inc.
  1. Disclosures for national security or law enforcement.

      Under certain circumstances, we may be required to disclose your personal data in response to valid request by public authorities, including to meet national security or law enforcement requirements.    

  1. Obligation to provide data

There is no legal or contractual obligation for you to provide us with personal data. However, if you do not provide us with the data which is mandatory for the performance of our contractual services, this may result in us not being able to render our services.

  1. Your rights

In connection with the different types of processing, you have a number of rights described hereinafter. These rights can be exercised free of charge. However, where requests from a data subject are evidently unfounded or excessive, in particular because of their repetitive character, we may either

  •       charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
  •       refuse to act on the request.
  1. Withdrawal of consent

You have the right to withdraw your consent to processing your personal data for the future at any time. The withdrawal will not affect the lawfulness of processing based on consent before your withdrawal (Art. 7 (3) GDPR).

  1. Right of confirmation and right of access

You have the right to obtain from us the confirmation as to whether or not personal data concerning you is being processed, and, where this is the case, access to the personal data and additional information under the conditions of Art. 15 GDPR.

  1. Rectification and erasure

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed (Art. 16 GDPR). Further you have the right to obtain from the controller the erasure of personal data concerning you under the conditions of Art. 17 GDPR.

  1. Right to restriction of processing

You have the right to obtain from the controller restriction of processing under the conditions of Art. 18 GDPR.

  1. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Art. 6 (1) GDPR, including profiling based on those provisions. In this case, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

  1. Right to data portability

You have the right, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us under the conditions of Art. 20 GDPR.

This right, however, shall not adversely affect the rights and freedoms of others.

  1. Lodge of a complaint

If you believe that we are failing to properly comply with privacy obligations, you may lodge a complaint with a Supervisory Authority.

Version: July 2018