DATA PRIVACY TRANSPARENCY STATEMENT

PAIR NETWORKS, INC. D/B/A PAIR

Effective Date: May 25, 2018

Pair Networks, Inc. d/b/a pair Networks has prepared this data privacy transparency statement (this “Transparency Statement”) (collectively, “we”, “our” and/or “Pair”), to provide our customers, their employees, and any affected data subjects important information about the personal data we collect, receive, transfer, and process in the course of providing our services as a Web host and Website Distributor (our “Web Hosting Services”).

Pair complies with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield  Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  Pair has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  Accordingly, Pair is committed to apply the Privacy Shield Principles to all Personal Data received from the European Union and Switzerland in reliance on the Privacy Shield.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list. The Federal Trade Commission is the legal authority that has jurisdiction over Pair Networks’ compliance with the Privacy Shield. Pair Networks may have potential liability in cases of onward transfer to third parties. Please direct any Privacy Shield inquiries or complaints to abuse@pair.com.

In this Transparency Statement, you will find information about the types of personal data we collect regarding our customers as the owner of a registered Pair user account through which you may host and distribute content through Pair’s Web Hosting Services (an “Account Owner”), (collectively, “you”, “your”), how and why we process such personal data, with whom we may share such information, as well as how we protect your information.  We do not control our customers’, and their users’, Website Information (as defined below), and our responsibilities and liabilities with respect to such Website Information is strictly limited to our commitment to comply with our obligations as data processor in accordance with our customer’s instructions as data controllers with respect to such Website Information and our specific services as a website hosting services provider.   

In this Transparency Statement, we also describe the processes by which you may contact us in order to exercise your rights, in accordance with applicable law, to: (1) access, correct, restrict, or delete your personal data; (2) object to the processing of certain aspects of your personal data; and (3) ask any questions you may have about our privacy practices.  Please take note as well of those practices described in this Transparency Statement specifically stated to be necessary and/or integral, to the performance of our Web Hosting Services.  Where specifically noted below, exercising your rights as described herein may affect our ability to continue performing Web Hosting Services as requested

This Transparency Statement may be updated and/or otherwise revised periodically to reflect changes in our data processing practices and/or policies.  We will post notices of all such changes on our applicable websites and/or materials and the “Effective Date” noted above will indicate when this Transparency Statement was most recently revised.  Except as may be otherwise required under applicable law, revisions to this Transparency Statement will be effective on the Effective Date noted without any other notice or approval by you.  In certain jurisdiction, applicable law may require additional processes and procedures, in which case, revisions to this Transparency Statement will not be effective until we have met our obligations accordingly.

1. Data Controller; Data Processor

For purposes of the European Union General Data Protection Regulation (the “GDPR”), Pair Networks, Inc. d/b/a Pair is the data controller (the “Data Controller”) for the processing of all Personal Data, except for “Website Information”, as set forth herein.  With respect to personal data included in Website Information, our customer, the website operator, is the “data controller” and we process Website Information solely as the data processor on behalf of such website operator.

You may contact us as follows:

COO
Pair Networks, Inc.
2403 Sidney Street, Suite 210
Pittsburgh, Pennsylvania 15203
United States of America

Phone:412 381-7247
Email: privacycompliance@pair.com
Website: pair.com

2. Personal Data & Special Categories of Data

For the purpose of providing Web Hosting Services, we collect the types of personal information described below about you (as further detailed below, “Personal Data”).  

  1. Personal Information – We collect personal contact information about Account Owner and, where relevant, alternate contacts for Technical and Billing contacts (as described below), including without limitation name, organizational affiliation (for Professional Accounts), VAT id, mailing address, phone numbers, and email addresses.
  2. Payment and Billing Information – We process payment information through a third-party service provider called a secure payment processor.  Anytime you are asked to provide payment card information for payment to Pair, you are actually entering your payment card information directly to our payment processor’s systems.  We enter into written contracts with our payment processors pursuant to which they are obligated to process your payment card information securely in accordance with the Payment Card Industry Data Security Standard (“PCI-DSS”), an information security standard for organizations that handle branded credit cards from major credit card brands.    We do not collect, store or otherwise process your payment card information on our systems except for the limited, redacted information described below.  As of the Effective Date first noted above, our secure payment processor is Stripe.  You should review information about Stripe’s data handling policies and terms of service, available from their website (https://stripe.com/us/privacy).
  3. Account Information – We collect certain account information about our Account Owners and other users with whom we may interact, including without limitation: user name, password, domain, Web Hosting Services subscriptions under a given account, the email headers (including IP address) of messages that you choose to send to us, and history of correspondence between you and Pair. 
  4. Website Information – We are in the business of providing hosting services for our customers’ websites (“Customer Websites”).  Our customers are the website operators and data controllers with respect to the respective Customer Websites they choose to host with us, and with respect to such Customer Websites and the data our customers and their website users transmit, collect, store, and otherwise process through such Customer Websites, including without limitation any personal data (“Website Information”), we act solely as data processors for our website operator/customers, processing such Website Information solely as necessary to provide hosting services for Customer Websites.  We do not access or process Website Information for our own purposes, other than to provide such hosting services, and we do not control, nor are we responsible or liable for, any act or omission by our customers for Website Information processed through Customer Websites.  Users should refer specifically to data privacy statements and terms of use for Customer Websites for information about how the respective website operators of such Customer Websites process Website Information, including personal data, and comply with applicable law.  
  5. Special Categories of Data – We do not collect or otherwise process any special categories of data as defined under the GDPR in a personally identifiable way.  If any special categories of data are collected or processed by our customers through Customer Websites, we do not control, nor are we responsible or liable for, any act or omission by our customers for any special category of data processed through Customer Websites.  Users of Customer Websites should refer specifically to data privacy statements and terms of use for Customer Websites for information about how the respective website operators of such Customer Websites process any special categories of data, and comply with applicable law.  

3. How We Obtain Personal Data – We collect Personal Data from data subjects or from Account Owners through Pair websites, and other information you provide directly to us, including by email or in conversation with our staff.  

4. Personal Data Processing and Data Retention – We use Personal Data that we collect hereunder as necessary to provide Web Hosting Services.  Subject always to your rights as set forth in Section 9 below:

a. Pair Owner Accounts –  In order for you to use Web Hosting Services, we require you to register an Owner Account through Pair websites.  During the signup process, you will be prompted to set up a user name and password for account login purposes and personal contact information as follows: Name, Organization (for Professional Accounts), Physical Address, Phone Number and Email Address (“Account Information”).  Your login information is necessary to protect your vital interests as it enables you to secure your own Owner Account and establish your identity with Pair for purposes of transactions in the course of using our Web Hosting Services.  Your Account Information is necessary for the performance of Web Hosting Services as we use Account Information to contact you regarding your Owner Account, contact you regarding  Web HostingServices, issue notices and alerts about the status of the Web Hosting Services, billing, invoices, collections, etc.

b. Accounting and Billing – As noted above, your payment card information is actually collected, stored and processed primarily by our secure payment processor, subject to the terms and conditions of service, privacy policy and data security policies.  Pair can access only expiration date, and the first and last 4 digits of your payment card account number. Generally, we may use Personal Data for our own administrative, accounting, and business needs including billing, invoicing, internal accounting and record-keeping requirements as well as other related administrative and business purposes.  Certain processing is undertaken as necessary to complete a contract for services (collecting payments, making payments for authorized transactions, payment for services rendered, etc.). In other instances, our processing of Personal Data as described in this paragraph is required for us to fulfill legal obligations to which we are subject (e.g., record keeping mandated by applicable law).

c. Service Notices – We send service-related notices, alerts and other messages to the email address(es) indicated in your Owner Account regarding account registration, account set up, billing and other service related communications.  We use your Personal Data to send you such service-related messages as a necessary, and integral, part of our Web Hosting Services.

d. Support and Customer Service – When you contact us for technical support or customer service, we will process Personal Data that you provide at such time to associate you with the Web Hosting Services that is the subject of your request and the Owner Account that is associated with such Web Hosting Service.   Such Personal Data includes email address, name, account numbers, and email headers (including IP address).  You may contact us and provide Personal Data for such technical support and/or customer service by email, phone call, self-serve online support portals through websites operated by, or on behalf of, Pair.  We use such Personal Data as necessary to respond to your request and/or provide the requested technical support and/or customer service, including without limitation communicating with you, internal communications, maintaining a history of correspondence, service tickets, outcomes, outstanding issues, etc.  Our processing of Personal Data as described in this Section is also in furtherance of legitimate interests, including without limitation management reporting, quality assurance, reviewing historical support issues and requests for support or customer service, and to verify identity.  We will process Personal Data in furtherance of this legitimate interest only when that is not overridden by your data protection rights under applicable law.

e. Helpdesk  We use a proprietary ticketing system developed in-house to manage customer requests and customer service communications and send customer support and customer service messages to the email address(es) indicated in your Owner Account.

f. System Security and Data Privacy Protection – We monitor information on user activity within our system in order to protect the security of our systems and the privacy of our customers, for example, as an investigatory tool in case of a dispute or an unauthorized hack.  Such information includes information reported by your browser, Account Information when you login, IP addresses, User Agent, account activity and usage levels to better assist with service delivery and/or security.  We process this data because it is necessary to protect the vital interests of our customers, audience, users and other visitors to our website.  Additionally, we process this information to protect our legitimate interests of process improvement, system security and protecting our customers, audience, users and other visitors to our website in a manner that, given the limited nature of the data processed as described above, is not overridden by the interests or fundamental rights and freedoms of the data subjects.

g. Compliance with Legal Obligations – In addition to processing Personal Data for the purposes of providing Web Hosting Services, we process Personal Data collected hereunder and Website Information to comply with our own legal and regulatory obligations. For example, we may process personal information to comply with: applicable international sanctions, “know your customer”, anti-money laundering regulations, anti-bribery compliance requirements, record keeping requirements, required public filings, reporting requirements, court order, law enforcement order, and other legal and/or regulatory requirements.  

h. Legitimate Interests – We may also use Personal Data collected hereunder in circumstances other than as expressly described above in connection with the services we provide; provided, however that any such additional processing may only occur when there is a legitimate interest to do so that is not overridden by your data protection rights as required by applicable law.  The types of processing/uses contemplated hereunder may include, without limitation, for our own administrative and business needs (tracking time, billing, invoicing, collection), audits and self-assessments for compliance with applicable laws, regulations, court order, law enforcement order, and applicable workplace policies, and for information technology purposes including without limitation trouble shooting, business continuity, disaster recover, data backup and recovery. 

i. Data Retention – We generally retain Personal Data for the periods specified applicable law, regulation, and/or court order, and in our document retention/filing polices, currently set at seven years.  We may also retain Personal Data for longer periods where th