Introduction
Theorem Inc. (“Theorem” or the “Company”) is a Delaware corporation. The Company has its principal place of business located at 26 Main Street, #302, Chatham, New Jersey 07928, USA. This statement (“EEA/Swiss Privacy Statement”) sets forth the privacy standards that Theorem utilizes to collect, retain, and use personal information obtained from individuals located within the European Union (“EU”), the European Economic Area (“EEA”) and Switzerland. It is Theorem’s policy to respect, and protect, personally identifiable information from individuals in the EU/EEA and Switzerland as set forth in this EEA/Swiss Privacy Statement.
What Is the Scope of this Statement?
This EEA/Swiss Privacy Statement sets forth the principles under which Theorem collects, uses, processes, retains, and discloses Personal Data and/or Sensitive Data in the US from individuals located within the EU/EEA or Switzerland. Theorem has general privacy policies which apply to information which is not received from individuals within the EU/EEA or Switzerland. Theorem’s general privacy policy can be viewed at https://theorem.digital/generic-privacy-policy. This statement covers information received in electronic or other formats.
Definitions
“Data” means Personal Data (as defined below) and Sensitive Data (as defined below) collectively which is received from, or about, persons located within the EU/EEA or Switzerland.
“Personal Data” means information received from, or about, persons located in the EU/EEA or Switzerland that relates to an identified or identifiable individual, including information that can be linked to an identified or identifiable individual. Personal Data may also include “Sensitive Data.” Personal Data can include information supplied to us by you, or which is received from other sources.
“Sensitive Data” is a subset of Personal Data that is information from, or about, persons located in the EU/EEA or Switzerland relating to medical or health status; racial or ethnic background; political opinions, religious or philosophical beliefs, trade union membership, information relating to sex life or sexual orientation, and information relating to actual or alleged criminal history. Sensitive Data also includes any information that you (or the person/entity from which the information was obtained) advise(s) us that the Data is sensitive and the Data is treated as sensitive.
“Transfer” or “Transferred” includes communicating, disclosing, or accessing by electronic or other means, whether at the premises where the information is physically located, by remote access, or otherwise.
“we,” “our,” “us,” or the “Theorem Entities” means Theorem, Theorem India Pvt. Limited, and Theorem EMEA Pvt. Ltd.
Privacy Principles
Notice: If you are asked to submit Data to us, we will advise you of the types of Data we may collect about you, the purposes for which we collect and use your Data, and the types of third-parties to which we may disclose your Data. Notice will be provided in clear and conspicuous language at the time of collection, or as soon thereafter as is practicable before disclosing it to a third-party. We will also advise you of any new uses for which we may collect and use your Data as soon thereafter as is practicable. Depending upon the type of Data which you are asked to submit, we may advise you in different ways, including electronically if you are asked to submit information via e-mail or through a website or portal of ours. We will also advise you how to contact us with any inquires or complaints about the collection, use, or handling of your Data.
Consistent with these principles, we may not be in a position to be able to provide you with notice prior to disclosing your Data under certain limited circumstances such as, if we have to respond to a subpoena or other legal process, if disclosure is allowed under law, or if we need to disclose such information for other legitimate purposes which might include preventing fraud, protecting the Data, and/or guarding against or defending any potential liability.
Choice: With respect to Personal Data we gather from you, we will offer you the opportunity to decide whether your Personal Data should be disclosed to a third-party, or if your Personal Data is to be used for a purpose incompatible with the purpose for which it was originally collected. With respect to Personal Data, we will provide at least “opt-out” notice. “Opt-out” means that when you are advised of the types of Personal Data, proposed use, and types of parties to whom it may be disclosed, if you do not affirmatively take some action indicating that you do not wish us to collect, use, or disclose your Personal Data, we will deem your inaction an implicit consent to collect, use, and/or disclose your Personal Data.
In the event that the Data is, or includes, Sensitive Data, you will be given the ability to explicitly choose whether the Sensitive Data may be disclosed to a third-party, or if the Sensitive Data is to be used for a purpose incompatible with the purpose for which it was originally collected by explicit opt-in choice. “Opt-in” choice means that when you are advised of the types of Sensitive Data, proposed use, and types of parties to which it may be disclosed, if you do not affirmatively take some action indicating that you specifically consent to allow us to collect, use, or disclose your Sensitive Data, then you will not have consented to the collection, use, or disclosure of your Sensitive Data for a purpose other than those for which it was first collected or subsequently authorized by you. The opt-in notice for Sensitive Data may be limited to the extent allowed under applicable law.
We will advise you with clear conspicuous, readily available, and affordable mechanisms to exercise your choice.
Onward Transfer: We will only Transfer your Data to third-parties apart from the Theorem Entities if the third-parties: (a) have provided satisfactory assurances that they will adhere to privacy practices providing at least the same level of privacy protection as set forth in this statement; (b) are subject to EU/EEA or Swiss data privacy laws or the data protection laws of another country which EU/EEA or Swiss data protection authorities, as the case may be, have deemed provide “adequate” data privacy protections; (c) have agreed to model contractual clauses deemed “adequate”; or, (d) have certified under the applicable Privacy Shield Framework. If we have knowledge that a party to which we transfer information is using or sharing the Data in a way contrary to the principles set forth in this statement, we will take reasonable steps to attempt to stop or prevent the processing. If we fail to comply with these terms, we may be subject to liability.
Security: We take reasonable precautions to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. To the extent that we have any Sensitive Data, we will take greater care to protect the Sensitive Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Data Integrity: The Data we collect will be necessary for, and related to, the purposes for which it has been collected. We will not process Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual concerned. We will take reasonable steps to ensure that the Data is reliable, accurate, complete, and current for its intended use
Access: We will provide you with reasonable access to your Data so that you may review what information we may have about you. You may request corrections, deletions, or additions as may be reasonably appropriate, except where the burden or expense of providing access would be disproportionate to the risks to your privacy, or where the rights of other persons would be violated. There may be other times when we may limit, or prevent, your access to your Data as permitted by applicable law.
Enforcement: We encourage any person who has questions or complaints about our privacy practices under this statement to contact us at the contact information set forth below. We will seek to investigate any claims, address any concerns, and resolve any disputes made concerning the handling of Data in connection with the Principles of this EEA/Swiss Privacy Statement. We will take steps to remedy any breaches of the Principles of this EEA/Swiss Privacy Statement.
Dispute Resolution: Individuals in the EU/EEA or Switzerland with inquiries or complaints regarding this EEA/Swiss Privacy Statement should first contact Theorem at
Theorem Inc.
26 Main Street, #302
Chatham, New Jersey 07928, USA
Attn: Privacy Officer
e-mail: GDPRPrivacyManager@theoreminc.net
Limitation on Scope of Principles: Our adherence to these principles may be limited to the extent required to meet legal, governmental, national security, or public interest obligations.
Contact Information
Questions or comments about this statement, or any requests for access, or complaints, whether or not applying to Theorem, should be submitted to the following address:
Theorem Inc.
26 Main Street, #302
Chatham, New Jersey 07928, USA
Attn: Privacy Officer
e-mail: GDPRPrivacyManager@theoreminc.net