Data Protection Policy

83Bar Inc

Definitions

Organization	means 83Bar Inc., a Delaware corporation having its principal office at PMB 1022 10900 Research Blvd Ste 160C, Austin TX 78759.
DPA	means the Data Protection Act 2018 which implements the EU’s General Data Protection Regulation.
APP	means the principles contained in the Privacy Act 1988 (Cth) (the Privacy Act). A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/
CCPA	means the California Consumer Privacy Act of 2018.
Personal Information	means information or an opinion that identifies an individual, information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, and or any information which are related to an identified or identifiable natural person. Examples of personal information we collect includes demographic information such as names, addresses, email addresses, phone numbers, health information, and health insurance information.
GDPR	means the General Data Protection Regulation, a European Union law that went into effect on May 25th, 2018.
Sensitive Information (applicable to APP)	means or includes information or opinions about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Responsible Person	means Data Protection Officer Jerry Furness.
Register of Systems	means a register of all systems or contexts in which personal data is processed by the Organization.

Privacy Policy for Uniquity One (“UniquityOne”) using the Organization’s software solutions as a service (“SaaS)

The Organization is a leading provider of clinical research and scheduling software solutions. We assist companies to run more effectively and efficiently by using our SaaS to improve clinical trial participation and scheduling management.

We respect and are committed to protecting your privacy. This privacy statement explains the Personal Information we collect, how we process it, and for what purposes when The Organization’s clients (“UniquityOne”) use our hosted software solutions. This privacy notice is governed by the company sponsoring a clinical study and identified on the study site. Personal Information is collected on behalf of the Sponsor.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. By using this Website, you accept the terms of this privacy policy and the data use practices described. By calling the Organization, our Client or any participating party in the Clinical Study and/or its representatives directly, you accept the terms of this Privacy Policy and acknowledge that you will receive future communications via phone, text, email.

A Personal Information We Collect

In the normal course of using the Organization’s SaaS solution, our Clients will collect your Personal Information. Personal Information is information, or a combination of pieces of information, that can be used to identify you. Your health and Personal Information is collected, maintained, stored, and protected in accordance with all applicable data privacy laws. The primary purpose of collecting your personal information is on behalf of our Clients to provide information to their Sponsors. We collect the following types of information:

• Demographic information: You may provide us with demographic information such as your name, gender, and age.
• Contact Information: You may provide us with contact information such as email address, phone number, and postal address.
• Information about your health: You may provide us with information relating to your medical condition and diagnosis. This includes answers to questions about your symptoms, prescription information, treatment history, family health history, diagnosis, and other relevant information pertaining to your health.
• Health insurance information: You may provide us with information about your health insurance coverage.
• Tracking: Our servers collect information from you, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.

B How We Obtain Personal Information

The Organization only obtains and uses Personal Information that our Clients actually need in order to perform and improve our services. We obtain your Personal Information in a number of ways, specifically when you:

• Provide it through completing an online form, questionnaire, quiz or survey on our site.
• Provide it while communicating with call center representatives via telephone, email, text, or web chat.
• Visit our website. We automatically log some basic information like how you got to the site, where you navigated within it, and what features and settings you use. We use this information to improve our websites and services.

C How We Use Your Personal Information

How the Organization’s Client uses Personal Information will be subject to study participation requirements. In general, the Organization may use your Personal Information for the following:

• To determine initial qualification or disqualification for a clinical trial and if you are eligible to move forward to the next step in the enrollment process.
• Verifying your identity to ensure all communications are secure and confidential
• Responding to your inquiries or requests.
• Delivering educational or marketing information, products and services to you, including that which may be relevant or helpful based on your answers and feedback through surveys and questionnaires (you will always have the ability to “opt out” of any such communications or programs).
• Internal business purposes or analytics, including to analyze a specific patient population or evaluate patient programming (whether internally or to serve our customers).
• To help us improve our services by understanding site usage.

D Sharing Personal Information with Third Parties

Under no circumstances shall the Organization, Client, or Sponsor sell Personal Information to third parties for marketing or sales purposes.

Please note that the Organization, Clients, or Sponsor may engage other parties to carry out the activities described above, and in those cases ensure those third parties maintain appropriate data privacy and security safeguards to protect personal and health information.

E Third Party Websites

Our website may contain links to other websites, however, this Privacy Policy only addresses the Organization’s use of your information collected through our website. If you choose to link to an external website from our website, you will leave our website. We are not responsible for the privacy practices of any third parties or the content of linked websites. We encourage you to read the applicable privacy policies and terms and conditions of such parties or websites.

F Security Measures for Personal Information

The security of your Personal Information is important to us. The Organization follows generally-accepted standards to protect your personal information. When we transmit data over the internet, we protect it through the use of encryption. The Organization complies with applicable data protection laws, including applicable security breach notification laws.

G Use of Cookies

The Organization, Clients, or Sponsor may use third-party analytics services like Google Analytics provided by Google Inc. (“Google”), Facebook pixel service provided by Facebook, Inc. (“Facebook”), or other similar products that may use Cookies. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser which enables the site or our service provider’s systems to recognize your browser and capture and remember certain information. Cookies may be deleted from your computer or device at any time by utilizing the appropriate web browser settings.

The Organization, Clients, or Sponsor may use cookies to:

• Develop and show more relevant content you may be interested in, such as our products, services, and causes.
• Serve relevant ads on platforms such as Google or Facebook.
• Limit the number of times that you see an ad so you don’t see the same ad over and over again.
• Measure the performance of ad campaigns across different browsers and devices used by the same person.
• Gain insights about the people who visit our website and/or view our digital materials.

By visiting our website, you acknowledge that you accept and consent to our privacy practices as well as those of Google Analytics, Facebook pixel or other products referenced in this policy.

Children’s Information

We do not knowingly collect Personal Information online from children under the age of 13. If we learn we have collected or received Personal Information from a child under 13, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacy@go83bar.com.

HIPAA

This section applies exclusively to visitors and users of the Site who are residents of the

United States of America.

1. To the extent your information is subject to HIPAA privacy and security standards, disclosures of your information may also be made for HIPAA permitted purposes including the core health care functions of treatment, payment for care, and health care operations. HIPAA also permits information use and disclosure without the individual’s authorization for certain public policy and benefit purposes, such as in cases of emergencies, court orders/subpoenas, law enforcement purposes, or clinical research, with specific conditions and limitations applicable to such uses and disclosures.

CCPA-Your California Privacy Rights

This section applies exclusively to visitors and users of the Site who are residents of the state of California (as defined in Cal. Civil Code § 1798.140(g)) ("Consumers"). As used in this section, the terms "you" and "your" shall only refer to a Consumer. For purposes of this section, "personal information" has the meaning set forth in Cal. Civil Code § 1798.140(o).

If you are a Consumer, the California Consumer Privacy Act ("CCPA") provides you with certain rights regarding your personal information. This section supplements the information contained elsewhere in this Policy with respect to Consumers and notifies Consumers of certain rights they have under the CCPA.

• Right to Notice: You have the right to receive notice about the categories of Personal Information we have collected about you within the last 12 months, the sources from which that information was collected, the third parties we share information with and whether we have sold your personal information.
• Right to Access: You have the right to receive a copy of your personal information.
• Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
• Right to non-discrimination: You have the right to not be discriminated against for exercising any of the above-listed rights.
• Right to Opt-Out: You have the right to direct us to not sell your personal information at any time. Consumers who opt-in to personal information sales may opt-out of future sales at any time.

To exercise the access, notice, deletion, and opt-out rights described above, please submit a verifiable consumer request by either:

Emailing us at privacy@go83bar.com

Calling us at 1-833-599-1284

To exercise the Right to Opt-Out (make a "Request to Opt-Out"), you (or your authorized representative) may submit a request to us by visiting the following Internet Web page link:

https://privacy.83bar.com/optout

DPA-Data Protection Act principles

This section applies exclusively to visitors and users of the Site who are citizens of the European Union and the United Kingdom.

The Organization is committed to processing data in accordance with its responsibilities under the DPA.

1. DPA requires that personal data shall be:

   1. processed lawfully, fairly and in a transparent manner in relation to individuals;
   2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
   3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
   4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
   5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the DPA in order to safeguard the rights and freedoms of individuals; and
   6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

2. DPA-General provisions

   1. This policy applies to all personal data processed by the Organization.
   2. The Responsible Person shall take responsibility for the Organization’s ongoing compliance with this policy.
   3. This policy shall be reviewed at least annually.
   4. The Organization shall register with the Information Commissioner’s Office as an organization that processes personal data.

3. DPA-Lawful, fair and transparent processing

   1. To ensure its processing of data is lawful, fair and transparent, the Organization shall maintain a Register of Systems.
   2. The Register of Systems shall be reviewed at least annually.
   3. Individuals have the right to access their personal data and any such requests made to the Organization shall be dealt with in a timely manner.

4. DPA-Lawful purposes

   1. All data processed by the Organization must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
   2. The Organization shall note the appropriate lawful basis in the Register of Systems.
   3. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
   4. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Organization’s systems.

5. DPA-Data minimisation

   1. The Organization shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
   2. Section C of this document outlines how the Organization uses Personal Information.

6. DPA-Accuracy

   1. The Organization shall take reasonable steps to ensure personal data is accurate.
   2. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
   3. If you find your information is not up to date, or is inaccurate, please advise us as soon as is practicable so we can update our records. The Responsible Person can be contacted by emailing us at privacy@go83bar.com or by calling us at 1-833-599-1284.

7. DPA-Archiving / removal

   1. To ensure that personal data is kept for no longer than necessary, the Organization shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
   2. The archiving policy shall consider what data should/must be retained, for how long, and why.

8. DPA-Security

   1. The Organization shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
   2. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorized sharing of information.
   3. When personal data is deleted this should be done safely such that the data is irrecoverable.
   4. Appropriate back-up and disaster recovery solutions shall be in place.

9. DPA-Breach

   In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, the Organization shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).

10. DPA-Data Transfer Outside of the European Economic Area (EEA)

    Personal Information is housed in a data center that is GDPR compliant, and Personal Information will not be transferred outside of the EEA, without the express written consent or at the behest of the data controller.

11. DPA-Rights

    If you are in the European Economic Area (EEA), you have the following rights afforded to you with respect to Personal Information held by the Organization:

    1. Right to Access-Upon written request, and with assistance from the Organization after confirming the identity of the individual, an individual may be informed of the existence, use, and disclosure of their Personal Information and shall be given access to their Personal Information. Individuals are also entitled to be informed of the source of the Personal Information, and provided with an account of third parties to which their Personal Information has been disclosed.
    2. Right to Rectification-Individuals have the right to update the information the Organization holds about them, or to rectify any inaccuracies.
    3. Right to Erasure-Individuals have the right to request the deletion of Personal Information in certain circumstances, such as when it is no longer necessary for the purposes for which the Personal Information was originally collected.
    4. Right to Restriction of Processing-Individuals have the right to request the restriction of processing or use of Personal Information. The Organization can verify if it has overriding legitimate grounds for use.
    5. Right to Data Portability-Individuals have the right to transfer their Personal Information to a third party in a structured, commonly used and machine readable format, only when the information is processed with express written consent.
    6. Right to Object/Opt out-Individuals have the right to object or opt out of the use of Personal Information at any time.
    7. Right to Complain-Individuals have the right to complain to the appropriate supervisory authority if there is any grievance against the way we collect, use, or disclose Personal Information. This right may not be available to an individual if there is no supervisory authority responsible for data protection in your country.

12. DPA-Contact Information

    The Organization has appointed a Responsible Person for the purposes of data protection in accordance with this Policy. All questions or concerns about our privacy practices with respect to Personal Information, or wish to exercise any of the above rights, you can reach out to the Responsible Person by emailing us at privacy@go83bar.com or by calling us at 1-833-599-1284.

APP-Data protection principles

This section applies exclusively to visitors and users of the Site who are citizens of Australia.

The Organization is committed to providing quality services and this policy outlines our ongoing obligations to Australian citizens with respect to how we manage your Personal Information.

The Organization has adopted the Australian Privacy Principles contained in the Privacy Act 1988 (Cth)(the Privacy Act). A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/.

1. APP-Personal Information

   1. Personal information is defined under the definitions section of this document.
   2. Section A describes why we collect Personal Information.
   3. Section B describes how we collect Personal Information.
   4. When the Organization collects personal information, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
   5. You may unsubscribe from our services at any time by contacting us in writing.

2. APP-Sensitive Information

   1. Sensitive information is defined under the definitions section of this document.
   2. Sensitive information will be used by the Organization only:
   1. For the primary purpose for which it was obtained
   2. For any secondary purpose that is directly related to the primary purpose
   3. With your consent, or where required or authorized by law

3. APP-Third Parties

   Where reasonable and practicable to do so, we will collect your Personal Information only from you with your consent. In some cases, we may be provided with information by third parties. In such a case we will take reasonable steps to ensure you are made aware of the information provided to us by the third party. Sections D and E of this document contains more information about Third Parties.

4. APP-Disclosure of Personal Information

   Personal Information may be disclosed in a number of circumstances including the following:

   1. When you have given the Organization consent to use or disclose your information
   2. Where required or authorized by law

5. APP-Security of Personal Information

   Personal Information is stored in a manner that reasonably protects it from misuse and loss from unauthorized access, modification, or disclosure. When your Personal Information is no longer required for the purposes for which it was collected, we will take reasonable steps to destroy or permanently de-identify your Personal Information. Personal Information will be stored on behalf of Clients in Client files which will be kept by us for a minimum period of time needed by Client or Sponsor to provide you services and support. The Organization shall ensure that personal data is stored securely using modern software that is kept-up-to-date.

   1. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorized sharing of information.
   2. When personal data is deleted this should be done safely such that the data is irrecoverable.
   3. Aggregated or de-identified Personal Information will have no reliable way to identify you from the information.
   4. Organization may retain a copy of your Personal Information to comply with Client or Sponsor legal obligations, resolve disputes, enforce our agreement and to comply with trust and safety obligations.
   5. Appropriate back-up and disaster recovery solutions shall be in place.

6. APP-Access to your Personal Information

   Upon written request, and with assistance from the Organization after confirming the identity of the individual, an individual may be informed of the existence, use, and disclosure of their Personal Information and shall be given access to their Personal Information. Individuals are also entitled to be informed of the source of the Personal Information, and provided with an account of third parties to which their Personal Information has been disclosed.

7. APP-Maintaining Quality/Integrity of your Personal Information

   The Organization will take reasonable steps to ensure your Personal Information is accurate, complete, and up to date. If you find your information is not up to date, or is inaccurate, please advise us as soon as is practicable so we can update our records.

   1. The Organization shall take reasonable steps to ensure personal data is accurate.
   2. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
   3. Personal Information will be accurate, complete, and as up to date as is necessary for the purposes for which it was collected.
   4. Personal Information will be retained as long as reasonably necessary to enable participation in the Organizations services and in order to maintain records as may be required by law or by governing organizations
   5. The Organization’s employees will be made aware of the importance of maintaining the confidentiality of Personal Information and are required to comply with the Organizations Confidentiality Policy
   6. Personal Information will be protected against loss or theft, unauthorized access, disclosure, copying, use, or modification by security safeguards appropriate to the sensitivity of the Personal Information

8. APP-Policy Updates

   This Policy may change from time to time and is available on our website.

9. APP-Privacy Policy Complaints and Inquiries

   If you have any questions or complaints about our Privacy Policy, please contact us by:

   Emailing us at privacy@go83bar.com

   Calling us at 1-833-599-1284

PIPEDA-Data protection principles

This section applies exclusively to visitors and users of the Site who are citizens of Canada.

The Organization is committed to processing data in accordance with its responsibilities under the Personal Information Protection and Electronic Documents Act (PIPEDA). This section of the Policy is based upon the standards required by PIPEDA.

1. PIPEDA-Purpose

   The Organization recognizes an individual’s right to privacy with respect to their Personal Information. This policy describes the way that the Organization collects, uses, safeguards, discloses, and disposes of Personal Information.

2. PIPEDA-Application of this Policy

   This Policy applies to individuals in connection with Personal Information as defined in the definitions section of this document that is collected, used, or disclosed during Organizational activity. Except as provided in PIPEDA, the Organization’s Responsible Party will have the authority to interpret any provision of this Policy that is contradictory, ambiguous, or unclear.

3. PIPEDA-Obligations

   The Organization is obligated to follow and abide by PIPEDA in all matters relating to the collection, use, and disclosure of Personal Information. In accordance with the legal obligations required by PIPEDA, the Organizations employees shall not:

   1. Publish, communicate, divulge, disclose, or distribute to any unauthorized person, corporation, or third party, any Personal Information without the express written consent of the Individual
   2. Willingly place itself in a position whereby they are under any obligation to any organization to disclose Personal Information outside of the primary purpose of collection
   3. In the performance of their official duties, disclose any Personal Information to any colleagues, friends, family members, or organizations in which any family members, friends, or colleagues have an interest in the use of Personal Information
   4. Derive personal benefit from Personal Information being acquired during the course of fulfilling their duties with the Organization
   5. Accept any gift or favor that could be construed as being given in anticipation of, or in recognition for the disclosure of Personal Information

4. PIPEDA-Accountability

   The Responsible Person as defined in the definitions section of this document is responsible for the implementation of this policy and monitoring information collection and data security, and ensuring that all staff receive proper training on privacy issues and their responsibilities. The Responsible Person is also responsible for any access requests and complaints regarding Personal Information. The Responsible Person may be contacted at: privacy@go83bar.com or by calling us at 1-833-599-1284

   Duties of the Responsible Person shall include:

   1. Implementing procedures to protect Personal Information
   2. Establish procedures to receive and respond to complaints and inquiries
   3. Record all persons having access to Personal Information
   4. Ensure any third parties abide by this Policy

   Train and communicate with staff information about the Organization’s privacy policies and practices

5. PIPEDA-Information Collection

   1. Section A of this policy describes the type of Personal Information the Organization collects
   2. Section B of this policy describes how the Organization collects Personal Information
   3. Section C of this policy describes how the Organization uses Personal Information

6. PIPEDA-Consent

   1. By providing Personal Information to the Organization, individuals are implying their consent to the use of the Personal information for the purposes identified in Section A of this policy. At the time of the collection of Personal Information and prior to the use or disclosure of Personal Information, the Organization will obtain consent from individuals by lawful means.
   2. Individuals may consent to the collection and use of Personal Information in the following ways:
   1. Provide it through completing an online form, questionnaire, quiz or survey on our site.
   2. Provide it while communicating with call center representatives via telephone, email, text, or web chat.
   3. Visit our website. We automatically log some basic information like how you got to the site, where you navigated within it, and what features and settings you use. We use this information to improve our websites and services.
   4. An individual may withdraw consent at any time with express written notice.
   3. The Organization will not, as a condition of providing a service, require individuals to consent to the use, collection, or disclosure of Personal Information beyond what is reasonably required to fulfill the specified purpose of the services provided.
   4. The Organization may disclose Personal Information without the individual’s knowledge or consent only:
   1. To a lawyer representing the Organization
   2. To comply with a subpoena, warrant, or an order made by a court or other body of law enforcement with appropriate jurisdiction
   3. To a government institution that has requested the information and identified its lawful authority, if that government institution indicates that disclosure is for one of the following purposes: enforcement or carrying out an investigation, gathering intelligence relating to any federal, provincial, or foreign law, national security or the conduct of international affairs, or administering any federal or provincial law
   4. To an investigative body named in PIPEDA or a government institution, if the Organization believes the Personal Information concerns a breach of an agreement, contravenes a federal, provincial, or foreign law, or if the Organization suspects the Personal Information relates to national security of the conduct of international affairs
   5. To an investigative body for purposes related to the investigation of a breach of an agreement or a contravention of a federal or provincial law
   6. In an emergency threatening an individual’s life, health, or security (the Organization will inform the individual of disclosure)
   7. If it is publicly available as specified in PIPEDA
   8. If otherwise required by law

7. PIPEDA-Accuracy, Retention, and Transparency

   1. Personal Information will be accurate, complete, and as up to date as is necessary for the purposes for which it was collected.
   2. Personal Information will be retained as long as reasonably necessary to enable participation in the Organizations services and in order to maintain records as may be required by law or by governing organizations
   3. The Organization’s employees will be made aware of the importance of maintaining the confidentiality of Personal Information and are required to comply with the Organizations Confidentiality Policy
   4. Personal Information will be protected against loss or theft, unauthorized access, disclosure, copying, use, or modification by security safeguards appropriate to the sensitivity of the Personal Information
   5. The Organization will make the following information available to individuals:
   1. This Privacy Policy
   2. Any additional documentation that further explains this Privacy Policy
   3. The name or title, and the address of the Responsible Person who is accountable for this Privacy Policy
   4. The means for gaining access to Personal Information held by the Organization
   5. A description of the type of Personal Information held by the Organization, including a general account of its use
   6. Identification of any third parties to which Personal Information is made available

8. PIPEDA-Access

   1. Upon written request, and with assistance from the Organization after confirming the identity of the individual, an individual may be informed of the existence, use, and disclosure of their Personal Information and shall be given access to their Personal Information. Individuals are also entitled to be informed of the source of the Personal Information, and provided with an account of third parties to which their Personal Information has been disclosed.
   2. Unless reasonable grounds are present to extend the time limit, Personal Information requests will be disclosed to the individual at no cost to the individual, within thirty (30) business days upon receipt of the written request.
   3. Individuals may be denied access to their Personal Information if the information:
   1. Is prohibitively costly to provide
   2. Contains references to other individuals
   3. Cannot be disclosed for legal, security, or commercial proprietary purposes
   4. Is subject to solicitor-client privilege or litigation privilege
   4. If the Organization refuses a request for Personal Information, it shall inform the individual the reasons for refusal and identify the associated provisions of PIPEDA that support the refusal.
   5. All questions or concerns about our privacy practices with respect to Personal Information, or wish to exercise any of the above, you can reach out to the Responsible Person by emailing us at privacy@go83bar.com or by calling us at 1-833-599-1284.

9. PIPEDA-Compliance Challenges

   1. Individuals are able to challenge the Organization for its compliance with this Policy.
   2. Upon receipt of a complaint, the Organization shall:
   1. Record the date the complaint is received
   2. Notify the Responsible Person who will serve in a neutral, unbiased capacity to resolve the complaint
   3. Acknowledge receipt of the complaint by way of telephone conversation or email, and clarify the nature of the complaint within seven (7) business days of receipt of the complaint
   4. Appoint an investigator using the Organization’s personnel who will have the skills necessary to conduct a fair and impartial investigation and will have access to all files and personnel
   5. Upon completion of the investigation and within thirty (30) business days of receipt of the complaint, the investigator will submit a written report to the Organization
   6. Notify the complainant the outcome of the investigation and any relevant steps taken to rectify the complaint, including any amendments to policies and procedures
   3. The Organization will not dismiss, suspend, demote, discipline, harass, or otherwise disadvantage any of the Organization’s employees who:
   1. Challenges the Organization for its compliance with this Policy
   2. Refuses to contravene this Policy or PIPEDA
   3. Takes precautions not to contravene this Policy or PIPEDA; even though said precautions may be in opposition to the regular duties performed by the employee

GDPR-Data protection principles

This section applies exclusively to visitors and users of the Site who are citizens of the European Union (EU).

The Organization is committed to processing data in accordance with its responsibilities under the General Data Protection Regulation (GDPR). This section of the Policy is based upon the standards required by GDPR.

1. GDPR-Purpose

   The Organization recognizes an individual’s right to privacy with respect to their Personal Information and is therefore committed to comply with all laws, rules, and regulations related to data protection. This policy describes the way that the Organization collects, uses, safeguards, discloses, and disposes of Personal Information in compliance with GDPR.

2. GDPR-Important information and about us

   1. The Organization acts as a processor on behalf of the data controller of any information which you provide, which means that we decide the means and purposes of the processing of your personal information. The Organization has appointed a Responsible Person, also known as a Data Protection Officer (DPO) for the purposes of data protection in accordance with this Policy. All questions or concerns about our privacy practices with respect to Personal Information, or wish to exercise any of the above rights, you can reach out to the Responsible Person by emailing us at privacy@go83bar.com or by calling us at 1-833-599-1284.
   2. If you are a European citizen and are not happy with our response, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO),the UK supervisory authority for data protection issues at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 or on its website at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
   3. It is important that the personal information we hold about you is accurate and up to date. Please inform us of any changes to your information as soon as possible.

3. GDPR-Information we collect about you

   1. Section A of this policy describes the type of Personal Information the Organization collects
   2. Section B of this policy describes how the Organization collects Personal Information
   3. Section C of this policy describes how the Organization uses Personal Information

4. GDPR-Data protection framework

   This section describes the basic framework and principles, defines the minimum standards and requirements of our data protection framework. Personal data and all processing activities will be:

   1. Recorded accurately and kept up to date
   2. Collected for specific, explicit, and legitimate purposes only
   3. Retained only as long as necessary
   4. Processed fairly and lawfully
   5. Protected against any unauthorized or illegal access or misuse by internal or external parties
   6. Adequate, relevant, and limited only to what is necessary

   The organization also recognizes its responsibility and obligations towards the individuals to whom the data belongs. We must also:

   1. Upon request inform which of their information is processed
   2. Inform how we process their information
   3. Inform who has access to their information
   4. Have provisions in cases of lost, corrupted, or compromised information
   5. Allow individuals to request that we modify, erase, reduce or correct information contained in our databases

   For ensuring an adequate level of personal information protection, the organization is committed to the following:

   1. Restricting and monitoring access to personal information
   2. Developing clear and transparent data collection procedures
   3. Training employees in privacy and security measures
   4. Building secure networks to protect information from unauthorized access
   5. Establishing clear procedures for reporting privacy breaches or data misuse
   6. Establish data protection best practices (access controls to buildings, offices and IT systems, document shredding, secure locks, devices and data encryption, frequent backups, access authorization, disaster recovery plans etc.)

5. GDPR-Personal information processing principles

   When processing personal information, the following principles apply:

   1. Fairness, lawfulness, and transparency: personal data may only be collected and processed for specified, explicit and legitimate purposes in a fair and transparent manner and in compliance with the applicable law. The data subject must be informed of how his/her data is being handled. In general, personal data must be collected directly from the individual concerned. When the data is collected, the data subject must either be aware of, or informed of a) the identity of the data controller b) the purpose of data processing and c) third parties or categories of third parties to whom the data might be transmitted
   2. Purpose limitation: personal data may only be collected and processed for the purpose that was defined before the collection, limited to what is necessary in relation to the purposes for which they are processed and may not be further processed in a way incompatible with those purposes
   3. Data Minimisation: personal data must be restricted to the adequate, necessary, and relevant extent to achieve the purpose for its processing. Personal data must not be collected in advance and stored for potential future purposes unless the Data Subject has given consent or is required or permitted by national law
   4. Accuracy: Personal data on file must be correct, complete, and – if necessary – kept up to date. Suitable steps must be taken to ensure that inaccurate or incomplete data are deleted, corrected, supplemented, or updated
   5. Storage Limitation and Deletion: personal data must be maintained in a manner only as long as this is required to achieve the intended purposes of collection and processing. After the expiration of legal or business process-related periods, Personal Data that is no longer needed must be securely deleted
   6. Integrity and Confidentiality, Data Security: personal data must be processed in a manner that a) ensures adequate security of the data; b) data is stored securely using suitable, modern systems and software that is kept-up-to-date.

   The Organization has adequate technical and organizational security measures in place to prevent unauthorized access, processing, or distribution, as well as accidental loss, modification, or destruction.

   The adherence to these principles are supported by a record of (IT) systems and processing activities where all information and procedures related to personal data are documented (e.g. category of data subject, category of Personal Data, purpose of processing) . All Entities must keep such Record of Processing Activities, specially the Entities with processing activities subject to the GDPR (Art. 30 GDPR).

6. GDPR-Lawfulness of processing

   The Organization must ensure that processing of information is performed in a lawful manner and document the lawful grounds of processing. For personal information to be processed lawfully, it must be processed based on one of the following legal grounds:

   1. The data subject consents to the processing of personal information
   2. The processing is necessary for entering in to or for the fulfillment of a contract with the data subject
   3. For the compliance with a legal obligation to which The Organization and its affiliates are subject to
   4. For the legitimate interest of The Organization or the party to whom the personal information is disclosed
   5. For the vital interest of the public or other stakeholders
   6. For public tasks and obligations

   The processing of special categories of personal information must be expressly permitted or prescribed under national law. Except for storage and record retention, processing shall cease immediately where there are no longer lawful grounds.

7. GDPR-Rights of data subjects

   Upon a data subject’s request, the concerned Entity must inform them of the collected personal data within the scope of the applicable laws. In general, data subjects may:

   1. Request access to any personal data held about them by a data controller
   2. Prevent, object, or restrict the processing of their personal data, e.g. for direct marketing purposes
   3. Ask to have inaccurate personal data amended
   4. Request information on the identity of the recipient or the categories of recipients if their personal data have been transmitted to third parties (e.g. sub-contracted data processors)
   5. Request their data to be deleted if the processing of such data has no legal basis, or if the legal basis no longer applies. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Legal retention periods might override this right and must be closely monitored. If you received any Data Subject Access request, please contact the Responsible Person outlined in GDPR 2.1 immediately. Such requests shall be completed as soon as possible but no more than 30 calendar days and communicated to the Data Subject securely.
   6. Right to withdraw consent.
8. GDPR-Data transfers and data processing

The Organization acts as a data processor and acts on behalf of a data controller based on the principles stated in GDPR Sections 5, 6, and 7 in compliance with applicable laws. Any transfer of personal information outside of the EU will be done at the behest of the data controller. In order for information to be transferred, the data controller must supply The Organization with express written consent to do so.

All data processing performed by The Organization is done on behalf of the data controller. The Organization is responsible for carrying out the processing of information at the direction and instructions of the data controller, who determines the purposes and means of the processing of personal information.

9. GDPR-Confidentiality

   Any kind of personal data is subject to data secrecy, therefore:

   1. Any unauthorized collection and processing of such data by employees is prohibited
   2. Any data processing undertaken by an employee that he/she has not been authorized to carry out as part of his/her legitimate duties is prohibited.

   The “need to know” principle applies to any employees who may have access to personal information only as this is appropriate for the type and scope of the task in question. This requires a careful breakdown and separation, as well as implementation of roles and responsibilities. The employees´ use of collected personal information for private or commercial purposes or their disclosure to unauthorized persons is prohibited; employers must inform their employees at the start of the employment relationship about the obligation to protect data secrecy and make them familiar with this policy (e.g. by requiring written confirmation of this policy). This obligation shall remain in force even after employment has ended.

10. GDPR-Security of processing

    Personal data must be safeguarded from unauthorized access and unlawful processing or disclosure, as well as accidental loss, modification, or destruction. The Organization has security measures based on modern technologies, the risks of processing, and the sensitivity of the data to be protected. The Organization and its affiliates or third parties must ensure:

    1. Buildings and office rooms are adequately protected against unauthorized access (e.g. alarm systems, entrance controls and registering)
    2. Personal data is stored securely using modern software that is kept-up to date
    3. Access to personal data is being limited only to personnel who need access and appropriate security measures are in place to avoid unauthorized sharing of information
    4. Personnel data is transferred only by secured means (e.g. email/laptop encryption, encrypted USB sticks)
    5. Access to personal data is monitored and protocolled (e.g. audit trails for data entries, log trails)
    6. Availability and recovery of data (back-up and disaster recovery procedures, firewalls, anti-virus programs)
    7. When personal data is deleted, this is done securely in a way the deletion is irrecoverable
    8. Security incidents /data breaches and any other incidents are properly reported and managed.

    Technical and organizational controls must be defined and implemented before the introduction of new methods of personal data processing, particularly of new IT systems and applications. They must be continuously evaluated and assessed in respect of technical developments and organizational changes.

11. GDPR-Data protection awareness

    The effectiveness of The Organization’s data protection requires that all employees who process personal information must be aware of the importance of information protection and privacy. Therefore, The Organization has a duty to promote awareness to all employees through annual protection training, and corporate awareness programs.

12. GDPR-Data protection incidents

    The following data protection-relevant incidents must be promptly reported to the Responsible Party as well as to the Chief Executive Officer and to the Legal Department:

    1. Any reported, anticipated, or potential data breach (e.g. E-mail sent to the wrong recipients, personal data disclosed to unauthorized persons, a security breach usually results into a data breach)
    2. Data protection complaints, claims and accusations by data subjects (e.g. employees, customers, suppliers)
    3. Data protection requests by any data subject (e.g. customer asking for processing activities of their personal data)
    4. Violations or potential violations of data protection laws, as well as violation of this policy
    5. Fines imposed by data protection authorities
    6. Audits advised by data protection authorities
    7. Any security breaches or incidents of IT systems (e.g. compromised systems, system breakdowns, hacking attempts, intrusion of systems, unauthorized access attempts) that might result in a data breach.

    The loss or theft of mobile devices (laptops, mobile phones, tablets, USB sticks) might result in a potential data breach and therefore have also to be reported to the Responsible Party, as well as to the Chief Executive Officer and to the Legal Department. In addition The Organization must:

    1. maintain a record of all incidents and events mentioned above
    2. maintain all relevant documents, communication and measures taken related to those incidents and requests in a separate file and have it available on request

Changes to our Privacy Policy

This privacy policy may be updated from time to time. When updates are made, the version date located at the bottom of this policy will also be updated accordingly to reflect when revisions have been made. It is advisable to revisit this page and reread this policy to see if any revisions may affect you.

Last Update: 7/21/2025

US-UNIQONE-01