Effective Date: September 1, 2023 

Data Privacy Framework Policy 

This DPF Policy (DPF Policy) describes how Praxie, Inc. (referred to in this DPF Policy as Praxie, we, us or our) collect, use, and disclose certain personally identifiable information that we receive in the United States from the European Economic Area (EEA Personal Data). This Policy supplements our Privacy Policy located at https://praxie.com/privacy-policy/, and unless specifically defined in this DPF Policy, the terms in this DPF Policy have the same meaning as the website Privacy Policy. 

We recognize that the EEA has established strict protections regarding the handling of EEA Personal Data, including requirements to provide adequate protection for EEA Personal Data transferred outside of the EEA. To provide adequate protection for certain EEA Personal Data about customers received in the United States, we have elected to self-certify to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) administered by the US Department of Commerce. 

For purposes of enforcing compliance with the EU-U.S. DPF, we are subject to the investigatory and enforcement authority of the United States Federal Trade Commission. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. 

Personal Data Collection and Use  

Our website Privacy Policy located at https://praxie.com/privacy-policy/ describes the categories of EEA Personal Data that we may receive in the US as well as the purposes for which we use that EEA Personal Data. We will only process EEA Personal Data in ways that are compatible with the purpose that we collected it for, or for purposes you later authorize. Before we use your EEA Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt out. We maintain reasonable procedures to help ensure that EEA Personal Data is reliable for its intended use, accurate, complete, and current. 

Data Transfers to Third Parties  

Third-Party Agents or Service Providers. We may transfer EEA Personal Data to our third-party agents or service providers who perform functions on our behalf as described in our website Privacy Policy. Where required by the EU-U.S. DPF, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the EU-U.S. DPF requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EEA Personal Data in accordance with our EU-U.S. DPF obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of EEA Personal Data that we transfer to them. 

Disclosures for National Security or Law Enforcement. Under certain circumstances, we may be required to disclose your EEA Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements. 

Security 

We maintain reasonable and appropriate security measures to protect EEA Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the EU-U.S. DPF. 

Access Rights 

You may have the right to access the EEA Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the EU-U.S. DPF. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EEA Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information. 

Questions or Complaints; Contact Us 

You can direct any questions or complaints about the use or disclosure of your EEA Personal Data to us at: 

Full name of legal entity: upBOARD, Inc.
Email address: [email protected]
Postal address: 1547 Palos Verdes Mall #144, Walnut Creek, CA 94597
Telephone number: +1 (650) 246 9554 

We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EEA Personal Data within 45 days of receiving your complaint. For any unresolved complaints, we have agreed to cooperate with the EU data protection authorities. If you are unsatisfied with the resolution of your complaint, you may contact the EU data protection authorities at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for further information and assistance. 

Binding Arbitration 

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with Praxie and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. 

Changes To This Policy 

We reserve the right to amend this Policy from time to time be consistent with the EU-U.S. DPF requirements.