1. Introduction
    This Global Privacy Policy (“Privacy Policy”) describes how Done Platform LLC. and its affiliates will gather, use, and maintain your Personal Information on the Done Platform. It will also explain your legal rights with respect to that information.
    By using the Done Platform, you confirm that you have read and understand this Privacy Policy, and our Global Terms of Service (together referred to herein as the “Agreement”). The Agreement governs the use of the Done Platform. Done will collect, use, and maintain information consistent with the Agreement.
    If you are a California resident or data subject in Europe, please see the “Additional Disclosures for California Residents” and “Additional Disclosures for Data Subjects in the European Economic Area (EEA), Switzerland, and the UK” sections, respectively. If you have any questions or wish to exercise your rights and choices, please contact us as set out in the “Contact Us” section below.
  2. General Terms
    In this Privacy Policy:
    • Done Platform LLC . may be referred to as “Done,” “we,” “our,” or “us.”
    • We call a user of the Done Platform “User,” “Users,” “you,” “your,” or “Client” and “Tasker,” as appropriate.
    • The community platform that we offer at our website (www.needitpostitdone.com) and is referred to as the “Site.”
    • The mobile applications (whether on iOS or Android) are referred to as the “Apps.”
    • Done’s Site, Apps and related services, information and communications are collectively referred to as the “Done Platform” or “Done.”
    • “Terms of Service” refers to our Global Terms of Service, which can be found here. This Privacy Policy is incorporated into, and considered a part of, the Terms of Service.
  3. Information Collection
    Information you provide to Done
    Done collects certain personally identifiable information about you, including information that can identify, relate to, describe, be associated with you, or is reasonably capable of being associated with you (“Personal Information”). Examples of Personal Information that Done collects include but are not limited to:
    Contact Information. This may include your first and last name, postal address, telephone number, and email address.
    Billing Data, including your payment instrument number (such as a credit or debit card number), expiration date, and security code as necessary to process your payments.
    Identity Information. If you are a Tasker, we may collect Personal Information, such as your date of birth and address, national identification number if applicable, together with the result of basic criminal record checks as provided by you, or by our Third-Party Agents (as defined below), as applicable and to the extent permitted by law in your jurisdiction, as well as such information as may be needed to validate your identity.
    Financial Information. To help Taskers set up a payment account and help Clients make payments to Taskers and pay fees to Done, we may collect financial information, including credit card number, bank routing numbers, tax information, taxpayer identification number, and other payment information, as applicable. We use Financial Information in order to operate the Done Platform and to ensure that Taskers are paid by Clients. We do this as necessary for our legitimate interests in providing our platform and services and to fulfill our contracts with Users. To keep your financial data secure, we have contracted with a third party to maintain and process your payment information.
    Promotional Information. Certain offerings of the Done Platform, such as newsletters, surveys, contests, and the like are optional and so you are not required to enter them or to give us your data in connection with them. Where you do consent to take advantage of Done Platform offerings, we will use your data to (as applicable) send you newsletters and other communications that are tailored based on information we have about you, or to operate and manage the survey, contest or similar offering in connection with our legitimate interest in promoting our business and the Done Platform. To opt-out of receiving marketing communications from us, please see Section 7, Your Rights and Choices.
    Employment Information. We collect employment and education history, transcripts, writing samples, and references as necessary to consider your job application for open positions.
    Content Information. You also may choose to send Done Personal Information in an email or chat message containing inquiries about the Done Platform and we use this Information in order to help us respond to your inquiry. We also collect content within any messages you exchange with other Users through the Done Platform (such as through our chat functionality).
    We require that you furnish certain information when you register an account with us in order to provide services through the Done Platform. For example, if you are a Client, we collect your first and last name, email address, and your zip or postal code in order to create and administer your Done account. We also collect additional information in order to facilitate your booking request, such as information about the task you are seeking, the time, date and location of the task, and Billing Data. If you are a Tasker, we collect your first and last name, email address, mobile phone number and zip or postal code in order to create and administer your Done account and facilitate communications between you and your Clients through the Done Platform. We also collect information about your tasks, rates, and skills, as well as Identity Information and Financial Information.
    Third Party Information. If you registered through a co-branded version of our Done Platform through one of our Partners (as defined below), they may provide us with basic information such as your name, address, email, and purchase history related to your Done. We may receive additional information about you, such as demographic data, Financial Information, or fraud detection information, from Third-Party Agents (as defined below) and combine it with other information that we have about you, to the extent permitted by law, in order to comply with our legal obligations and for the legitimate interest in improving the Done Platform. Done may work with Third-Party Agents to perform identity checks and criminal background checks on Taskers, if applicable and permitted by local law, in order to advance our legitimate interests in ensuring the safety of our Users and maintaining the integrity of the Done Platform.
  4. Information Done Collects Automatically
    We automatically collect certain information when you use the Done Platform. The categories of information we automatically collect and have collected, including in the last 12 months, are as follows:
    Service Use Data, including data about features you use, pages you visit, emails and advertisements you view, portions of the Done Platform that you view and interact with, the time of day you browse, and your referring and exiting pages.
    Device Data, including data about the type of device or browser you use, your device’s operating system, your internet service provider, your device’s regional and language settings, and device identifiers such as IP address and Ad Id. When you visit and interact with the Done Platform, Done may collect certain information automatically through cookies or other technologies, including, but not limited to, the type of computer or mobile device you use, your mobile device’s unique device ID, the IP address of your computer or mobile device, your operating system, the type(s) of internet browser(s) you use, and information about the way you use the Done Platform (“Device Information”). We may use Device Information to monitor the geographic regions from which Users navigate the Done Platform, and for security and fraud prevention purposes. Use of any IP-masking technologies or similar technologies (like the TOR network) may render portions of the Done Platform unavailable and are forbidden on the Done Platform.
    Location Data, including imprecise location data (such as location derived from an IP address or data that indicates a city or postal code level), and, with your consent, precise location data (such as latitude/longitude data). When you visit the Done Platform via a native mobile application, we use, with your consent when required under applicable law, GPS technology (or other similar technology) to determine your current location in order to determine the city you are located in and display a relevant location map. We will not share your current location obtained in this manner with other Users.
    Cookies and similar technologies are described in our Cookie Policy, which sets out the different categories of cookies and similar technologies that the Done Platform uses and why we use them.
  5. Done’s Use of Information
    We collect and use information for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our business purposes for collecting and using information include:
    • To operate and make available the Done Platform. We use your data to connect you with other Users to enable the posting of, selection for, completion of, and payment for Tasks, in order to fulfill our contracts with Users;
    • For billing and fraud prevention, on the basis of our legitimate interests in ensuring a safe and secure environment in which Clients and Taskers can meet and conduct business, and in order to comply with our legal obligations;
    • To conduct identification and criminal background checks, if applicable and to the extent permitted by local law, on Users, in order to advance our legitimate interests as well as for the substantial public interest of ensuring the safety of our Users both online and offline, preventing or detecting unlawful acts, protecting the public against dishonesty, and maintaining the integrity of the Done Platform given that Taskers often interact directly with Clients and may enter their homes;
    • To analyze Done Platform usage as necessary for our legitimate interest in improving the Done Platform to grow our business;
    • To contact you and deliver (via email, SMS, push notifications, or otherwise) transactional information, administrative notices, marketing notifications, offers and communications relevant to your use of the Done Platform, with your consent when required under applicable law, as necessary for our legitimate interests in proper communication and engagement with our Users, and in promoting our business;
    • To provide you with customer support in order to fulfill our contracts with Users;
    • For internal market research for our legitimate interest in improving the Done Platform to grow our business;
    • For troubleshooting problems for our legitimate interests in ensuring a safe and secure environment in which Users can meet;
    • To assist Users in the resolution of complaints and disputes between them, as necessary for our legitimate interests in facilitating good relations among Users;
    • To enforce our Terms of Service and our legitimate interests in ensuring our Agreement is complied with;
    • To facilitate the provision of insurance and/or protection offerings to Taskers by Third-Party Agents; and
    • As otherwise set forth in the Agreement.
    Interest-Based Advertising. Ads are a standard part of user experience on the Internet, and Done believes that targeted advertising enhances this experience. Done and affiliate third parties may use cookies and other technologies to place ads where they believe interested Users will see them. In addition to banner ads, Done may advertise products, companies and events that we think might interest you through the email address and/or phone number you provide. We may incorporate Tracking Technologies on the Done Platform (including our website and emails) as well as into our ads displayed on other websites and services. Some of these Tracking Technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you (“Interest-Based Advertising”).
    For more information and to understand your choices regarding third-party ads, please see our Cookie Policy. Advertising and marketing is carried out as necessary for our legitimate interests in providing an engaging and relevant experience, promoting our services, and growing our business.
    Analytics and Market Analysis. Done may analyze information (“Market Analysis”) as necessary for our legitimate interests in providing an engaging and relevant experience, and promoting and growing the Done Platform.
    Done uses information to offer services to Users who express an interest in these services, through a poll for example, or to Users who can be presumed to have an interest based on results from our Market Analysis. We do this as necessary for our legitimate interests in providing an engaging and relevant experience, promoting our services, and growing our business.
    Cell Phone Numbers. Done may use your cell phone number to call or send recurring text messages to you, using an autodialer or prerecorded voice, in order to provide you notifications about Tasks, for marketing purposes (with your consent where required by law), and to administer the Done Platform. If you would like more information about our policy, or how to opt out, please review the “Your Rights and Choices” section below or Section 9 of our Terms of Service. You may be liable for standard SMS and per-minute charges by your mobile carrier. Done may also message you via push notifications (with your consent when required under applicable law), which you can opt-out of on your mobile device. Data rates may apply.
    Call recordings. Calls to or from Done or its Third Party Agents may be monitored and recorded for the purposes of quality control and training. Such calls may contain Personal Information.
  6. Information Sharing
    We only share the Information we collect about you as described in this Privacy Policy or as described at the time of collection or sharing, including as follows:
    Third Party Agents. We share information, including Identity Information, with entities that process information on our behalf for our business purposes. We contractually prohibit our Third-Party Agents from retaining, using, or disclosing information about you for any purposes other than performing the services for us, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law.
    To operate the Done Platform, including processing your transactions, we may share your Personal Information with our agents, representatives, vendors and service providers (“Third Party Agents”) so they can provide us or our Users with services as follows:
    • Email origination;
    • Identity checks (currently carried out by our providers Sterling (Canada) and Jumio (U.S., France, Germany, Spain, Portugal and Italy)), and criminal background checks (currently carried out by our provider Sterling in the U.S. and Canada), to the extent permitted by applicable law;
    • Fraud prevention and detection (currently carried out by our providers Sift Science and Emailage). Our fraud detection providers also use information relating to you and your use of and activity on the Done Platform to provide fraud detection services to their other clients;
    • Receipt, invoice, or support services;
    • Customer relationship management services;
    • Data analytics;
    • Marketing and advertising;
    • Website hosting;
    • Communications services;
    • Technical support;
    • Financial transaction fulfillment (in which we are currently supported by Stripe, who processes your Personal Information in accordance with its own privacy policy) and related chargeback and collection services;
    • To facilitate the provision of insurance and/or protection offerings to Taskers by Third-Party Agents; and
    • To otherwise help us provide the Done Platform.
    Partners. Some Done content is “sponsored by” or “presented by” other companies. If you connect to the Done Platform through a co-branded version of our Done Platform or otherwise participate in one of our partner programs, we may share information about your use of the Done Platform with that Partner in order to offer the integrated platform and to evaluate the partner program. We may also share your Personal Information with our Partners in order to receive additional information about you, or in order to create offers that may be of interest to you. Please check such Partner’s privacy policy before revealing information about yourself. If you don’t want these Partners to have your Personal Information, you can choose to not participate.
    Promotions. When you voluntarily enter a sweepstake, prize draw, contest, or other promotion, we share information as set out in the official rules that govern the promotion as well as for administrative purposes and as required by law (e.g., on a winners’ list). By entering a promotion, you agree to the official rules that govern that promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other entities to use your name, voice, and/or likeness in advertising or marketing materials. We may occasionally contact you, if you want us to, with information about special events, activities, promotions, contects, submission opportunities, and programs. You always have the ability, in your Account, to ask Done not to contact you with this type of information. Please see Section 7, Your Rights and Choices, for more information.
    Matched Ads. We use Matched Ads by sharing personal information with another party or incorporating a pixel from another party into our own Sites, and the other party matching common factors between our data and their data or other datasets for advertising purposes. For instance, we incorporate the Facebook pixel on our Sites and may share your email address with Facebook as part of our use of Facebook Custom Audiences.
    Other Users. Done facilitates contact between Clients and Taskers and reserves the right to share one User’s contact information (e.g., name, phone number, email, or postal address) with other Users, or with the recipient User’s legal or other authorized representative, in order to: (1) facilitate or communicate the resolution of an investigation or dispute related to or arising from an interaction between two or more Users of the Done Platform; or (2) facilitate the performance of a Task. This exchange of information is essential to the operation of the Done Platform.
    Legal Obligations. Done and our Third Party Agents may disclose your Personal Information or User Generated Content to courts, law enforcement, governmental or public authorities, tax authorities or authorised third parties, if and to the extent required or permitted to do so by law or where disclosure is reasonably necessary to: (i) comply with Done’s legal or regulatory obligations; (ii) respond to a court order, warrant or subpoena; (iii) respond to a valid legal request relating to an investigation into alleged criminal or illegal activity; or (iv) respond to or address any other activity that may expose us to legal or regulatory liability.
    In jurisdictions where Done is, according to applicable law, required to collect or remit information about Users’ permits, licences, tax, or social security registrations, Done and our Third Party Agents may disclose information, including but not limited to, User contact details, identification information, transaction dates and amounts, license and permit status, and tax identification number(s) to applicable governmental authorities.
    Done reserves the right to disclose Personal Information from both private and public areas of the Done Platform in the absence of a court order, warrant, or subpoena, to the extent permitted by applicable law, if we are given reason to believe, in our sole discretion, that someone is causing injury to or interfering with the rights of Users, the general public, or Done or its partners, parents or affiliates.
    It is our policy to provide notice to Users before producing their information in response to law enforcement requests unless (i) we are prohibited or otherwise constrained by law or court order from doing so, (ii) we have reason to believe the User’s account has been compromised such that the notice would go to the wrong person, or notice would otherwise be counterproductive or would create a risk to safety, or (iii) it is an emergency request and prior notice would be impractical (in which case we may provide notice after the fact).
    Merger or Acquisition. Done reserves the right to share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale, or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
    Public Areas. Your profile on the Done Platform consists of information about you and your business, and may include information such as photographs, your years in business, skills and expertise, hourly pay rates, feedback/rating information, and other information, including your username (“Profile”). The information in your User Profile may be visible to all Users and the general public. If you choose to post a Task via the Done Platform, the contents of such listing will be viewable to Taskers you select on the Done Platform.
  7. Your Rights and Choices
    You may opt-out of receiving promotional communications from us, including promotional communications related to the Done Platform, and request the removal of your Personal Information from our databases, or deactivate your account, by logging on to the Site or App and clicking on the “Account” tab, or by contacting us.
    Account Settings. During registration you choose whether to receive marketing correspondence from Done. This information remains on your Profile where you can, at any point, easily edit it. After logging on, click on the “Account” tab, then select “Notifications” to make your preferred selections.
    Push Notifications. You have the option to receive updates and relevant offers via push notifications in your app. These notifications can be configured in the settings of your mobile device at any time.
    Corrections to Profile. You have the right to access, update, and correct inaccuracies in your Done Profile at any time by logging in and clicking on the “Account” tab. There, you can view, update, and correct your Account information.
    So that we may protect the integrity of the Done Platform, there are certain pieces of information, such as your age, that you cannot alter yourself. For example, since children under the age of majority in their jurisdiction of residence are not allowed to register as Users, we need to take reasonable measures to preserve the accuracy of our Users’ ages. You may contact us at privacy@needitpostitdone.com if there is a need to make a correction to such data. Please see Section 11, Children’s Privacy, for more details.
    Promotional Communications. You can opt out of receiving promotional communications from Done via the Account tab in your Profile. In addition, you can opt out of email marketing by clicking on the unsubscribe link in any message. You can opt out of promotional communications from Done sent via text message at any time by following the instructions provided in those messages to text the word “STOP”. Please note that your opt-out is limited to the phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscription communications may continue. Even if you opt-out of receiving promotional communications, Done will continue to send you non-promotional communications, such as those about your account, Tasks, transactions, servicing, or Done’s ongoing business relationship with you. If you receive unsolicited promotional communications from a Done domain, please let us know here.
    If you are a California Resident, please see the Additional Disclosures for California Residents section below.
  8. Done’s Information Retention Policy
    We retain personal data for as long as you are a User in order to meet our contractual obligations to you, and for such longer period as may be in our legitimate interests and to comply with our legal obligations. We may also retain data from which you cannot directly be identified, for example where stored against a randomly-generated identifier so we know the data relates to a single User, but we cannot tell who that User is. We use this kind of data for research purposes and to help us develop and improve our services, and we take appropriate measures to ensure you cannot be re-identified from this data.
  9. Done’s Security of Collected Information
    Your Done account is password-protected so that only you and authorized Done staff have access to your account information. In order to maintain this protection, do not give your password to anyone. Also, if you share a computer, you should sign out of your Done account and close the browser window before someone else logs on. This will help protect your information entered on public terminals from disclosure to third parties.
    Done implements and maintains reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Done has staff dedicated to maintaining this Privacy Policy and other privacy initiatives, periodically reviewing security, and making sure that every Done employee is aware of our security practices. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.
  10. Notification of Changes
    Done’s Privacy Policy is periodically reviewed and enhanced as necessary. This Privacy Policy might change as Done updates and expands the Done Platform. Done will endeavor to notify you of any material changes by email. Done also encourages you to review this Privacy Policy periodically.
  11. Children’s Privacy
    This service is intended for a general audience, and is not directed at children under 13 years of age. In certain jurisdictions, this minimum age may be higher. Please check the Jurisdiction-specific Provisions below for more information.
    We do not knowingly gather personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. If you are a parent or guardian and you believe that we have collected information from your child in a manner not permitted by law, please let us know by contacting us here. We will remove the data.
    We do not knowingly collect or “sell” the Personal Information of minors under 18 years old who are California residents.
  12. Contacting Us
    If you have any questions about this Privacy Policy or the manner in which we or our Third-Party Agents treat your Personal Information, the practices of the Site, your dealings with the Done Platform, or if you have technical problems, you may contact us here.
    Done’s staff will respond to all mail or email from Users with questions about privacy, including the types of Personal Information stored on the Done databases, and requests to know, delete or rectify such Personal Information.
  13. Jurisdiction-specific Provisions
    A. Residents of the United States of America
    Information of U.S. Users. Our collection, use, and retention of the Personal Information of U.S. Users is in accordance with applicable U.S. laws, as is our determination of what is deemed to be “personal data and/or information.”
    Done expressly disclaims any liability that may arise should any other individuals obtain the information you submit to the Done Platform.
    Interest-Based Advertising in the United States. For more information about interest-based ads, or to opt out of having your web-browsing information used for behavioral advertising purposes
    Done’s Security of Collected Information. While Done will use commercially reasonable efforts to ensure the security of all Personal Information, we expressly disclaim any liability for any unauthorized access to or use of our secure servers and/or any and all Personal Information stored therein, and you agree to hold Done harmless for any damages that may result therefrom. If you have any further questions on this issue, please refer to the Terms of Service.
    Additional Disclosures for California Residents
    These additional disclosures for California residents apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires business collecting or disclosing Personal Information to provide notice of rights California residents have and can exercise.
    California Notice of Collection. We have collected Personal Information corresponding to the following categories enumerated in the CCPA, including within the last 12 months.
    • Identifiers, including name, address, email address, account name, Social Security Number, IP address – and an ID number assigned to your account.
    • Customer records, phone number, billing address, credit or debit card information, employment or education information.
    • Demographic information, such as your age or gender. This category includes pieces of Personal Information that also qualify as protected classification characteristics under other pre-existing California or federal laws.
    • Analytics and Advertising, including purchases and engagement with the Done Platform.
    • Internet activity, including history of visiting and interacting with our Service, browser type, browser language and other information collected automatically.
    • Geolocation data, including location enabled services such as WiFi and GPS.
    • Inferences, including information about your interests and preferences.
    For more information on what we collect, including the sources we receive information from, review Section 3, Information Collection. We collect and use these categories of personal information for the business purposes described in Section 5, Done’s Use of Information, including to provide and manage the Done Platform.
    Done does not generally sell information as the term “sell” is traditionally understood. However, to the extent “sale” under the CCPA is interpreted to include advertising technology activities such as those disclosed in Section 5, Done’s Use of Information, as a “sale,” we will comply with applicable law as to such activity.
    Done discloses the following categories of information for commercial purposes:
    • Commercial Information;
    • Demographic Data;
    • Location Data;
    • Identifiers;
    • Inferences; and
    • Internet activity.
    We use and partner with different types of entities to assist with our daily operations and manage the Done Platform. Please review Section 6, Information Sharing, for more detail about the parties with which we share Personal Information.
    Right to Know and Delete. If you are a California resident, you have the right to know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
    • The categories of Personal Information we have collected about you;
    • The categories of sources from which the Personal Information was collected;
    • The categories of Personal Information about you we disclosed for a business purpose or sold;
    • The categories of third parties to whom the Personal Information was disclosed for a business purpose or sold;
    • The business or commercial purpose for collecting or selling the Personal Information; and
    • The specific pieces of Personal Information we have collected about you
    In addition, you have the right to delete the Personal Information we have collected from you. However, this is not an absolute right and Done may have legal grounds for keeping such data.
    To exercise any of these rights, please submit a request at contactus@needitpostitdone.com. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
    Right to Opt-Out. To the extent Done sells your Personal Information as the term “sell” is defined under the CCPA, you have the right to opt-out of the sale of your Personal Information by us to third parties at any time. You may request to opt-out by clicking Do Not Sell My Personal Information and making your choice.
    Authorized Agent. You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
    Right to Non-Discrimination. You have the right to non-discriminatory treatment by us, should you exercise any of your rights.
    Shine the Light. Customers who are residents of California may request: a list of the categories of Personal Information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes, and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please contact us at contactus@needitpostitdone.com. Requests must include “California Shine the Light Request” in the first line of the description and include your name, street address, city, state, and ZIP code. We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year. Please note that Done is not required to respond to requests made by means other than through the provided email address or mail address.
    B. Residents of the European Economic Area (EEA), Switzerland, and the UK.
    Interest-Based Advertising in the EEA or Switzerland. For more information about interest-based ads, or to opt out of having your web-browsing information used for behavioral advertising purposes, please visit http://youronlinechoices.eu/.
    Additional Disclosures for Residents of the EEA, Switzerland, and the UK
    Transfer Of Data. We and our affiliates and Third-Party Agents primarily store data about you, including Personal Information, on servers located and operated within the United States. If you reside or are located outside of the U.S., we may transfer, store, and process your Personal Information (also referred to as personal data under the GDPR) to the U.S. in order to provide and operate the Done Platform. Whenever your personal data is transferred outside of the EEA, we undertake to ensure an adequate level of protection is afforded to it, either by us, our affiliates, and/or Third Party Agents, in accordance with applicable EEA and UK data protection law.
    Your Rights. You have the following rights under certain circumstances:
    • A right of access: you have the right to obtain confirmation as to whether personal data concerning you are processed or not and, if processed, to obtain access to such data and a copy thereof;
    • A right to rectification: you have the right to obtain the rectification of any inaccurate personal data concerning you. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement;
    • A right to erasure: in some cases, you have the right to obtain the erasure of personal data concerning you. However, this is not an absolute right and Done may have legal or legitimate grounds for keeping such data;
    • A right to restriction of processing: in some cases, you have the right to restrict the processing of your personal data;
    • A right to data portability: you have the right to receive the personal data concerning you which you have provided to Done, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from Done. This right only applies when the processing of your personal data is based on your consent or on a contract and such processing is carried out by automated means.
    • A right to object to processing: you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you when such processing is based on the legitimate interest of Done. Done may, however, invoke compelling legitimate grounds for continued processing. When your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of such data. You can change your marketing preferences at any time as described in Section 7, Your Rights and Choices.
    • A right to lodge a complaint with the supervisory authority: if your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority. The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data (https://ico.org.uk/). The CNIL is the supervisory authority in France. The Spanish Data Protection Agency is the supervisory authority in Spain. This list identifies the supervisory authorities for the 16 states in Germany. The CNPD (“Comissão Nacional de Proteção de Dados”) is the supervisory authority for Portugal. The Garante per la protezione dei dati personali is the supervisory authority in Italy.
    You can exercise your rights by contacting us.
    EU-US Privacy Shield
    Done is aware of the Schrems II judgment which invalidated the Privacy Shield as a matter of EU law. Done has decided, however, to maintain its certification not to legitimise the transfer of personal data under EU law, but as a matter of US law and good practice.
    Done complies with the EU-U.S. Privacy Shield Framework (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union and the United Kingdom, as applicable to the United States in reliance on Privacy Shield. Done has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
    In compliance with the Privacy Shield Principles, Done commits to resolve complaints about our collection or use of your Personal Information. Individuals with inquiries or complaints regarding our handling of your Personal Information under the Privacy Shield should first contact Done here.
    If we do not acknowledge your Privacy Shield complaint in a timely manner, or if your complaint is unresolved, please contact JAMS, our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield to file a complaint. If neither Done nor JAMS resolves your complaint, you may, under certain circumstances, pursue binding arbitration under the Privacy Shield Panel. Additional information about binding arbitration can be found here.
    As explained in this Privacy Policy, Done may provide Personal Information to third parties to perform services on our behalf. If we transfer Personal Information received under the Privacy Shield to a third party, the third party’s access, use and disclosure of your Personal Information must also be in compliance with our Privacy Shield obligations, and Done recognizes potential liability under the Privacy Shield for failure to do so by the third party. Done is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
    Done’s EU Data Protection Representative
    Individuals and data protection supervisory authorities in the EU may contact our data protection representative according to Article 27 of the European Union’s General Data Protection Regulation (GDPR):
    Contactus@needitpostitdone
    Additional Disclosures for Residents of France
    You have the right to give Done instructions concerning the use of your Personal Information after your death. You can exercise this right by contacting us here.
    Done does not knowingly collect Personal Information from children under 15 years of age in France. The Done Platform is not directed to children under the age of 15 and children under 15 are not permitted to use the Done Platform. If we become aware that we have unknowingly collected Personal Information from a child under the age of 15, we will delete or disable such information. If you are a parent or guardian of a child under the age of 15 and you believe that your child has provided us with Personal Information, please let us know by contacting us.
    Additional Disclosures for Residents of Spain and Italy
    Done does not knowingly collect Personal Information from children under 14 years of age in Spain or Italy. The Done Platform is not directed to children under the age of 14 and children under 14 are not permitted to use the Done Platform. If we become aware that we have unknowingly collected Personal Information from a child under the age of 14, we will delete or disable such information. If you are a parent or guardian of a child under the age of 14 and you believe that your child has provided us with Personal Information, please let us know by contacting us.
    C. Residents of Canada.
    Transfer Of Data. We and our affiliates and Third Party Agents primarily store data about you, including Personal Information, on servers located and operated within the United States. If you reside or are located outside of the U.S., we may send and store your Personal Information (also commonly referred to as personal data) to the U.S. in order to provide and operate the Done Platform. By accepting the terms of this Privacy Policy, you acknowledge the transfer to and processing of your Personal Information on servers located in the U.S.
    Custom Audience. We may use services provided by third-party platforms (such as social networking or other websites) to serve targeted advertisements on such platforms to you, and we may provide a hashed version of your email address or other information to the platform provider for such purposes. To opt-out of the use of your Personal Information for such purposes, please launch the opt-out tool at https://youradchoices.ca/choices.
    Interest-Based Advertising in Canada. For more information about interest-based ads, or to opt out of having your web-browsing information used for behavioral advertising purposes, please visit https://youradchoices.ca/choices.
    To learn more about interest-based advertising in mobile apps and to opt out of this type of advertising by third-party advertising companies that participate in the DAAC’s AppChoices tool, please download the version of AppChoices for your device at https://youradchoices.ca/appchoices/.