Data Subject Rights – EU
Services: Because Branch is a vendor (acting as a data processor) that processes data on behalf of its Clients (acting as data controllers), any requests relating to European and United Kingdom Users’ exercise of their Personal Data rights under the European General Data Protection Regulation, or equivalent requirements in the United Kingdom including the Data Protection Act 2018 and the United Kingdom General Data Protection Regulation, must be provided to Branch by a Client. Clients can notify Branch of these requests here.
Moreover, Branch supports functionality to allow Clients to respect granular controls regarding User data privacy rights. Clients can flag in the Branch SDK that a particular User has requested that their data not be processed by Branch, in which case Branch will no longer process engagement data on behalf of the Client for that User.
Website and Business Contacts: Under applicable law, Branch is the data controller of Personal Data we collect from the Website and from offline sources and vendors for marketing purposes. The laws of some jurisdictions such as the laws of the European Economic Area and the United Kingdom require data controllers to tell you about the legal ground that they rely on for using, sharing, or disclosing of your information. To the extent those laws apply, our legal grounds are as follows:
- Contractual Commitments: We may use, share, or disclose information to honor our contractual commitments to you. For example, we will process your Personal Data to comply with our agreements with you, and to honor our commitments in any contracts that we have with you.
- With Your Consent: Where required by law, and in some other cases, we use, share, or disclose information on the basis of your consent.
- Legitimate Interests: In many cases, we use, share, or disclose information on the ground that it furthers our legitimate business interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, such as customer service, certain promotional activities, analyzing and improving our business, providing security for the Services, preventing fraud, and managing legal issues.
- Legal Compliance: We need to use, share, and disclose information in certain ways to comply with our legal obligations.
Website Users and others who are residents of the European Economic Area or United Kingdom may (1) seek confirmation regarding whether Branch is processing Personal Data about you, (2) request access to such data, (3) ask that we correct, amend, or delete it where it is inaccurate, (4) ask us to restrict how we process and disclose certain of your Personal Data, (5) transfer your Personal Data to another party, or (6) revoke consent for the processing of your Personal Data (if your consent is the legal basis we rely on to process your Personal Data).
You can submit such requests at https://preferences.branch.io/, which will be processed in line with applicable law. Although we make good faith efforts to provide you with access to your Personal Data, there may be circumstances in which we are unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where it is commercially proprietary. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Data.
Residents of the European Economic Area and United Kingdom have the right to file a complaint regarding their Personal Data directly with the appropriate data protection authority. For information on who those parties are and how they can be reached please go to http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for EU residents and https://ico.org.uk/ for residents of the United Kingdom.