Services: Because Branch is a service provider (acting as a data processor) that processes data on behalf of its Clients (acting as data controllers), any requests relating to European and United Kingdom Users’ exercise of their Personal Data rights under the European General Data Protection Regulation, or equivalent requirements in the United Kingdom including the Data Protection Act 2018 and the United Kingdom General Data Protection Regulation, must be provided to Branch by a Client. Clients can notify Branch of these requests here.

Moreover, Branch supports functionality to allow Clients to respect granular controls regarding User data privacy rights. Clients can flag in the Branch SDK that a particular User has requested that their data not be processed by Branch, in which case Branch will no longer process engagement data on behalf of the Client for that User.

Website and Business Contacts: Under applicable law, Branch is the data controller of Personal Data we collect from the Website and from offline sources and service providers for marketing purposes. Website Users and others who are residents of the European Economic Area or United Kingdom may (1) seek confirmation regarding whether Branch is processing Personal Data about you, (2) request access to such data, (3) ask that we correct, amend, or delete it where it is inaccurate, (4) ask us to restrict how we process and disclose certain of your Personal Data, (5) transfer your Personal Data to a third party, or (6) revoke consent for the processing of your Personal Data (if your consent is the legal basis we rely on to process your Personal Data).

You can submit such requests at https://privacy.branch.io/hc/en-us/requests/new, which will be processed in line with applicable law. Although we make good faith efforts to provide you with access to your Personal Data, there may be circumstances in which we are unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where it is commercially proprietary. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Data.

Residents of the European Economic Area and United Kingdom have the right to file a complaint regarding their Personal Data directly with the appropriate data protection authority. For information on who those parties are and how they can be reached please go to http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for EU residents and https://ico.org.uk/ for residents of the United Kingdom.