Last Updated May 25th, 2018
At Crater, we see privacy as essential to communication. CRATER has carefully implemented privacy by design and default. We ensure that personal information is properly protected. Our systems have protection designed into them and access to data is strictly controlled and only given when required.
What we do with your personally identifiable information
It is always up to you whether to disclose personally identifiable information to us, although if you elect not to do so, we reserve the right not to register you as a user or provide you with any products or services. “Personally identifiable information” means information that can be used to identify you as an individual, such as:
- your name, company, email address, phone number, billing address, and shipping address
- your Crater username and password
- credit card information
- any account-preference information you provide us
- your computer’s domain name and IP address, indicating where your computer is located on the Internet
- session data for your login session, so that our computer can “talk” to yours while you are logged in
- your name, email address, and phone number
- your origin and destination home addresses, if provided
- your computer’s domain name and IP address, indicating where your computer is located on the Internet
- credit card information, if applicable
- video and still images of you and your household goods items
If you do provide personally identifiable information to us, either directly or through a reseller or other business partner, we will:
- not sell or rent it to a third party without your permission—although unless you opt out (see below), we may use your contact information to provide you with information we believe you need to know or may find useful, such as news about our services and products and modifications to the Terms of Service;
- take commercially reasonable precautions to protect the information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction;
- not use or disclose the information except:
- as necessary to provide services or products you have ordered, such as providing it to a carrier to deliver products you have ordered;
- in the aggregate with other information in such a way so that your identity cannot reasonably be determined (for example, statistical compilations);
- as required by law, for example, in response to a subpoena or search warrant;
- to outside auditors who have agreed to keep the information confidential;
- as necessary to enforce the Terms of Service;
- as necessary to protect the rights, safety, or property of Crater, its users, or others; this may include exchanging information with other organizations for fraud protection and/or risk reduction.
Other information we collect
We may collect other information that cannot be readily used to identify you, such as the domain name and IP address of your computer. We may use this information, individually or in the aggregate, for technical administration of our website(s); research and development; customer- and account administration; and to help us focus our marketing efforts more precisely.
Crater uses “cookies” to store personal data on your computer. We may also link information stored on your computer in cookies with personal data about specific individuals stored on our servers. If you set up your web browser (for example, Google Chrome or Mozilla Firefox) so that cookies are not allowed, you might not be able to use some or all of the features of our website(s).
- Necessary purposes: To let you login and to ensure site security. Without this type of technology, our Services won’t work properly or won’t be able to provide certain features and functionalities.
- Performance purposes: To analyse how visitors use a website, in order to provide a better user experience. We also use tracking to check if you have opened our emails, so we can see if they are being delivered correctly.
- Personalisation purposes To remember choices you have made — such as language or region.
How to manage & remove cookies
If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. The Help menu on the menu bar of most browsers also tells you how to prevent your browser from accepting new cookies, how to delete old cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether.
You can also visit http://www.aboutcookies.org for more information on how to manage and remove cookies across a number of different internet browsers.
External data storage sites
We may store your data on servers provided by third party hosting vendors with whom we have contracted.
Your privacy responsibilities
To help protect your privacy, be sure:
- not to share your username or password with anyone else;
- to log off the Crater website when you are finished;
- to take customary precautions to guard against “malware” (viruses, Trojan horses, bots, etc.), for example by installing and updating suitable anti-virus software.
Information collected from children
You must be at least 16 years old to use Crater’s website(s) and service(s). Crater does not knowingly collect information from children under 16. (See the U.S. Children’s Online Privacy Protection Act.)
European Union Data Protection Directive
The Article 29 Working Party, set up under the E.U. Data Protection Directive of the European Parliament and of the Council, is made up of representatives from the data protection authorities of all E.U. Member States and from the European Commission.
All data on our website(s) and service(s) is stored on Amazon Web Services (“AWS”) servers. The Article 29 Working Party has:
- approved the AWS Data Processing Agreement which includes the Model Clauses, and
- found that the AWS Data Processing Agreement meets the requirements of the Directive with respect to Model Clauses.
This means that the AWS Data Processing Agreement is not considered “ad hoc”. For more information on E.U. Data Protection on AWS, visit: aws.amazon.com/compliance/eu-data-protection.
The Luxembourg Data Protection Authority (“CNPD”) acted as the lead authority on behalf of the in accordance with procedure of the Article 29 Working Party. For more detail on the approval of the AWS Data Processing Agreement from the Article 29 Working Party, visit:
Having signed the Data Processing Addendum, we (Crater) are also a part of the agreement with E.U. Model Contract Clauses.
Compliance with EU-U.S. Privacy Shield
Collection, Use, and Onward Transfer of Personal Data
Crater collects, uses, and discloses EU and Swiss Personal Information relating to customers and clients for the purposes of providing virtual survey and cubing services. We may provide this personal information only to contracted third parties for the same purpose of providing survey and cubing services. Such third parties include contracted surveyors and cubers. If we transfer personal information received under the Privacy Shield to a third party, the third party’s access, use, and disclosure of the personal data must also be in compliance with our Privacy Shield obligations, and we will remain liable under the Privacy Shield for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage. We may also be required to disclose personal information that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Means for Individuals to Limit Use and Disclosure of Personal Data
With respect to Personal Data we may share with our third parties, we provide customers and clients an opportunity to opt-out of such sharing. Please email us at email@example.com if you would like to opt-out. We do not use Personal Data for purposes incompatible with the purposes for which the information was originally collected. Should you opt-out as described above, Crater may not be able to provide you with the services you have requested or access certain features of your system.
Rights of Access to Personal Data
Individuals may obtain access to EU and Swiss Personal Data about them that Crater holds. For this purpose, “access” means the individual’s right to: (i) obtain from Crater confirmation of whether or not Crater is processing Personal Data relating to them; (ii) have communicated to them Personal Data relating to them so that they can verify its accuracy and lawfulness of the processing; and (iii) have the Personal Data corrected, amended, or deleted where it is inaccurate or processed in violation of the Principles. Individuals may request access to their Personal Data by contacting firstname.lastname@example.org.
Inquiries and Complaint Handling
In compliance with the Privacy Shield Principles, Crater commits to resolve complaints about our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at email@example.com. Crater has further committed to refer unresolved Privacy Shield complaints to BBB EU Privacy Shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit BBB EU Privacy Shield for more information or to file a complaint. Their services are at no cost to you. To learn more about BBB EU Privacy Shield dispute resolution or to refer a complaint visit here.
Invoking Binding Arbitration
Individuals have the right, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information on binding arbitration visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Federal Trade Commission Jurisdiction
The Federal Trade Commission (FTC) has jurisdiction over Crater’s compliance with the Privacy Shield. We may be required to disclose personal information that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Questions or comments?