GATEWAY  GLOBAL, LLC

PRIVACY POLICY

1.      Introduction

Gateway Global, LLC (“Gateway”) respects and values the privacy of its customers, partners, visitors, employees, and end users, thereby recognizing the need to protect and manage the personal information it receives on a daily basis. Gateway stands by this Policy in this privacy policy (“Policy”) and is committed to the protection of all personal information in its possession. This Policy explains how Gateway processes and protects personal identifiable information (“Personal Data”), which will either be disclosed by you (“You” or “Your” as applicable) or obtained by Gateway on Your behalf.

The core of Gateway’s services involve the processing of confidential and sensitive information, and/or Personal Data. Such processing requires Gateway to comply with applicable privacy and data protection laws. In particular, when Gateway processes Personal Data of EU citizens, Gateway has a duty to comply with the General Data Protection Regulation (GDPR) established by the EU. The GDPR requires companies to ensure that when Personal Data of EU citizens is transferred out of the EU, it is transferred to a recipient that will adequately protect the Personal Data. In furtherance of this obligation, Gateway will enter into model standard contractual clauses approved by the European Commission (Art. 46 GDPR) (“Standard Contractual Clauses”) because any company that is certified under these frameworks is deemed to have the requisite ‘adequate protection’.

For the purposes of this Policy, Gateway distinguishes between the following categories of individuals that may have their information processed by Gateway:

  • “Customer” means an entity which engages Gateway for technology and telecommunication advisory services;

  • “End User” means any individual who provides data to Customer and is included as an employee or representative with respect to Customer’s account with Gateway;

  • “Partner” means either (i) an individual who has facilitated the relationship between Gateway and Customer, and who may from time to time, with Customer’s consent, access Gateway’s systems to review Customer data or (ii) a provider of telecommunications and technology services; and

  • “Visitor” means an individual that visits www.Gatewayglbl.com.

Gateway may provide technology and telecommunication advisory services (“Services”) to its customers utilizing an on-line portal that provides reports for such Services. All information stored on Gateway’s platform would be treated as confidential, stored securely, and only accessed by authorized personnel. 

2.      International Transfers (Standard Contractual Clauses)

2.1 Notice. Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third parties disclosed above, that are based in other countries. Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that may not provide for the same level of data protection as your jurisdiction. We ensure that the recipient of your Personal Data offers an adequate level of protection, by Gateway entering into the appropriate data processing agreements and, if required, Standard Contractual Clauses for the transfer of data outside of the European Economic Area (EEA) as approved by the European Commission (Art. 46 GDPR).

Whether Gateway collects Personal Data of individuals directly or indirectly, this Policy informs such individuals of the purposes for which Gateway collects and uses Personal Data, including any transfer to Gateway in the U.S., the identity of third parties acting as processors to which Gateway discloses such information, the purposes for which it does so, the means in which Gateway limits the use and disclosure of their Personal Data, and about the right of individuals to access their Personal Data. Notice will be provided to Customers or individuals as appropriate, before Gateway uses the information for any purpose other than to further the legitimate purposes of Gateway.

2.2   Choice. Gateway will offer Partners and Customers, the opportunity to opt-out as to whether Personal Data of their End Users is (a) disclosed to a third party acting as a sub-processor, or (b) used to send email marketing purposes. Gateway will provide Controller and individuals, as applicable, with reasonable mechanisms to exercise their choices.

Gateway respects Your privacy and has no desire to contact You if You do not wish to hear from us. If, for any reason, You wish to cease receiving messages from Gateway please send an email to privacy@Gatewayglbl.com with a subject line of “Unsubscribe”, including any other details that will help Gateway fulfill Your request. Notwithstanding, in the event an individual opts out of receiving emails, Gateway retains and reserves the right to market to the individual using other marketing methods.

2.3   Accountability for Onward Transfer Gateway will obtain assurances from authorized third parties that they will safeguard Personal Data consistent with this Policy and will transfer Personal Data only for limited and specific purposes. Gateway recognizes its responsibility and potential liability for onward transfers to unauthorized third parties. The sub-processors that Gateway engages for support services of which may receive Personal Data, are listed below:

Sub-Processor Country Service

Amazon Web Services Inc. USA Cloud Service Provider

Should Gateway need to designate further sub-processors or make any change to the existing sub-processors, Gateway will modify the above table to reflect such changes.

2.4   Access. Upon request, Gateway will take reasonable steps to permit individuals, whether directly or through the Controller of the Personal Data, to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete or has been processed in violation of this Policy. Gateway may limit an individual’s access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where the legitimate rights of persons other than the individual would be violated.

2.5   Security.  Gateway will take reasonable and appropriate precautions to protect Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.

2.6   Data Integrity and Purpose Limitation. Gateway will use Personal Data only in ways that are compatible with the legitimate purposes for which it was collected. Gateway will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current. Gateway will adhere to this Policy as long as it retains Personal Data received under this Policy.

2.7   Recourse, Enforcement and Liability. Gateway utilizes the self-assessment approach to assure its compliance with this Policy. Gateway periodically verifies that this Policy is accurate, appropriate for the information intended to be covered, prominently displayed, completely implemented, and in conformity with this Policy. Gateway encourages interested persons to raise any concerns with it using the contact information below. Gateway and its dispute resolution provider, will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with this Policy.

2.8   Limitations. Gateway's adherence to this Policy may be limited (a) to the extent necessary to meet applicable national security, public interest, or law enforcement requirements (i.e. in the course of lawful requests by public authorities) (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, an organization can demonstrate that its non-compliance with this Policy is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization; or (c) if the effect of a Directive or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts.

3.      Collection and use

3.1   General. This section addresses how data is collected for Visitors, Partners, End Users and Customers.

3.2   Visitors. If You are a Visitor to Gateway’s website only, and not an End User or a user of Gateway’s platform, then this section applies to You.

By visiting Gateway’s website, You consent to the collection and use of the Personal Data You provide as described herein. If You do not agree with the terms set out herein, please do not visit this website or otherwise provide Gateway’s Your Personal Data. If required by applicable law, Gateway will seek Your explicit consent to process Personal Data collected on this website or volunteered by You. Any consent You provide will be entirely voluntary. However, in the event You do not grant Gateway consent to process Your Personal Data, the use of this website may not be possible.

By using the website and volunteering Your Personal Data, You authorize Gateway to collect, record, and analyze information that You disclose. We may also record Your IP address and use cookies and add information collected by way of pageview activity. Gateway may also collect and process any Personal Data You volunteer to Gateway in our website’s forms for sales and marketing purposes. If You submit Your resumé in response to a job positing, when Gateway evaluates Your candidacy Gateway will not disclose such information to third parties that do not have a need to know. However, Gateway may use Your Personal Data for purposes of furthering Your candidacy. If You provide Gateway with Your social media details, Gateway may retrieve publicly available information about You from social media. In this context, Personal Data may comprise Your IP address, first and last name, postal and email address, telephone number, job title, data for social networks, interest in Gateway products, and certain information about the company You are working for (company name and address), as well as the type of relationship that exists between Gateway and Yourself.

Gateway gathers data about visits to the website, including number of Visitors, geo-location data, length of time spent on the site, pages clicked, or where Visitors have come, etc. Gateway uses the collected data to communicate with Visitors and to improve its website by analyzing how Visitors navigate its website, so it may also share such information with service vendors or contractors in order to provide a better Visitor experience.

3.3   Partners. Partners should be aware that by utilizing the Gateway platform, they could be disclosing information that could make their Personal Data available to Gateway. Gateway will collect Partner’s data for the purpose of enhancing its customer relationships, improving its Services and website experience, making payment to Partner when applicable, and to inform Partners of any updates regarding Gateway, via newsletters or other means of communication.  Partners should be aware that they themselves are responsible for the content they disclose to Gateway. For more detailed information, Partners may contact Gateway at the address below. 

3.4   End Users. End Users should be aware that by being employed by Customer, they have or could be disclosing Personal Data. The security and privacy protection implemented on Gateway’s platform covers this type of transfer or disclosure of Personal Data. Nonetheless, End Users providing any Personal Data to its employers should be aware that they are responsible for the uses of such Personal Data and have rights to withdraw their consent for Gateway to process their Personal Data. End Users have a right to contact their employer or the Customer that is providing End User’s Personal Data. It is the Customer’s responsibility to ensure that collection and processing of data is done in accordance with applicable law. Therefore, Gateway will not process Personal Data of End Users for purposes or by means other than instructed by its Customers. If You wish to inquire about Your Personal Data that may have been collected while Gateway provides Services to Your employer or to Gateway’s Customer, Gateway recommends that You contact Customer that created or sent Your Personal Data. For clarity, Gateway is a Processor with respect to End User Personal Data, so it does not control the Personal Data used or stored in its possession, but rather processes it on behalf of Customer.

3.5   Customers. In order to provide Services to Customers, Gateway needs to collect certain types of data. Most of this data may be deemed Personal Data that Customer collected from its End Users during its ordinary course of business. To be clear, data transferred to Gateway by Customers through direct or indirect means, remains the property of the Customer and will not be shared with a third party by Gateway without express consent from Customer.

3.5.1  Collection of Customer data. Upon Customer’s onboarding process and all throughout the engagement with Gateway, Customers provide data relating to Customer and its End Users, which may include names of employees, company name, email, business address, corporate provided mobile numbers, business telephone numbers, business e-mail, and other relevant data. This information is used by Gateway to identify the Customer and provide them with Services, support, surveys, mailings, sales and marketing actions, billing and to meet contractual obligations. Gateway does not sell, rent, or lease customer lists to third parties.

Gateway Customers may at any time access, create, edit, update or delete their contact details by logging in with their username and password to Gateway’s platform, provided employees of Customer have such permissions. Gateway Customers may create more user accounts with different privilege levels within their account. It is Customer’s responsibility to choose the level of access each user accessing Customer accounts should have. Gateway will not retain Customer data longer than is necessary to fulfill the legitimate interests of Gateway, including but not limited to Gateway’s marketing initiatives. Notwithstanding, Gateway will expunge such data in accordance with its normal operating procedures with respect to data deletion.

3.5.2   Collection of End User data. For purposes of the Services, End User Personal Data used is provided by Customers, so it is the Customer’s responsibility to ensure that collection and processing of data is done in accordance with applicable law. Gateway will not process Personal Data for other purposes or by other means than instructed by its Customers.

The purpose of collecting or processing End User Personal Data would be ancillary to the core Services, but may be necessary for Gateway to provide the Services. For these purposes, Personal Data may include, personal contact information such as name, business address, mobile number, email address, business contact details, country of where End User may access Gateway portal, and other sensitive Personal Data.  

3.5.2.1     Collection of End User data in EEA or Switzerland. For Customers in the EEA or Switzerland, or for Customers providing Personal Data of End Users who are citizens of the EEA, or Switzerland, the Customer will be the “Controller”, as defined in the Directive and the GDPR. The purpose of processing will consequently be defined by Gateway’s Customer. If You or Your organization are required under GDPR to enter into a contract, or other binding legal act under EU or Member State law, with Your data processors, then You must review and accept Gateway’s Data Processing Agreement which governs the transfer of data from the E.U. to U.S. and from Switzerland to the U.S.

3.6   Security. Gateway secures Personal Data from unauthorized access, use or disclosure. When Personal Data is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.

3.7   Geographical location. Gateway’s data center that stores all collected information, whether Visitor, Partner, End User, Customer, is stored in secure hosting facilitates provided by Amazon Web Services located in the United States. No Personal Data is transmitted outside of the U.S., without the proper legal authorization documented by Data Processing Agreements. Gateway has a data processing agreement in place with Amazon Web Services, ensuring compliance with applicable law. All hosting is performed in accordance with the highest security regulations.

3.8   Processing in the EEA and Switzerland. The GDPR (the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data) is the prevailing EU law.

3.9   Cookies

3.9.1         What are Cookies? Modern websites collect certain basic information about users in order to work according to user’s expectations. To do this, sites create small text files that are placed on user’s devices, known as “Cookies”. Cookies are uniquely assigned to each user and can only be read by a web server in the domain that issued the Cookie to the user. Cookies cannot be used to run programs or deliver viruses to a user’s device. Cookies do various jobs which make the user’s experience of the internet much smoother and more interactive by remembering a user’s preferences, which supports navigation between pages. Much of the data collected is anonymous, though some of it is designed to detect browsing patterns and approximate geographical location to improve user experience.

3.9.2         How Gateway uses Cookies. Gateway places Cookies to store and then retrieve small bits of information on Your computer when You visit the Gateway website or portal to ensure that Gateway’s content is tailored to Your specifications, thereby improving the user experience. Amongst other things, the Cookies Gateway use allow Gateway to calculate anonymously website traffic. We may collect the country of origin of users, the screen resolution and what browser is being used to access the website.

3.9.3         We believe that the user experience of the website would be adversely affected if any users opt-out of the Cookies Gateway uses. Nonetheless, Visitors may, at any time, opt-out and prevent the setting of Cookies through Gateway’s website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of Cookies. Furthermore, already set Cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If You deactivate the setting of Cookies in the Internet browser used, not all functions of Gateway’s website may be entirely usable.

3.9.4         Please be aware that while visiting Gateway’s site, users can follow links to other sites that are beyond Gateway’s sphere of influence. Gateway has no control over software, content, promotions, materials, information, goods or services available on these sites. We provide them for Your convenience only and You follow them at Your own risk because Gateway is not responsible for the content of these other sites. Further, You should be aware that any Personal Data You provide to these sites is no longer governed by this Policy.

3.10 Controller. If a Visitor submits Personal Data in conjunction with a resumé or inquiry through the Gateway website, Gateway acts as a Controller in these limited circumstances. Therefore, Gateway will determine how and when to use such data for legitimate business purposes including, but not limited to research, marketing, and billing purposes. 

With respect to End User Personal Data, Customer will be the Controller in accordance with the GDPR because Customer determines the purpose and means of processing End User Personal Data (i.e. provides the Processor instructions as to how and to what extent it can process).

3.11 Processor. With respect to End User Personal Data, Gateway is the Processor and adheres to the GDPR. Gateway only processes data in accordance with Controller’s instructions and applicable law. Gateway adopted reasonable physical, technical and organizational safeguards that substantially mirror the EU safeguards against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customer’s data in Gateway’s possession. Gateway will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s data.

4.      Retention and Deletion

Gateway will retain data only as long as reasonably necessary to fulfill the legitimate purposes of Gateway or as required by applicable law or regulation.  

For End User Personal Data, Gateway’s Customers have control of the purpose for collecting data, and the duration for which the Personal Data may be kept. Customers will therefore have the responsibility to request the deletion of data when required. When a Customer’s account is terminated, all Personal Data collected through the platform that remains active will be deleted, however such information may remain on back-up data for archival purposes. Upon Your request to delete Personal Data, Gateway will honor this request unless deleting such information prevents Gateway from carrying out necessary business functions, including, but not limited to billing for the Services, calculating taxes, or conducting required internal audits, in which case Gateway will delete the requested information in accordance with its data retention policy.

5.      Acceptance of these Conditions

Gateway assumes all Visitors, Partners, End Users, and Customers have carefully read this Policy and agree to its contents. If You do not agree with this Policy, You should refrain from using Gateway’s website and platform. Gateway reserves the right to change its Policy as necessary. Continued use of Gateway’s website and platform after having been informed of any such changes to these conditions implies acceptance of the revised Policy. This Policy is an integral part of Gateway’s terms of use.

6.      Our Legal Obligation to Disclose Personal Data

Gateway will reveal an End User’s Personal Data without his/her prior permission only when there is reason to believe disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to Gateway or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. Gateway is permitted to disclose Personal Data when it has good reason to believe that this is legally required.

7.      Gateway’s Data Protection Officer

Gateway has a Data Protection Officer who can be contacted if You have questions or concerns about processing Your Personal Data.  Gateway and its dispute resolution provider will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with this Policy.

8.      Further Information

If You have further questions regarding data collection, or how Gateway uses it, contact:

Gateway Global, LLC

2 Seaview Blvd., Suite 104

Port Washington, NY 11050

Attn: Chief Privacy Officer

privacy@Gatewayglbl.com

Last updated: March 8, 2022

Supplemental Privacy Policy for California Residents

 

This section applies only to California consumers. It describes how Gateway collects, uses, and shares California consumers' Personal Information in Gateway’s role as a service provider, and the rights applicable to such residents. If you are unable to access this Privacy Policy due to a disability or any physical or mental impairment, please contact Gateway, so Gateway can supply you with the information you need in an alternative format that you can access.

For purposes of this section "Personal Information" has the meaning given in the California Consumer Privacy Act Cal. Civ. Code § 1798.100 et seq., and its implementing regulations (“CCPA”). 

How Gateway Collects, Uses, and Shares your Personal Information

Gateway may have collected the following statutory categories of Personal Information in the past twelve (12) months if you are a Visitor:

  • Identifiers, such as name, e-mail address, mailing address, and phone number. Gateway collects this information directly from you or from third party sources.

  • Geolocation data, such as IP address. We collect this information from your device

Gateway may have collected the following statutory categories of Personal Information if you are an employee of an Gateway customer:

  • Mobile numbers, bulk usage data, number of minutes, number of message, the amount of data used collectively, employee ID assigned by company (may be email in some cases or an HR record ID), employee first, middle and last name, employee company email address, employee shipping address (business or home if employee asks for device to be shipped to residence), employee business phone number, employee department name, employee’s managers name, employee’s job title, employee cost center, employee device make, model, IMEI and serial number, carrier plans assigned to employees’ lines of service for voice, data, text, international and features, whether or not employee is considered a VIP or not;, employee’s admin for delegated request management, employee security profile information including rights and access to Gateway data, audio recordings of employee calls into the help desk, employee employment status (active, on leave, or terminated); and

  • Other personal information, in instances when you interact with Gateway online, by phone or mail in the context of receiving help through our help desks or other support channels; participation in customer surveys or contests; or in providing the Subscription Service. 

The business and commercial purposes for which we collect this information are described in Section 3 of the Privacy Policy. The third-party sub-processors, in which Gateway "disclose" the above information for a legitimate business purpose, are described in Section 2.3 of the Policy.

Your California Rights

You have certain rights regarding the Personal Information Gateway collects or maintains about you. Please note these rights are not absolute, and there may be cases when Gateway declines your request as permitted by law.

The right of access means that you have the right to request Gateway to disclose what Personal Information Gateway has collected, used and disclosed about you in the past 12 months. 

The right of deletion means that you have the right to request Gateway to delete Personal Information collected or maintained by us, subject to certain exceptions. 

The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights. 

Gateway does not sell Personal Information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018). 

How to Exercise your California Rights

You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, Gateway will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Information. 

Please use the contact details below, if you would like to: 

  • Access this policy in an alternative format;

  • Exercise your rights;

  • Learn more about your rights or our privacy practices; or

  • Designate an authorized agent to make a request on your behalf.

E-mail: privacy@Gatewayglbl.com.