Privacy Policy

1. Introduction and Scope

Vertali Group ("we," "our," "us," or "Vertali Group") is committed to protecting the privacy and confidentiality of personal information collected, used, disclosed, and otherwise processed in connection with the Vertali Group Festive Leave Application ("Service" or "Application"). This Privacy Policy ("Policy") describes our practices regarding the collection, use, disclosure, retention, and protection of personal information that we obtain through the Service.

This Policy applies to all users of the Service, including but not limited to authorized streamers, administrative personnel, and any other individuals who access, use, or otherwise interact with the Service. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with this Policy, you must immediately discontinue your use of the Service.

This Policy is incorporated by reference into the Terms & Conditions of Use and should be read in conjunction therewith. Capitalized terms used but not defined in this Policy shall have the meanings ascribed to them in the Terms & Conditions of Use.

2. Definitions

For purposes of this Policy, the following definitions shall apply:

• "Personal Information" or "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"), including but not limited to information that can be used to identify, contact, or locate an individual, either alone or in combination with other information.
• "Processing" means any operation or set of operations performed on personal information, whether or not by automated means, including but not limited to collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction.
• "Data Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal information. For purposes of this Policy, Vertali Group is the Data Controller.
• "Data Processor" means a natural or legal person, public authority, agency, or other body which processes personal information on behalf of the Data Controller.
• "Data Subject" means the natural person to whom personal information relates.
• "Consent" means any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal information relating to him or her.
• "Sensitive Personal Information" means personal information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation.

The definitions set forth above are intended to be consistent with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy legislation. Where conflicts arise between definitions, the most restrictive definition shall apply.

3. Information We Collect

Vertali Group collects, processes, and stores various categories of personal information in connection with the Service. The types of personal information we collect depend on how you interact with the Service and may include, but are not limited to, the following:

3.1. Information You Provide Directly

We collect personal information that you voluntarily provide to us when you use the Service, including but not limited to:

• Identity Information: Your full name, email address, streamer ID or channel name, username, or other identifiers that you provide to us;
• Contact Information: Your email address, mailing address, telephone number, or other contact information that you provide to us;
• Application Information: Information contained in your leave applications, including but not limited to requested leave dates, duration of leave, reasons for leave, purpose of leave, destination (if applicable), and any additional notes, comments, or information that you provide in connection with your application;
• Support Information: Information that you provide when you contact us for support, including but not limited to questions, comments, complaints, or requests that you submit to us;
• Access Code Information: Information that you provide in connection with obtaining or maintaining an access code, including but not limited to your identity, contact information, and relationship with Vertali Group;
• Verification Information: Information that you provide in response to verification requests, audits, or inquiries from Vertali Group or its authorized representatives, including but not limited to supporting documentation, certificates, receipts, invoices, tickets, or other evidence;
• Account Information: Information that you provide in connection with creating, maintaining, or updating your account or profile, including but not limited to preferences, settings, or other information that you choose to provide.

3.2. Information We Collect Automatically

When you access or use the Service, we automatically collect certain technical information about your device, browser, and usage of the Service, including but not limited to:

• Log Information: Information that is automatically recorded by our servers when you access the Service, including but not limited to your IP address, browser type, browser version, device type, device model, operating system, operating system version, language preferences, time zone, and referring website addresses;
• Usage Information: Information about how you use the Service, including but not limited to pages visited, features used, actions taken, time spent on pages, clickstream data, navigation patterns, and other usage statistics;
• Session Information: Information about your session, including but not limited to session identifiers, session tokens, authentication status, login times, logout times, and session duration;
• Technical Information: Information about your device and browser, including but not limited to screen resolution, color depth, JavaScript support, cookie support, plug-ins, fonts, and other technical capabilities;
• Error Information: Information about errors or exceptions that occur when you use the Service, including but not limited to error messages, stack traces, and debugging information;
• Performance Information: Information about the performance of the Service, including but not limited to page load times, response times, and other performance metrics.

3.3. Information We Collect from Third Parties

We may collect personal information about you from third parties in connection with verification, audit, or investigation activities, including but not limited to:

• Verification Services: Information obtained from third-party verification services, investigators, or other agents engaged to verify information provided by you;
• Public Records: Information obtained from public records, databases, or other publicly available sources;
• Business Partners: Information obtained from business partners, service providers, or other third parties with whom we have relationships;
• Government Agencies: Information obtained from government agencies, regulatory bodies, or other public authorities, where permitted by law;
• Other Sources: Information obtained from other sources that we believe are reliable and that we use in accordance with applicable law.

3.4. Sensitive Personal Information

We may collect sensitive personal information in connection with leave applications, including but not limited to information about your health, medical conditions, family circumstances, or other sensitive matters that you choose to disclose in connection with your application. We process sensitive personal information only to the extent necessary to process your leave application and in accordance with applicable law.

By providing sensitive personal information to us, you consent to our processing of such information in accordance with this Policy. If you do not wish to provide sensitive personal information, you may choose not to disclose such information, but this may affect our ability to process your leave application.

4. Legal Basis for Processing

We process your personal information based on the following legal grounds, as applicable under relevant data protection laws:

• Contractual Necessity: Processing is necessary to fulfill our contractual obligations with you as a Vertali Group streamer or authorized user, including but not limited to processing leave applications, managing your account, and providing access to the Service;
• Legitimate Interests: Processing is necessary for our legitimate business interests, including but not limited to managing leave applications, ensuring security, preventing fraud, improving the Service, and complying with legal obligations;
• Legal Obligation: Processing is required to comply with legal obligations, including but not limited to employment law requirements, tax obligations, regulatory requirements, and court orders or legal process;
• Consent: Processing is based on your explicit consent, where required by applicable law, including but not limited to processing of sensitive personal information or marketing communications;
• Vital Interests: Processing is necessary to protect the vital interests of you or another natural person, including but not limited to emergency situations or health and safety concerns;
• Public Interest: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, where applicable.

We will process your personal information only to the extent necessary for the purposes set forth in this Policy and in accordance with applicable law. We will not process your personal information for purposes incompatible with the purposes set forth in this Policy without your prior consent, except as required by law.

5. How We Use Your Information

We use the personal information we collect for the following purposes:

5.1. Service Provision

• Processing and managing your leave applications, including but not limited to reviewing, approving, or denying applications;
• Providing you with access to the Service and enabling you to use the Service's features and functionality;
• Authenticating your identity and verifying your eligibility to use the Service;
• Managing your account, access code, and preferences;
• Communicating with you regarding your leave applications, account status, or other matters related to the Service;
• Responding to your inquiries, requests, complaints, or other communications;
• Providing you with support and assistance in connection with the Service.

5.2. Verification and Audit

• Verifying the accuracy, completeness, and truthfulness of information provided by you in connection with the Service;
• Conducting background checks, reference verification, employment verification, and other verification activities;
• Auditing and reviewing applications, accounts, and usage of the Service;
• Investigating suspected fraud, misrepresentation, or other violations of the Terms & Conditions of Use;
• Preventing, detecting, and responding to security threats, fraud, or other illegal activities.

5.3. Security and Compliance

• Ensuring the security, integrity, and availability of the Service and our systems;
• Protecting against unauthorized access, use, disclosure, alteration, or destruction of personal information;
• Complying with legal obligations, including but not limited to employment law requirements, tax obligations, and regulatory requirements;
• Responding to legal process, court orders, subpoenas, or other legal requests;
• Enforcing our rights, including but not limited to our rights under the Terms & Conditions of Use;
• Protecting the rights, property, or safety of Vertali Group, our users, or third parties.

5.4. Service Improvement

• Analyzing usage patterns, trends, and statistics to improve the Service;
• Developing new features, functionality, or services;
• Conducting research and analysis to improve user experience;
• Testing, debugging, and troubleshooting the Service;
• Monitoring and improving the performance, reliability, and availability of the Service.

5.5. Business Operations

• Managing our business operations, including but not limited to record-keeping, accounting, and administrative functions;
• Maintaining records for administrative, compliance, and legal purposes;
• Managing relationships with users, business partners, and service providers;
• Planning and executing business strategies, including but not limited to mergers, acquisitions, or other business transactions.

6. Data Sharing and Disclosure

We do not sell, rent, lease, or otherwise commercialize your personal information to third parties. We may share or disclose your personal information in the following circumstances:

6.1. Within Vertali Group

We may share your personal information within Vertali Group, including but not limited to our affiliates, subsidiaries, parent companies, and related entities, for purposes consistent with this Policy, including but not limited to processing leave applications, managing accounts, ensuring security, and complying with legal obligations.

6.2. With Authorized Personnel

We may share your personal information with authorized personnel of Vertali Group, including but not limited to management, administrative staff, human resources personnel, legal counsel, and other employees or agents who need access to such information to perform their duties in connection with the Service.

6.3. With Service Providers

We may share your personal information with third-party service providers, contractors, or agents who perform services on our behalf, including but not limited to hosting providers, cloud service providers, data analytics providers, verification services, payment processors, and other service providers. These service providers are contractually obligated to protect your personal information and may only use it for the purposes for which it was disclosed.

6.4. Legal Requirements

We may disclose your personal information if required to do so by law, regulation, court order, subpoena, or other legal process, or if we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations or respond to legal process;
• Enforce our rights, including but not limited to our rights under the Terms & Conditions of Use;
• Protect the rights, property, or safety of Vertali Group, our users, or third parties;
• Prevent or investigate suspected fraud, misrepresentation, or other illegal activities;
• Respond to government requests or inquiries;
• Comply with employment law requirements or other regulatory obligations.

6.5. Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or other business transaction involving Vertali Group, your personal information may be transferred to the acquiring entity or successor entity as part of such transaction. We will notify you of any such transfer and provide you with an opportunity to opt out, where required by law.

6.6. With Your Consent

We may share your personal information with third parties with your explicit consent or at your direction, including but not limited to sharing information with employers, educational institutions, healthcare providers, or other third parties that you authorize.

7. Data Security Measures

We implement comprehensive technical and organizational measures to protect your personal information against unauthorized access, use, disclosure, alteration, or destruction, including but not limited to:

• Encryption: We use industry-standard encryption protocols to protect data in transit and at rest, including but not limited to Transport Layer Security (TLS), Secure Sockets Layer (SSL), and Advanced Encryption Standard (AES);
• Access Controls: We implement strict access controls, including but not limited to authentication, authorization, role-based access control, and multi-factor authentication, to ensure that only authorized personnel can access your personal information;
• Secure Storage: We store personal information on secure servers with restricted physical and digital access, including but not limited to firewalls, intrusion detection systems, and security monitoring;
• Regular Audits: We conduct regular security audits, vulnerability assessments, and penetration testing to identify and address security vulnerabilities;
• Employee Training: We provide regular training to employees and agents on data protection, security best practices, and privacy policies;
• Incident Response: We have procedures in place to detect, respond to, and recover from security incidents, including but not limited to data breaches, cyberattacks, or other security threats;
• Backup Systems: We maintain regular backups of data to prevent data loss and ensure business continuity;
• Data Minimization: We collect and retain only the personal information necessary for the purposes set forth in this Policy;
• Data Segregation: We segregate personal information by purpose, sensitivity, and retention requirements to minimize risks;
• Monitoring and Logging: We monitor and log access to personal information to detect unauthorized access or suspicious activity.

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. You acknowledge and agree that you use the Service at your own risk and that Vertali Group shall not be liable for any unauthorized access, use, disclosure, alteration, or destruction of your personal information, except to the extent such unauthorized access, use, disclosure, alteration, or destruction results directly from Vertali Group's gross negligence or willful misconduct.

In the event of a security incident that may affect your personal information, we will notify you and, where required by law, the relevant supervisory authority, without undue delay and in accordance with applicable data protection laws.

8. Your Privacy Rights

Under applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy legislation, you have certain rights regarding your personal information. These rights may include, but are not limited to:

8.1. Right of Access

You have the right to request access to your personal information and to receive a copy of the personal information we hold about you, including but not limited to information about the purposes of processing, categories of personal information, recipients of personal information, retention periods, and your rights regarding such information.

8.2. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal information. We will correct inaccurate or incomplete information promptly upon receiving your request, subject to verification of your identity and the accuracy of the corrected information.

8.3. Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal information in certain circumstances, including but not limited to where the personal information is no longer necessary for the purposes for which it was collected, where you withdraw consent and there is no other legal basis for processing, or where the personal information has been unlawfully processed. However, we may retain certain personal information where required by law, including but not limited to employment law requirements, tax obligations, or regulatory requirements.

8.4. Right to Restrict Processing

You have the right to request restriction of processing of your personal information in certain circumstances, including but not limited to where you contest the accuracy of the personal information, where the processing is unlawful, or where you have objected to processing pending verification of overriding legitimate grounds.

8.5. Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit such information to another controller, where technically feasible, in certain circumstances, including but not limited to where the processing is based on consent or contractual necessity.

8.6. Right to Object

You have the right to object to processing of your personal information based on legitimate interests or for direct marketing purposes. We will cease processing your personal information for such purposes unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defense of legal claims.

8.7. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you, except in certain circumstances, including but not limited to where such processing is necessary for entering into or performance of a contract, where authorized by law, or where based on your explicit consent.

8.8. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8.9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal information violates applicable data protection laws. In the United States, you may contact the Federal Trade Commission (FTC) or your state's attorney general. In the European Union, you may contact the supervisory authority in your member state.

8.10. How to Exercise Your Rights

To exercise any of your privacy rights, please contact us using the contact information provided in Section 12 below. We will respond to your request within one (1) month of receipt, though this period may be extended by two (2) further months where necessary, considering the complexity and number of requests. We may require you to provide proof of identity before processing your request to ensure the security of your personal information.

We may charge a reasonable fee for repetitive, unfounded, or excessive requests, or we may refuse to act on such requests, in accordance with applicable law. We will inform you of any such fee or refusal and provide you with an explanation of our decision.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes set forth in this Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on the following factors:

• Purpose of Processing: We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including but not limited to processing leave applications, managing accounts, and providing access to the Service;
• Legal and Regulatory Requirements: We retain personal information for as long as required by applicable law, including but not limited to employment law requirements, tax obligations, regulatory requirements, and statute of limitations for potential legal claims;
• Operational and Business Needs: We retain personal information for as long as necessary for operational and business purposes, including but not limited to record-keeping, accounting, and administrative functions;
• Contractual Obligations: We retain personal information for as long as necessary to fulfill contractual obligations with you or third parties;
• Dispute Resolution: We retain personal information for as long as necessary to resolve disputes, enforce agreements, or defend against legal claims;
• Consent: We retain personal information for as long as you maintain your consent, where processing is based on consent.

When personal information is no longer necessary for the purposes set forth in this Policy, we will securely delete or anonymize such information in accordance with our data retention policies and applicable law. However, we may retain certain personal information in anonymized or aggregated form for statistical, research, or other legitimate business purposes, where such retention does not identify you personally.

If you wish to request deletion of your personal information, please contact us using the contact information provided in Section 12 below. We will process your request in accordance with applicable law and this Policy, subject to our right to retain certain information where required by law or for legitimate business purposes.

10. Cookies and Tracking Technologies

The Service uses session-based authentication and does not employ persistent cookies for tracking purposes. However, we may use certain technical mechanisms to enable the Service to function properly, including but not limited to:

• Session Cookies: Temporary cookies that are stored in your browser's memory and are deleted when you close your browser. These cookies are used solely for authentication and session management purposes and do not contain personal information;
• Server-Side Sessions: Session data stored on our servers that is used to maintain your authentication status and session state while you use the Service;
• Log Files: Server logs that record information about your access to the Service, including but not limited to IP addresses, browser types, access times, and pages visited;
• Technical Identifiers: Technical identifiers that are used to track your session and maintain your authentication status, but that do not personally identify you.

We do not use cookies, tracking pixels, web beacons, or other tracking technologies for advertising, marketing, or third-party tracking purposes. We do not share your information with third parties for advertising or marketing purposes.

You may configure your browser to refuse cookies or to alert you when cookies are being sent. However, if you refuse cookies, you may not be able to use certain features of the Service, including but not limited to authentication and session management.

11. International Data Transfers

Your personal information is primarily processed and stored within the United States of America. However, in certain circumstances, we may transfer your personal information to countries outside the United States, including but not limited to countries within the European Economic Area (EEA) or other jurisdictions.

When we transfer personal information to countries outside the United States, we ensure that appropriate safeguards are in place to protect your personal information in accordance with applicable data protection laws, including but not limited to:

• Standard Contractual Clauses: We may use standard contractual clauses approved by the European Commission or other supervisory authorities to ensure adequate protection of personal information;
• Adequacy Decisions: We may transfer personal information to countries that have been determined to provide adequate protection by the European Commission or other supervisory authorities;
• Binding Corporate Rules: We may implement binding corporate rules to ensure consistent protection of personal information across our organization;
• Consent: We may transfer personal information with your explicit consent, where required by applicable law;
• Other Safeguards: We may implement other appropriate safeguards as required by applicable data protection laws.

By using the Service, you consent to the transfer of your personal information to countries outside the United States in accordance with this Policy and applicable data protection laws. If you have questions or concerns about international data transfers, please contact us using the contact information provided in Section 12 below.

12. Children's Privacy

The Service is not intended for use by individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children under the age of 18. If you are under the age of 18, you must not use the Service or provide any personal information to us.

If we become aware that we have collected personal information from a child under the age of 18 without parental consent, we will take steps to delete such information promptly. If you believe that we have collected personal information from a child under the age of 18, please contact us immediately using the contact information provided in Section 13 below.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us using the contact information provided in Section 13 below, and we will take steps to delete such information promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes to this Policy by posting the updated Policy on the Service and updating the "Last Updated" date at the top of this Policy. We may also notify you of material changes via email or other means, where required by law or where we deem it appropriate.

Your continued use of the Service following any changes to this Policy constitutes your acceptance of such changes. If you do not agree to any changes to this Policy, you must immediately discontinue your use of the Service and contact us to request deletion of your personal information, subject to our right to retain certain information where required by law.

We encourage you to review this Policy periodically to stay informed about how we collect, use, disclose, and protect your personal information. The "Last Updated" date at the top of this Policy indicates when this Policy was last revised.

14. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights, please contact us at:

We will use reasonable efforts to respond to your inquiries, requests, or complaints within one (1) month of receipt, though this period may be extended by two (2) further months where necessary, considering the complexity and number of requests. We may require you to provide proof of identity before processing your request to ensure the security of your personal information.

15. Acknowledgment

BY ACCESSING OR USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH THIS POLICY, YOU MUST IMMEDIATELY DISCONTINUE YOUR USE OF THE SERVICE.

You further acknowledge that you understand how we collect, use, disclose, and protect your personal information, and you consent to such practices as described in this Policy. If you have any questions or concerns about this Policy, please contact us using the contact information provided in Section 14 above.