General Data Protection Regulation (GDPR) Compliance Statement

Effective Date: May 25, 2018

Carrix, Inc. (“Carrix”) may collect personal and non-personal information on this website. Carrix is committed to protecting the privacy of our users and have created this GDPR Compliance Statement in order to describe and explain to users our information collection practice.

Contact Information

If you have any questions or concerns in connection with Carrix’s information collection practice summarized in this Statement, please send an email to Data.Privacy@Carrix.com stating your questions or concerns. Alternatively, the postal address is:

Carrix, Inc.
Attn: Data Privacy Officer
1131 SW Klickitat Way
Seattle, WA 98134

The Types of Personal Data That We Collect

Carrix may collect personal data from individuals from the European Economic Area (“EEA”) who visit our public-facing web site (“EEA Website Visitors”), and individual representatives of our current and potential corporate customers, suppliers and business partners from the EEA (“EEA Business Contacts”).

From EEA Website Visitors, Carrix may collect the individual’s name, phone number, email address, mailing address and IP address. From EEA Website Visitors applying for employment, Carrix may also collect the individual’s driver’s license number, passport number, social security number, marital status, family member information, financial information and professional career/employment information.

From EEA Business Contacts, Carrix may collect the individual’s name, business phone number, business email address, IP address, company name and company mailing address.

Purposes for the Processing of Personal Data; Legal Basis

Carrix processes the personal data of EU data subjects for the purposes of:

  • Evaluating job candidates for positions for which they have applied;
  • Identifying prospective customers, marketing our services, and building our mailing list for information distribution;
  • Communicating with corporate business partners about business matters and conducting related tasks for legitimate business purposes;
  • Meeting legal or regulatory requirements and Carrix’s internal policies;
  • Other purposes disclosed at the time of collection; and
  • Processing client data as a data processor (i.e., at the direction of our clients, who are the data controllers).

We process personal data provided by EEA Website Visitors and those applying for employment with Carrix on the basis of consent you give to Carrix when you submit the personal data. For all other data subjects, such processing is in the legitimate interest of Carrix and the respective data subject in order to promote a business relationship.

Recipients of Personal Data

We do not sell, rent, share, or otherwise dispose of the personal data collected to third parties. We may, however, disclose your personal data when required by law or in the good-faith belief that such disclosure is necessary to comply with law.

In addition, as a service provider (data processor) to its clients (data controllers), Carrix may be in possession of client data that contains information defined as personal data. In performing these services, Carrix does not process, store, or handle personal data in any other manner other than that directed by the primary data controller. Accordingly, Carrix does not share, uniquely identify, or in any way use personal data for any commercial purpose other than that defined by the controller. In some cases, in accordance with our client agreements, we may disclose personal data with a subcontractor contracted to provide services on our behalf, in order to provide service to our clients.

Transfer of Personal Data to a Third Country

Carrix’s primary business operations are not in the EEA, and as such personal data collected by Carrix may be stored or processed in the United States or in any other country where Carrix or its affiliates, subsidiaries, or third-party service providers maintain facilities. EU data subjects who provide personal data to Carrix consent to the processing and transfer of that data to the United States and other locations outside of the EEA, including to countries with laws that may not provide the same level of protection of personal data.

Carrix may also execute agreements with third parties for the transfer of personal data outside of the EU using European Commission-approved Standard Contract Clauses.

Retention Period

Personal data is retained by Carrix no longer than necessary to fulfil the purposes for which it was collected (e.g., to execute obligations to former employees to provide post-employment benefits) or as agreed upon under applicable contracts with clients or business partners.

Access to, Modification and Deletion of Personal Information

For questions about the collection of personal data by Carrix, or to exercise for legitimate purposes the right to access, correct, update, or delete such, as provided under applicable law, please contact:

Carrix, Inc.
Attn: Data Privacy Officer
1131 SW Klickitat Way
Seattle, WA 98134
Data.Privacy@carrix.com

Please help us to keep your data accurate by informing us of any personal data change promptly.

There may be cases where restrictions on the amount of information that can be disclosed to data subjects under applicable law (for example, if that would necessarily involve disclosing information about another person). Carrix is permitted to withhold some types of personal data in certain circumstances, subject to applicable local law requirements. If there is a dispute, please contact the Carrix privacy officer at the above address. In addition, data subjects have the right to lodge a complaint with a supervisory authority.

Right to Withdraw Consent

Data subjects whose processing is based upon consent may withdraw that consent at any time; however, Carrix will not be able to provide or continue to provide services or marketing communications to the data subject.

Changes to This Statement

We may update this GDPR Compliance Statement to reflect changes to our practices or applicable laws. If we make any updates, we will notify data subjects by means of a notice on this Statement. We encourage EEA Website Visitors, EEA Business Contacts, and others to periodically review this page for the latest information on our privacy practices.