GDPR Privacy Notice

Last Update: 11-July-2023


If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), you may have additional rights with respect to your personal data under the EU General Data Protection Regulation (“EU GDPR”), and the EU GDPR as saved into United Kingdom law by the United Kingdom’s European Union (Withdrawal) Act 2018 (“UK GDPR” and together with the EU GDPR, the “GDPR”), as set forth in this GDPR Privacy Notice (the “GDPR Notice”). This GPDR Notice applies to your personal data (as defined in the GDPR) that we collect or otherwise obtain on our Digital Properties.

For the purposes of the GDPR, TARTLE PBC is the controller of your personal data.

1. Lawful Basis for Processing Your Personal Data

We will only process (as defined in the GDPR) your personal data if we have a lawful basis for doing so. Under the GDPR, the lawful bases we rely on for processing your information are:

  • Your Consent: In some cases, we process personal data based on the consent you expressly grant to us at the time we collect such data. When we process personal data based on your consent, it will be expressly indicated to you at the point and time of collection. You can remove your consent at any time by contacting us via email at [email protected] with the subject line “GDPR Request.”
  • We Have a Contractual Obligation: We may process your personal data as a matter of “contractual necessity,” meaning that we need to process the data to provide the Services under our Terms of Use. When we process data due to contractual necessity, failure to provide such personal data will result in your inability to receive the services that require such data.
  • We Have a Legitimate Interest: We process your personal data when we believe it furthers the legitimate interests of us or third parties. Our legitimate interests are:
    • Information Security;
    • Operation and Improvement of our Digital Properties;
    • Audience Measurement and Marketing;
    • Direct Marketing, where we otherwise are not required to seek consent;
    • General Business Development and Management; and
    • Protection or Enforcement of Rights.
  • We Have a Legal Obligation: We may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

3. Your Data Protection Rights

You have certain rights with respect to your personal data, including those set forth below. For more information about these rights, or to submit a request, please email us at [email protected] with the subject line “GDPR Request.” You are not required to pay any charge for exercising your rights. Where we are acting as a data controller of your personal data, there may be circumstances where we are not able to fully comply with your request, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.

  • Right of access: You can request more information about the personal data we hold about you and request a copy of such personal data.
  • Right to rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
  • Right to erasure: You can request that we erase some or all of your personal data from our systems.
  • Right to restriction of processing: You have the right to ask us to restrict the processing of your personal data.
  • Right to object to processing: You have the right to object to the processing of your personal data in certain circumstances.
  • Right to data portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
  • Right to withdraw consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time.
  • Objecting to Legitimate Interest/Direct Marketing: You may object to the processing of personal data pursuant to our legitimate interests. In such a case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing, or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to [email protected] with the subject line “GDPR Request.” In such case, your personal data will no longer be used for that purpose.
Where we are acting as a data controller for your personal data, we will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Please note that all of these rights are subject to applicable exemptions and restrictions, and are not absolute rights.

4. How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us at [email protected] with the subject line “GDPR Request.”

You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority of the European state where you work or live or where any alleged violation of data protection laws occurred. A list of most of the supervisory authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. The details of the UK authority can be found at https://ico.org.uk/make-a-complaint/.

5. Transfers of personal data

We are based in the United States. Due to this, you transfer your personal data directly to us in the United States. We may further transfer your personal data outside the EEA and/or the UK. Because the United States and other recipient countries may not provide the same protections as the data protection laws where you are based, we will employ safeguards to afford adequate protection for your personal data, including through the use of the EU Commission-approved or UK Secretary of State-approved (as applicable) standard contractual clauses. For more information about how we transfer personal data internationally, please contact us at [email protected].

5. Data Protection Representatives

We have appointed the following Representatives:
EU Representative:
Raymond Poincaré
Fort de Brégançon, Bormes-les-Mimosas 83019 France
[email protected]


UK Representative:
David Lloyd George
10 Downing Street, London, UK
[email protected]