Welcome to our Privacy Policy. At Contango Vanta Inc. ("Vanta," "we," or "us"), we're committed to safeguarding your privacy. This policy outlines how we, as the data controller, collect, store, and process information about individual visitors to our website www.vanta.club

Please note that this policy applies solely to www.vanta.club and not to any linked websites not owned or controlled by us.

Our Dedication to Your Data and Data Protection

We value your privacy and handle personal data with care. Personal data refers to information related to an identified or identifiable individual, such as your name, birthdate, email address, postal address, or phone number. It also includes online identifiers like your IP address. However, general information not tied to your identity, like the number of website users, is not considered personal data.

We uphold all relevant data protection laws, including the British Virgin Islands' Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). This policy outlines how we use your personal data.

While we primarily use your personal data as described in this policy and within the bounds of the law, we might use it for additional purposes required by law or for legal and criminal investigations. If this occurs, we will inform you and seek your consent as necessary.

In the following sections, we'll explain how we process your personal data when you visit our website.

Applicable Legal Grounds

According to the DPA and GDPR, the following legal grounds apply to processing your personal data:

• We process data with your consent (Art. 6 para. 1 lit. a) and Art. 7 GDPR).
• Data processing to fulfill services, contractual obligations, and respond to inquiries (Art. 6 para. 1 lit. b) GDPR).
• Processing to meet legal obligations (Art. 6 para. 1 lit. c) GDPR).
• Data processing to protect our legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Your Rights

Both the DPA and GDPR grant you standardized rights, including:

• The right to information (Article 15 GDPR).
• The right to correct inaccuracies (Article 16 GDPR).
• The right to erasure (Article 17 GDPR).
• The right to limit data processing (Article 18 GDPR).
• The right to data portability (Article 20 GDPR).
• The right to object to data processing (Article 21 GDPR).
• The right to withdraw consent (Art. 7 (3) GDPR).
• The right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

Feel free to reach out to us for questions, suggestions, and to exercise your data protection rights.

How We Use Your Personal Data and Legal Basis

• a) Log Files

  We gather access data transmitted by your browser to improve our website. This data includes session details, IP address, browser version, operating system, website-specific settings, and more. This information helps us optimize our website and safeguard it against potential attacks. Our lawful basis for processing this data is our legitimate interest in presenting you with a well-functioning website and maintaining server communication.

• b) Hosting

  Our website's hosting is handled by Catalyst Host LLC, who processes data to support website functionality and contract-related services. Our lawful basis for this processing is our legitimate interest in efficiently providing secure website services.

• c) Contact Requests

  When you contact us, we process your information to address your inquiries. Your data might be stored in a customer relationship management system. We delete unnecessary inquiries, adhering to legal archiving obligations. Our lawful basis for processing is fulfilling contractual obligations.

• d) Business-Related Processing

  We process contract and payment data for contractual services, customer care, and marketing. Our legal basis for this processing is fulfilling contractual obligations.

• e) Contractual Services

  We process customer data for our contractual services, including inventory, contact, content, contract, and payment data. We retain this data as required by law or for service evaluation. Our legal basis for this processing is fulfilling contractual obligations.

• f) Careers and Applications

  If you apply for a role, we process your application data for evaluation and potential employment. Successful applications are retained as part of personnel files. Unsuccessful applications may be retained for legal defense purposes. Our legal basis varies based on application status.

• g) Cookies and Similar Technologies

  For personal data processed through cookies, please refer to our Cookie Policy, which is part of this privacy policy. Our legal basis for using cookies is your consent and legitimate interest.

Sharing Your Personal Data

We share your data only as needed for our services or with your consent. We may outsource data processing to external providers, who must follow our instructions and ensure data security.

Your data may be disclosed to third parties when required by law, legal investigations, or protecting our legitimate interests.

Data Storage and Retention

We store your data as long as necessary for its intended purpose, complying with retention periods. Exceptions include cases where longer storage is necessary to address legal claims.

International Data Transfers

We mainly process data within the British Virgin Islands and EEA. If data is transferred outside these regions, we ensure its security.

Automated Decision-Making

We don't use automated decision-making that impacts you.

Direct Marketings

We use your data for contract-related communication and, if you've consented, for consultation and quotation purposes.

Security and Confidentiality

We use industry-standard measures to protect your data.

Data Intermediary

When processing your data as a data intermediary, we follow instructions and protect it accordingly.

Social Media

We maintain online presence to communicate with users. We process your data if you interact with us on social networks.

Personal Data and Children

Our services are for those 18 and older. We don't knowingly collect data from minors without parental consent.

Links to Other Websites

We're not responsible for other websites' privacy practices.

Changes

This policy may change; check it regularly for updates.

Contact Us

For questions, rights enforcement, or more information, reach us at the provided contact details.

Last Update

This Privacy Policy was last updated on August 22, 2023.