Privacy Policy

Incorporation of Terms

The terms contained in this Privacy Policy incorporate the Acceptable Use Policy, available on this website, unless otherwise noted.

Additional Agreements

This Privacy Policy incorporates all clauses from the Acceptable Use Policy and any other relevant Policies, available on this website, except where otherwise noted.

Who This Agreement is for

By accessing and using this website, you accept and agree to be bound by the terms and provisions of this agreement and any other agreement published on this website and any website owned and operated by Serendum LLC (collectively the “Policies”). In addition, when using any service provided on this website, or by any subsidiary of Serendum LLC (“Serendum”), you are subject to any posted guidelines or rules applicable to such services, which may be posted and modified at-will by Serendum.

General Purpose

The purpose of this Privacy Policy is to provide a better understanding of Serendum’s commitment to the privacy of the User. Any reference in the first-person will refer to Serendum and its commitments. Any reference in the second-person will refer to the User directly. It is the User’s responsibility to ensure their responsibilities are maintained by their agents, representatives, and end-users.

Company Goals

While Serendum is not under legal obligation to follow the guidelines set forth on data privacy by the European Union under the EU General Data Protection Regulation, (“GDPR”) Serendum’s corporate and moral goal is to follow GDPR guidelines.

As such, the Provider promises to, where possible:

In some cases, such as withdrawing consent from this and other Policies, the User may forfeit their access to the site and our Services. Due to the nature of Serendum’s work, Serendum cannot accept anonymous sign-ups, and as a result some personal data is required to continue Services with Serendum.

Do Not Sell My Data

We do not sell, nor have we ever sold data to any third-party company. Your data will be solely retained for the use of Serendum LLC and its subsidiaries, and will never be sold or used outside of the Company.

Reciprocating Data and Data Removal Requests

When Serendum reciprocates (or copies) data to another subsidiary company, and a request for deletion has been made, all companies within the parent company’s organization (Serendum LLC) will receive the request and act on it as appropriate. In the event of discontinuing services due to the deletion of this data, the User will lose access to all services provided by all companies under Serendum’s control.

Opting In

Serendum uses an opt-in system, similar to those used in the EU, as part of the commitment to following as many privacy regulations from the GDPR as possible. The User will be prompted to allow for cookies and other location/browser-related data to be collected for analytical purposes at the time of their first entry, or their subsequent entry following the clearing of their browser’s history/cookies/cache.

In the event the User chooses to opt-out of this prompt, only anonymous session data will be collected and stored. Serendum disables Google Analytics, any internal analytics, and session logging for the User’s private data in the session. The User will continue to be prompted on subsequent visits, as no session data will exist for the User following the previous visit and no permanent storage of the User’s response will be made. This may limit the features of the site, and the User will not be able to log-in, register or purchase Services until they have opted-in.

Our Commitment to Removing Data

We stand by our word in transparency, and will inform the User when data pertaining to your personal information has been removed from our systems or network. This notification will be in the form of an e-mail or other electronic message (ie. Account notifications, etc.) and will be received within seven (7) days of the deletion of this data.

When a request is made for the deletion of data by a User, we will provide the User with an initial response within fourteen (14) business days of the request date. This initial response will include the following information:

In the event data cannot be removed without disabling access to the Services or site, the initial response will outline the implications of removing this data and will ask for final consent in the removal once all necessary information is obtained by the User.

In the event the User has entered an agreement for Services provided by Serendum, the commitment term must be completed before the data can be removed, except where early cancellation or term cancellation is applicable per Serendum’s Acceptable Use Policy.

Notification of Breach

Serendum will provide notification of security breaches that affect a User’s personal data to the User within twenty-one (21) days of resolution of the breach, including a full security analysis performed either by internal representatives or Serendum’s agents, or by a third-party security firm. Serendum reserves the right to maintain the security of its infrastructure, and to decide the third-party security firm or responsible agents or representatives to carry out security investigations in the event of a breach.

Serendum is not responsible for breaches caused by the negligence or actions of a User, including, but not limited to, insecure passwords, re-using passwords on other sites, breaches resulting from or pertaining to the use of the Services. The User is solely responsible for any security breaches of their Services and Serendum retains no moral, legal, or other obligation to monitor the Services provided for security or any other form of breach.

GDPR Article 8 and COPPA

Serendum’s Services are not intended for use by any minor, and the User must be of legal age and under no disability to consent to a contract in their jurisdiction or in the applicable jurisdiction of the Policies. The jurisdiction’s laws which would afford Serendum the most protection will be the controlling law for any legal action arising from this clause. Any information retained from a minor, upon notification of such access, will be immediately destroyed by Serendum, and Services and access to all sites provided will be immediately discontinued.

Types of Data Collected

The User, upon opting in as explained in the “Opting In” section of this Privacy Policy, consents to the following data being collected:

The User, upon opting out as explained in the “Opting In” section of this Privacy Policy, will consent to the following data being collected:

The User, upon opting out as laid out in the “Opting In” section of this Privacy Policy, understands that some features of this website and the applications Serendum provides may be limited due to their decision, and may require a future opt-in agreement to access. These include, but are not limited to:

Legal Action

The User’s personal data may be used for legal purposes by Serendum in order to defend or enforce any legal right Serendum may have arising from improper use of the Services or this site.

The User understands and is aware that Serendum may be required to reveal personal data upon the request of law enforcement or other governmental body.

Information Not Contained Within

The User may request additional information on the processing and collection of data at any time from Serendum by completing a support request.

Do Not Track HTTP Headers

When opting out, as per the “Opting In” section of this Privacy Policy, Serendum will attempt to attach “Do Not Track” headers to the HTTP/HTTPS requests following the opt-out. While Serendum will attempt to attach these headers, Serendum is not responsible for whether these headers will be respected in their entirety, or by third-party services or websites. Additionally, Serendum is not responsible or liable for browsers that do not support these headers.

Limitation of Liability for Opt-Out

If the User opts out, as per the “Opting In” section of this Privacy Policy, they understand that their experience may be less than ideal on this site. Serendum is not liable for any damages, incidental or otherwise, caused by or related to the experience.

Retention Time

The User’s data shall be processed and stored for as long as required by the purpose they have been collected for. Therefore:

As part of Serendum’s commitment to this retention time, if a User account has been without contract for a period of one (1) year, Serendum will erase all personal data stored in the account for the User, except where retention is necessary to comply with governmental request or applicable laws. The User may request the retention and renewal of this data up to three (3) days prior to the erasure of this data, and will be contacted via electronic message (e-mail or otherwise) about the erasure up to twenty-one (21) days prior to this removal.

Once the retention of data period expires, all User data will be permanently erased. Therefore, the right to access, the right of erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

Basis of Processing

Serendum may process personal data of the User if any of the following are applicable:

Users may request specific information related to our processing, collection, transfer, or provisioning of data, and the basis of such provisioning via a support request to Serendum directly. Serendum will specify whether the provisioning is a statutory or contractual requirement, and/or is a requirement necessary to enter into a contract or agreement with Serendum.

Data Processing Location(s)

Serendum will process data at their offices, including remote offices around the globe for its representatives, agents, or vendors, and at the locations of our internal and public systems. In some cases, the User’s data may be transferred to a country other than their own, depending on the User’s location.

Data Safeguarding

Serendum commits to safeguard the User’s data to the best of our ability. This includes transferring data securely over the Advanced Encryption Standard (“AES”) or Transport Layer Security (“TLS”). Serendum does not currently, nor has any intention of partnering with any vendors that do not accept at minimum a TLS secured connection.

The data stored on Serendum’s network and systems will at all times be encrypted or hashed, depending on the available industry best standards and practices at that moment. Serendum also routinely monitors our systems and network for possible breaches and required security improvements.

Credit card data is not stored on Serendum’s internal systems, and is securely transmitted to Stripe, a third-party payment vendor used by Serendum. Stripe stores all relevant payment information (such as bank account information or credit/debit card information), and Serendum only stores a token provided by Stripe to charge cards and accounts at a later time.

Your Rights

Serendum provides the User with the following rights, as laid out in the GDPR, as per Serendum’s moral goals and mission:

These rights do not give a User any legal cause of action against Serendum, nor do they create any duty or liability to any User by their existence. In all cases Serendum retains full power to interpret and enforce these rights, and the final decision will be made by Serendum. Serendum retains the final right to approve or deny any User request arising under these rights.

Enforcements of this Privacy Policy

The User agrees and accepts that all provisions set out in this Privacy Policy related to GDPR, CCPA or any other privacy act not recognized by the competent court as defined by the Acceptable Use Policy is a company goal, not a legal provision. Serendum is not liable for any of provisions that are not mandatory by the applicable law, implicitly or written. Any compensation for breach, if applicable, provided by Serendum does not waive this enforceability clause and does not impart any additional legal rights to the User.