PRIVACY POLICY

Last Update: March 31, 2026

 

Disco Inc. and its divisions, affiliates, and subsidiaries ("DISCO") respects the privacy and the integrity of any Personal Information (as defined below) that you provide or that we collect in your use of our Website, including www.disco.co (“Website”), our mobile application (“App”), and our all-in-one Platform (as defined below) to build, market, and scale learning communities (collectively, the "Services"). The App provides Members with access to digital content created  by Organizations (as defined below), including the ability to view courses, participate in discussions, and engage with learning community content (“Services”). This Privacy Policy explains our policy regarding the collection, use, and disclosure of your Personal Information, and explains what privacy rights you may have under applicable data protection and privacy laws, such as the European Union General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).


A link to this Privacy Policy is accessible on our Website at disco.co/privacy-policy and within our App. This Privacy Policy will be continuously assessed against new technologies, business practices, and our Users' needs. As we update, expand, and diversify our Services, this Privacy Policy may evolve. Please check this Privacy Policy from time to time for updates by checking the date of the "Last Update" at the top of this document. We will take reasonable measures to notify You of material changes to this Privacy Policy by posting this on our home page or otherwise notifying You. You acknowledge and agree that your access of our Website and your use of our Services following any posted changes to the Privacy Policy indicate your acceptance of such changes.

Application of this Policy

At DISCO, we are committed to protecting the privacy of our Users, which is why we do not sell or rent any Personal Information (as defined below) regarding our Users to any third party. We hope this Privacy Policy will answer your questions regarding how we treat Personal Information gathered from visitors to our Website and the use of our Services.

Definitions

The following definitions apply to this Privacy Policy:



Lawful Bases for Processing

To use your Personal Information, we must have a valid reason, which under some laws is called the “lawful basis for processing” or “legal grounds for processing.” When we act as a data controller, we may process your Personal Information based on these reasons:

 

1. Your Consent: Sometimes, we will use your Personal Information because you actively indicated it is okay that we do so. This includes, for example, where you subscribe to receive newsletters.

2. Keeping Our Agreement Obligations: This includes using your Personal Information to fulfill our agreement with you by, for example, delivering the Services to you.

3. Legitimate Interests: We sometimes use your Personal Information because we believe it is in our best interest or the interest of someone else. Legitimate interests work when we use your Personal Information in ways that make sense and do not intrude on your privacy much. Or when we have a very good reason for it. Here is what it normally means for us:

a. Product Improvement: We may use data to enhance the features and functionality of the Services, making them more useful and user-friendly.

b. Customer Engagement: Keeping Users, subscribers and others informed about updates, new features, and content that may interest them.

c. Research and Development: Using aggregated and anonymized data to conduct research on trends and user behavior to improve the Services.

d. Marketing and Promotion: Promoting the Services to a wider audience and providing tailored recommendations based on User Data.

e. Security and Fraud Prevention: Protecting the Services and Users from security threats, fraud, and abuse.

f.  Legal Compliance: Ensuring compliance with relevant laws and regulations, including the rules from other countries besides yours.

g. Business Operations: Managing day-to-day operations and ensuring the sustainability and growth of our business and services.

4. Following the Law: This includes processing your Personal Information to comply with the law, such as keeping records of your cookie choices to comply with EU law, such as the e-Privacy Directive and the General Data Protection Regulation.

5. Other Reasons: This includes using your Personal Information for any other reason that the law allows.

 

When we use your Personal Information because you gave us permission (consent), you can change your mind at any time. However, this will not undo the things we did with your Personal Information before you changed your mind. It also will not change the things we are allowed to do with your Personal Information based on other reasons.

 

Where we receive your Personal Information as part of providing our Services to you to fulfill a contract, we require such Personal Information to be able to carry out the contract. Without that necessary Personal Information, we will not be able to provide the Services to you.

 

Within the scope of this Privacy Policy, we may also process Personal Information based on the instructions of our customers, including Organizations. To learn about customers and Organizations’ lawful bases for processing your Personal Information, please read their privacy policies. 

Collection of Personal Information

To use certain features of our Website or Services you must first complete a registration process and establish an account (“Account”).  During registration for your Account, you will be required to provide basic information such as your full name and email address and establish a password. DISCO will retain this information and associate it with your Account.

Information Organizations Provide to Us

We permit Organizations the ability to import their existing mailing lists to the Service, meaning Organizations may share your email address with us. Organizations represent to us that they have your permission to use your email address on our Services. If you believe your information was provided to DISCO wrongfully, please email us at privacy@disco.co or use our processes to request removal of that information. Note also that Organizations may have their own privacy policies and practices around their use of your information, which we encourage you to review and understand. Organizations are solely responsible for: (i) maintaining legally-adequate privacy policies and providing all required disclosures to Members; (ii) maintaining legally-adequate terms of service and providing all required disclosures; (iii) obtaining all necessary rights, releases, and consents to allow User Data to be collected, used, and disclosed; and (iv) ensuring that the collection, use, and disclosure of User Data does not violate any third-party rights, including intellectual property, privacy, data protection, and publicity rights. DISCO is not liable for Organizations’ relationship with Members. We encourage you to review Organizations’ individual privacy policies for more information regarding their use of and access to your Personal Information. We have no control over the policies and practices of third-party websites or businesses (e.g., Digital Learning Experiences or Organization content) as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such businesses or websites’ policies.


Services Provided Through Organizations and White-Label Communities

This section applies to you if you participate in a learning community that is operated by a third-party Organization using the DISCO Platform.

DISCO provides its Platform to Organizations—Users who have administrative access and who create or share Digital Learning Experiences, including learning communities, academies, or educational programs, using the Platform. Organizations may operate communities under their own brand, domain, or user experience, including through white-label implementations of the Platform (“White-Label Communities”).

If you join or participate in a learning community operated by a Organization, that community is administered by the Organization and not directly by DISCO.

DISCO's processing of Personal Information in connection with Organization communities is performed in accordance with the lawful bases described in this Privacy Policy, including to fulfill our contractual obligations to Organizations and to pursue our legitimate business interests.

For more details on Organization obligations regarding privacy policies and Member data, see “Information Organizations Provide to Us” above.

Organization’s Administration of Communities

Organizations determine how their learning communities are structured and may determine what Personal Information is collected from Members and how that information is used within the community. For example, Organizations may collect or manage information such as Member registration information, profile details, course participation data, and communications within the community. As described above in “Information Organizations Provide to Us,” Organizations may provide certain Personal Information about their Members to DISCO in order for DISCO to provide the Platform and Services.

DISCO’s Role

When DISCO provides the Platform to Organizations, DISCO generally processes Personal Information in order to provide and support the Platform and Services. This may include hosting data, enabling Platform functionality, maintaining system security, providing analytics, and improving the Services.

DISCO does not control how Organizations independently use Personal Information within their learning communities.

As described in our “Disclosure of Personal Information” section, DISCO may share Personal Information with the Organization operating your learning community to enable administration of that community.

International Data Transfers

Organization communities may involve international data transfers as described in our “International Data Transfers” section, particularly where Organizations or their Members are located outside of Canada.

Organization Privacy Practices

Your participation in a learning community operated by a Organization may also be subject to the Organization’s own privacy policies or practices. DISCO is not responsible for the privacy practices of Organizations or for Organizations' relationships with Members, and we encourage you to review any privacy information provided by the Organization operating the community you join.


Use of Personal Information

DISCO may process your Personal Information for the following purposes:

 

1. Provide you with information about new Services, newsletters, informative e-mails, and research on future product ideas or improvements.

2. Assist us in creating or providing content that is relevant to you.

3. Provide you with special offers that may be of interest to you and to improve your experience on our Website or with our Services.

4. Create, maintain, and secure your account and profile.

5. Enable use of our Services, including: (i) customizing our Services to your preferences or interests, making them more compatible with your technology, or otherwise making them easier to use; (ii) maintaining the security of and otherwise protecting them; and (iii) developing new DISCO websites, products, and services.

6. Assist us in improving and creating better Services to meet your needs.

7. Ensure the quality of our Services.

8. Invite you to participate in, or inform you of the results of, customer satisfaction or market research surveys.

9. Manage our customer base.

10.  Provide you with technical support for our Services.

11.  Help you quickly find software, Services, or product information important to you.

12.  Send transaction-related communications such as welcome letters, account status, and Service Order confirmations. DISCO may also send you surveys or marketing communications to inform you of new Services or other information that may be of interest.

13.  Respond to your requests or questions.

14.  Communicate with you on status of delivery of the Services.

15.  Fulfil legal obligations, enforce our rights, and address legal issues. This may include: (i) complying with our obligations to retain certain business records for minimum retention periods; (ii) establishing, exercising, or defending legal claims; and (iii) detecting, preventing, and responding to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law, or other misuse of DISCO’s websites or services;  (iv) protecting DISCO’s rights or property, or yours or others’ health, safety, welfare, rights, or property; and (v) responding to law enforcement requests and as required by applicable law, court order, or governmental regulations.

16.  Maintain the integrity and security of our websites, products, features, databases, services and business and to prevent and to detect any security threats, fraud or other criminal or malicious activity that might compromise your information. When you interact with us, we may also take reasonable steps to verify your identity before granting access to your Personal Information.

17.  Restrict the availability of some of the Services and content to certain parts of the world, where required for legal reasons, by using your address, IP address and other information to enforce those restrictions.

18. Provide the Platform and Services to Organizations and their Members, including hosting data, enabling Platform functionality, maintaining system security, and providing analytics.

 

You may always choose not to provide Personal Information, but if you so choose, our Services may not be available to you. You agree that you are under no obligation to provide us with this information and can access many aspects of our Website without providing us any Personal Information.

 

While using the Service, App, and Website, you may have opportunities to post reviews or other Personal Information in public forums at your own discretion. Please understand that when you post such information, it is made public and is not subject to this policy.

 

You should exercise caution when deciding to disclose any Personal Information in a publicly available forum such as the Website or App and agree to indemnify DISCO for any damages or claims resulting from any of your postings. DISCO is not obligated to monitor postings, and at its discretion, may remove any content submitted.

Disclosure of Personal Information

DISCO will not sell or rent your Personal Information to any other party and will only use and disclose your Personal Information for the purposes for which it was collected as described in this Privacy Policy. However, DISCO may disclose your Personal Information in the circumstances set out below:

        

1. DISCO may disclose your Personal Information with your prior consent.

2. DISCO may be required by law to disclose Personal Information without your consent in the event of emergency situations or when required by government or other legal authority.

3. DISCO may also disclose Personal Information to third parties in connection with a corporate re-organization, merger or amalgamation, or the sale of all or substantially all of our assets, provided that, where appropriate, any party to whom the information is disclosed is bound by agreements or obligations, and required to use or disclose your Personal Information in a manner consistent with the use and disclosure provisions of this Privacy Policy, unless you consent otherwise; or

4. DISCO may share Personal Information with the Organization that operates the learning community in which you participate in order to administer that community and provide the Services; or

5. DISCO may share your Personal Information with service providers who perform Services on our behalf. For example, we may hire other companies to handle the processing of payments, collect debts, to provide data storage, to host Website, to fulfill orders, to assist in direct marketing, to conduct audits, etc. Those companies will be permitted to obtain only the Personal Information they need to provide the service. Each company is bound by agreements or obligations with DISCO to implement and maintain reasonable security procedures and practices in order to use and disclose your Personal Information in a manner consistent with the use and disclosure provisions of this Privacy Policy, unless you consent otherwise. Our service providers operate globally, including in Canada, the United States, and other countries.  As a result, your Personal Information may be stored, processed, or transferred into or out of these countries. For more information about how we protect your Personal Information during international transfers, please see the “International Data Transfers” section below. We take all reasonable measures and precautions to protect your Personal Information when it is being handled by our service providers. If You wish to obtain more information on our use of service providers and our policies and practices regarding such service providers, please contact us at privacy@disco.co 

 

How to Opt-out or Withdraw

You can withdraw your consent for the use of your Personal Information at any time by deleting your Account or by providing written notice to us of that withdrawal. You acknowledge that Personal Information may be retained by DISCO as described in the “Retention of Personal Information” below.

 

If you do not wish to receive marketing communications, you may follow the "unsubscribe" instructions included within each e-mail communication or by selecting or deselecting (depending on the service) the appropriate option in your Account settings. Please keep in mind that, even if you choose not to receive marketing communications, you will continue to receive transactional or account communications related to Services that you have requested (e.g., purchase confirmation e-mails and invoices).


Your Choices Mobile App


You may exercise the following choices regarding our collection and use of information through the App: 

Retention of Personal Information

DISCO retains your Personal Information for as long as we provide Services to you or for as long as needed for the purpose we collected it and any other permitted linked purpose and in accordance with our data retention policies. We destroy the information once we no longer have a legitimate purpose to retain it (in accordance with applicable law) unless there is an outstanding request or order to preserve the information.

 

We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as auditing, account recovery, or if required by applicable federal, state, and provincial laws. We also retain and use your Personal Information as required to meet legal obligations, resolve disputes, and enforce our agreements and policies. If we use your Personal Information for multiple purposes, we keep it until the purpose with the longest retention period expires, discontinuing use for shorter periods. Our retention periods align with our business needs and industry standards.

 

All retained Personal Information will remain subject to the terms of this Privacy Policy.  If You request that your Personal Information be removed from our databases, it may not be possible to completely delete all your Personal Information due to technological and legal constraints. However, we will take such steps as are reasonable to destroy the information or to ensure that the information is deidentified.

 

If you terminate your account, we will continue to retain your Personal Information for a commercially reasonable period for purposes including, but not limited to, backup, archiving, contract performance, enforcement of rights, defense of proceedings, legal compliance, fraud prevention, dispute resolution, troubleshooting, or auditing. Should you wish to delete your Personal Information when terminating your account, you will need to follow the relevant steps within the settings area of our Platform.


Disco cannot guarantee that the Services will provide data backups of any User Data stored on our Platform. It is your responsibility to back up onto your own local system all User Data, including all data, files, and records that you submit to Disco. We recommend that you maintain regular backups of any content, Digital Learning Experiences, or other information you upload, create, or store through the Services. While we employ reasonable measures to maintain the integrity of our Platform, we are not liable for any loss of User Data, and you acknowledge that you are solely responsible for preserving copies of your information.


Safeguards we have in place

DISCO stores and processes your Personal Information on our computers principally in the United States,  although your Personal Information may be transferred to other locations as described in the “International Data Transfers” section below. Accordingly, your Personal Information may be available to government bodies or their agencies in those jurisdictions under a lawful order, irrespective of the safeguards we have put in place for the protection of your Personal Information.

 

DISCO employs reasonable managerial and technical measures to ensure that your Personal Information is secure. In addition, our dedicated team of information technology professionals works to maintain data accuracy and prevent unauthorized access to Sensitive Information.  Unfortunately, no security system can be guaranteed to be 100% secure. Accordingly, we cannot guarantee the security of your Personal Information and cannot assume liability for improper access to it. The Internet is not a secure medium and you acknowledge and agree that the privacy of your e-mail communication and Personal Information can never be guaranteed as any e-mail communication may be lost, intercepted, or altered. By using our Website, or providing Personal Information to us through any means, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Website and Services.

 

Mobile App Personal Information Collection and Features


With your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device in connection with your use of the App. These notifications may include updates about Digital Learning Experiences, community activity, or communications from Organizations. You can deactivate push notifications at any time by changing the notification settings on your mobile device or within the App settings.


We may derive the approximate location of your device from your IP address. We may combine this information with other location-based information, such as your billing or postal code, to provide location-relevant services. If the App collects precise location information, you have the ability to stop the collection of such information at any time through your device's operating system settings. If you do so, certain features of the App may no longer function properly.


When you download our App from an app store (such as the Apple App Store or Google Play Store), we may receive information about your download, such as your username, the date and time of download, and certain device information. The collection and use of this information by app store providers is subject to their respective privacy policies.


The App may request certain permissions from your mobile device, such as access to your camera, microphone, photo library, or storage. These permissions are used to enable specific App functionality, such as uploading profile photos, participating in live video sessions, or downloading course materials for offline access. You can manage these permissions through your device's settings at any time. If you deny certain permissions, some features of the App may not function properly.

Access to your Personal Information

You are responsible for updating and maintaining the truth and accuracy of the Personal Information you provide to us relating to your Account. If you want to update the Personal Information you have provided to us, you should do so by visiting the “Account” section of the Website. You must be signed in to access your Account.

 

You can ask to see your Personal Information. If you want to review, verify, or correct your Personal Information, please contact us by sending an email to privacy@disco.co. Please note that any such communication must be in writing. Generally, your information is kept in the applicable cloud storage instance, typically located in the United States.

 

When requesting access to your Personal Information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the Personal Information that we hold about you. We may charge you a fee to access your Personal Information; however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact the office of our Privacy Officer.

 

Your right to access the Personal Information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all the Personal Information that we hold about you. In addition, the Personal Information may have been destroyed, erased, or made anonymous in accordance with our record retention obligations and practices.

 

If we cannot provide you with access to your Personal Information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.


If you are a Member of a learning community operated by a Organization (including White-Label Communities) and have questions about how your Personal Information is used within that community, or if you wish to access, correct, or delete your information associated with that community, you may need to contact the Organization operating that community. DISCO may assist Organizations in responding to such requests where required by applicable law or contractual obligations.

Collection of Non-Personal Information

Our privacy policy does not restrict or limit our collection and use of Aggregated Data. DISCO may also provide Organizations with analytics regarding their learning communities, which may include aggregated or anonymized data about Member engagement and activity.


Additionally, you acknowledge and agree that from time to time DISCO, its service providers and business partners  may collect information that is not Personal Information from your use of our Website and Services, such as server log files, environmental variables (such as MAC address, device IMEI, device type (iOS, Android, Windows or Mac), screen resolution, OS version, Internet browser, and Internet browser version) and from scanning navigational data to collect information that is not Personal Information about our Users in order to help us deliver better service and User experience. Such information could include the IP addresses or areas of the site being clicked on most frequently. DISCO and our service providers (including ad servers, outbound email vendors, affiliate vendors and search engine advertising agencies, and providers of web analytics tools) and business partners may also use "cookies" as well as so-called "pixel tags," "web beacons," "clear GIFs" and other similar technologies to help us deliver better service and User experience and to facilitate your ongoing access to and use of our Services. Cookies are files saved to your computer through your web browser or mobile device to enable us to recognize your browser, remember your preferences, and enhance your experience when using our Services. To learn more about cookies, please visit http://www.allaboutcookies.org/. You may find more information about opting out of most third-party service cookies at www.networkadvertising.org or other related sites.


In addition to cookies used on our Website, our App may use mobile software development kits (SDKs), mobile analytics tools, and similar technologies to collect usage information, track your activity within the App, and enhance your experience. These technologies may collect information such as how often you use the App, events that occur within the App, aggregated usage data, performance data, and the app store from which you downloaded the App.

 

When you access our Services through the App, we may collect device identifiers, including your IP address, internet service provider, the type of mobile device you use, temporary or persistent unique device identifiers (sometimes called UDID), advertising identifiers, and identifiers associated with browser cookies and similar technologies we deploy on the App.


When you use our App, we automatically collect information about how you access and use the App, including your interactions with Digital Learning Experiences, courses viewed, discussions participated in, features accessed, the time spent in the App, and other usage patterns. We may use third-party analytics tools to collect and analyze this information to improve the App and enhance your learning experience.


Cookies

 

DISCO and our service providers (including ad servers, outbound email vendors, affiliate vendors and search engine advertising agencies, and providers of web analytics tools) may also use “cookies” as well as so-called “pixel tags,” “web beacons,” “clear GIFs” and other similar technologies to help us deliver better service and enhance your experience and to facilitate your ongoing access to and use of our Website and Services. Cookies are files saved to your computer through your Web browser to enable Website or service providers’ systems to recognize your browser and capture and remember certain information. DISCO, like many other Web Services, uses cookies to understand and save your preferences for future visits and to compile Aggregated Data about site traffic and site interaction, so that we can offer better site experiences and tools in the future.

 

If You do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows You to automatically decline cookies, or to be given the choice of declining or accepting the transfer of a particular cookie, or cookies from a particular Website, to your computer. If You choose to reject all cookies, you may not be able to access the Services. To learn more about cookies, please visit http://www.allaboutcookies.org/. You may find more information about opting out of most third-party service cookies at www.networkadvertising.org or other related sites.

 

You may opt out of the DoubleClick cookie by visiting the Google advertising opt-out page or You may opt out of Google Analytics by visiting the Google Analytics opt-out page. Google has additional information available about their Remarketing Privacy Guidelines and Restrictions.

 

DISCO does not respond to Do Not Track signals on web browsers, as the industry has not settled on a Do Not Track Compliance standard.

Hyperlinks

Our Website is connected by "hyperlinks" to other Websites. You acknowledge and agree that DISCO makes no representation, warranty, covenant, or claim regarding, and DISCO expressly disclaims and denies any responsibility or liability for, directly or indirectly, the privacy practices on any third-party Website or resource accessible by hyperlink from our Website. You agree that the inclusion of any such hyperlink does not suggest, represent, warrant, covenant or imply that DISCO monitors, endorses, or exerts any control over such Website or linked resource whatsoever.  You agree that DISCO provides these hyperlinks to you only as a convenience, and the inclusion of any hyperlink does not suggest, represent, warrant, covenant or imply affiliation, endorsement or adoption by DISCO of any such Website or linked resource whatsoever.

 

When you leave our Website, you acknowledge and agree that our terms and policies do not govern your access to, and use of, other Websites. You acknowledge our recommendation to review the applicable privacy and data gathering practices of any Website or linked resource to which you navigate from our Website.

Social Media Widgets

Our Website may include Social Media Features, such as the Facebook, Twitter, Instagram, LinkedIn buttons and Widgets, such as the Share this button or interactive mini programs that run on our Website. These features may collect your IP address, which page You are visiting on our Website, and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing it.

Children’s Privacy

Our Website, App, and Services are not directed at, or intended for use by, children under the age of 13. We do not knowingly collect or process Personal Information from children under 13. If you are under 13 years old, please do not use our Website, App or Services and do not provide any information to us. If you believe that a child under 13 may have provided us with Personal Information, please contact us so that we can take appropriate steps.

International Data Transfers

Our company is based in Canada, and our service providers operate globally. DISCO may transfer your Personal Information to servers located outside of the European Economic Area, the UK, or Canada which provide for a different level of data protection. Your Personal Information will be subject to the laws of the country in which it is held, and may be subject to disclosure to governments, courts, law enforcement, or regulatory agencies in accordance with local laws. Before sending your Personal Information to parties outside the European Economic Area, the UK, or Canada, we will do one of two things: we will seek your consent or we will ensure the third party maintains the same level of privacy and security for your Personal Information as we do.

 

We are accountable for the protection of your Personal Information when we transfer it to others. We will use safeguards like the Standard Contractual Clauses (“SCCs”) approved by the European Commission under Article 46.2 of the GDPR. In some cases, the European Commission may have determined that in some countries, their data protection laws provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission recognized as providing an adequate level of protection to Personal Information, and here the list of countries recognized by the UK.

Your Rights

In addition to rights you may have under other applicable privacy laws (for example, rights of access and correction described in the ‘Access to your Personal Information’ section above), if the EU GDPR or UK GDPR applies to our processing of your Personal Information, you may also have the following rights in relation to your Personal Information.  Please note that you can only exercise these rights with respect to Personal Information that we process about you when we act as a data controller. Below, we describe those rights. To exercise your rights with respect to information processed by us on behalf of one of our customers, including Organizations, please read their privacy policy and contact them directly.

 

1. Right to Know What Happens to Your Personal Information

 

This is called the right to be informed. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Information, how long we will keep it, and who it will be shared with, among other things. We are informing you of how we process your Personal Information with this Privacy Policy. We will make every effort to let you know how we use your Personal Information. Yet, if we did not get your Personal Information directly from you, the GDPR does not require us to inform you in these cases: (1) When it is impossible or too costly to provide the information; (2) When the law obliges us to gather or share the data; (3) If the Personal Information must stay confidential because of professional or other secrecy obligations.

 

2.     Right to Know What Personal Information We Have About You

 

This is called the right of access. This right allows you to (1) get confirmation of whether we process Personal Information about you; (2) ask for full details of the Personal Information we hold about you and certain related information; (3) get a copy or access to the Personal Information.

 

You have the right to obtain from us confirmation of whether or not we process Personal Information concerning you and, where that is the case, a copy or access to the Personal Information and certain related information.

Once we receive and confirm that the request came from you or your authorized agent, we will disclose to you:

      The categories of your Personal Information that we process;

      The categories of sources for your Personal Information;

      Our purposes for processing your Personal Information;

      Where possible, the retention period for your Personal Information, or, if not possible, the criteria used to determine the retention period;

      The categories of third parties with whom we share your Personal Information;

      If we carry out automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;

      The specific pieces of Personal Information we process about you in an easily-sharable format;

      If we disclosed your Personal Information for a business purpose, the categories of Personal Information and categories of recipients of that Personal Information for disclosure;

  If we rely on legitimate interests as a lawful basis to process your Personal Information, the specific legitimate interests; and

  The appropriate safeguards used to transfer Personal Information from the EEA or the UK to a third country, if applicable.

Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.

 

For security and legal compliance, we cannot disclose certain Sensitive Information like Social Security numbers, driver’s license numbers, financial account numbers, health insurance or medical IDs, passwords, or security questions and answers. However, we can inform you if we have such information without disclosing specific details.

 

3. Right to Change Your Personal Information

 

This is called the right to rectification. It gives you the right to ask us to correct without undue delay anything that you think is wrong with the Personal Information we have on file about you, and to complete any incomplete Personal Information.

 

If your account settings do not allow you change the information yourself, please contact us and we will do our best to change the Personal Information for you.

 

4.     Right to Delete Your Personal Information

 

This is called the right to erasure, right to deletion, or the right to be forgotten. This right means you can ask for your Personal Information to be deleted. Please send an email to privacy@disco.co if you wish to delete your Personal Information.

 

Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.

 

5.     Right to Ask Us to Limit How We Process Your Personal Information

 

This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Information for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.

 

6.     Right to Ask Us to Stop Using Your Personal Information

 

This is called the right to object. This is your right to tell us to stop using your Personal Information. You have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your Personal Information for direct marketing purposes.

 

We will stop processing the relevant Personal Information unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Information to establish, exercise, or defend a legal claim.

 

7. Right to Port or Move Your Personal Information

 

This is called the right to data portability. Where this right applies under the EU GDPR or the UK GDPR, you may have the right to ask for and receive a  copy of certain Personal Information that you have given us or that you have generated by using our Services, so that you can move it, copy it, keep it for yourself, or transfer it to another organization. Where technically feasible, we will provide your Personal Information in a structured, commonly used, and machine-readable format. This right applies only to Personal Information that you have provided to us, that we process by automated means, and that we process based on your consent or to perform a contract with you. Given the nature of our Services, this right may not apply to all types of Personal Information we process, and may be subject to technical and legal limitations.

 

 

8. Right to Withdraw Your Consent

 

Where we rely on your consent as the legal basis for processing your Personal Information, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Information before you withdraw is still lawful. If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

 

9. Right to Lodge a Complaint with a Supervisory Authority

 

If the EU or UK General Data Protection Regulation applies to our processing of your Personal Information, you have the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Information. Specifically, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the GDPR. In the UK, you can lodge a complaint with the UK Information Commissioner’s Office.

 

 

I'm in the EU and I have an inquiry

VeraSafe has been appointed as DISCO's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to privacy@disco.co, only on matters related to the processing of Personal Information. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.


Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P

 

I'm in the UK and I have an inquiry


VeraSafe has been appointed as DISCO's representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of privacy@disco.co, only on matters related to the processing of Personal Information. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.


Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

Contact Us

If You have any questions about this Privacy Policy, concerns about how we manage your Personal Information, if you would like to make a inquiry about how we manage your Personal Information, or if you would like to exercise any of your rights, please contact us by email at privacy@disco.co or by completing our support form.

 

We will endeavor to answer your questions within a reasonable period and advise You of any steps taken to address the issues raised by You.

Interpretation of this Privacy Policy

 

We do not represent or warrant that the Services, or any part of the Services, are appropriate or available for use in any particular jurisdiction. Those who choose to access the Website, App, and Services do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules, and regulations. We may limit the Services' availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion.


Changes to this Privacy Policy

DISCO may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. When we make changes to this Privacy Policy, we will revise the "Last Updated" date at the top of this Privacy Policy.

If we make material changes to this Privacy Policy that affect how we collect, use, or disclose your Personal Information, we will provide you with notice via the email address associated with your account prior to the changes becoming effective.

For non-material changes, such as clarifications, corrections, or minor updates that do not significantly affect your rights or our data practices, we may update this Privacy Policy without providing individual notice. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

We may update the App from time to time to add new features, improve functionality, or address security issues. Some updates may include changes to our data collection or processing practices. We encourage you to review this Privacy Policy periodically, particularly after updating the App, to stay informed about our information practices.

Your continued use of the Website, App, or Services after any changes to this Privacy Policy constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes, you should discontinue your use of the Services and contact us to request deletion of your Personal Information in accordance with the "Access to Personal Information" section above.