SUPPLEMENTAL NOTICE FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA, SWITZERLAND, OR THE UNITED KINGDOM

Name of data controller and contact details

Clerk, Inc.
660 King Street
Unit 345
San Francisco, CA
94107
privacy@clerk.dev

Purposes of the processing

The purposes of the processing are described in the section of the Clerk Privacy Policy entitled How We Use Your Information.

Lawful basis for the processing

Generally, we process personal data on the basis that the processing is necessary for purposes of our legitimate interest in conducting our business in a manner typical in the US information technology industry, having taken into account any risks to your fundamental rights and freedoms (including your right to privacy). We also may process personal data on other bases permitted by the EU General Data Protection Regulation ("GDPR"), the UK Data Protection Act 2018 ("UK GDPR") and other applicable laws, such as when the processing is necessary for us to comply with our legal obligations.

The legitimate interests of the controller or third party, where applicable

Our specific legitimate interests, such as responding to your requests, comments and questions, providing you with support and improving our Services, are described in the section of the Clerk Privacy Policy entitled How We Use Your Information,

The categories of personal data concerned

The categories of personal data that we process are described in the section of the Clerk Privacy Policy entitled Information We Collect.

The recipients or categories of recipients of the personal data

The potential recipients of the personal data that we collect via the Services are described in the section of the Clerk Privacy Policy entitled How We Disclose Your Information.

Information regarding the transfers of personal data outside of the European Economic Area (EEA), Switzerland and the United Kingdom (UK)

Clerk, Inc. is headquartered in the USA and the website is hosted in the USA. On 10 July 2023, the European Commission adopted an adequacy decision with respect to the transfer of personal data from the EEA to the US. On 21 September 2023, the United Kingdom adopted a "data bridge" framework between the UK and the US. Switzerland adopted an adequacy determination which entered into force on 15 September 2024. Clerk, Inc. has certified to the Data Privacy Framework⁠ recently developed and adopted by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration. Please see Clerk's Data Privacy Framework Notice. When you provide your personal data to us via the website or contact us by email, you are providing your personal data directly to the USA. Before you provide your personal data to us via the website, we request your explicit consent to the transfer of your personal data to the USA. When you email us, the fact that you have chosen to email us knowing that we are located in the USA will be understood to constitute your express consent to the transfer of the personal data in your email (including your email address) to the USA. Regardless of the differences in US and European privacy laws, we safeguard your personal data as described in this Privacy Policy. If we transfer your personal data to a third party, we require the third party to commit contractually to process your personal data only in ways that are consistent with this Privacy Policy.

The period for which the personal data will be stored, or the criteria for determining the retention period

How long we retain personal data varies according to the type of data in question and the purpose for which it is used. See the section entitled Retention of Personal Information.

Your rights to access, correct, restrict or delete your personal data and object to processing

You have the right to request access to your personal data, to have your personal data corrected, restricted or deleted, and to object to our processing of your personal data. Your rights may be subject to various limitations under the GDPR and the UK GDPR. If you wish to exercise any of these rights, or if you have any concerns about our processing of your personal data, please contact us in any of the ways listed in the section entitled How to Contact Us. The data portability rights in the GDPR and the UK GDPR are not relevant to the kinds of processing that we do.

The right to lodge a complaint with a supervisory authority

You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority. The EU Commission has a list here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm⁠ See www.ico.org.uk⁠ for information about contacting the UK Information Commissioner's Office. See www.edoeb.admin.ch/edoeb/en/home.html⁠ for information about contacting the Swiss Federal Data Protection and Information Commissioner.

Statutory or contractual requirement or other obligation to provide any personal data

Users of the Services are under no statutory or contractual requirement or other obligation to provide personal data to us via the Services.

Our EU/UK Representative

VeraSafe has been appointed as Clerk's representative in the European Union and the United Kingdom for data protection matters pursuant to Article 27 of the GDPR and the UK GDPR. If you are in the European Economic Area or the United Kingdom, VeraSafe can be contacted in addition to privacy@clerk.dev, only on matters related to the processing of personal data. To make sure an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative⁠ or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland