Privacy Policy (US)

Privacy Policy (US)

Astound knows that your privacy is important to you and takes user privacy very seriously. We are committed to protecting your personal data in accordance with this Privacy Policy.

1. About this Privacy Policy

Updated: April 2025

Thank you for visiting Astound Digital. A reference to “Astound,” “we,” “us,” or “the Company” is a reference to astounddigital.com (the “Site”). At Astound, we take your privacy and your trust very seriously. This privacy policy (“Privacy Policy”) describes the types of information we may collect from you, our practices for collecting, maintaining, protecting, and disclosing your personal information, and your rights in relation to the personal data (“Personal Data”) we hold.

Astound complies with the EU-US Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom (UK) and Switzerland to the United States. Astound has certified to the Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework (“DPF Principles”.) If there is any conflict between the terms in this Privacy Policy, and the DPF Principles, the DPF Principles shall govern. To learn more about the EU-U.S. DPF program and to view our certification, please visit https://www.dataprivacyframework.gov/s/. 

Astound commits to re-certify annually with the U.S. Department of Commerce to maintain compliance with the DPF Principles.

This Privacy Policy supersedes any previous Privacy Policy draft. The following policies are only in effect for the Site.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. We generally keep this Privacy Policy posted on our website, and you should review it periodically, as it may change from time to time without notice. Any changes will be effective immediately upon the posting of the revised Privacy Policy. YOUR USE OF AND INTERACTION WITH THE SITE CONSTITUTES YOUR UNCONDITIONAL ACCEPTANCE OF THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY, AS THEY MAY BE MODIFIED FROM TIME TO TIME. IF YOU DO NOT AGREE WITH AND ACCEPT ALL OF THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY, DO NOT USE THE SITE AND DO NOT PROVIDE OR SUBMIT ANY PERSONALLY IDENTIFIABLE INFORMATION WHILE USING THE SITE. BY PROVIDING PERSONAL INFORMATION TO US, YOU CONSENT TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.

2. DPF Principles, Information We Collect and How We Collect It

Astound is committed to applying the DPF Principles to all Personal Data that Astound in the U.S. receives from European Economic Area member countries, the United Kingdom, and Switzerland in reliance on the respective DPF.

We collect information about you in two ways: directly from your input (Personal Data) and through automated technologies on our Site (non-personally identifiable information).

2.1 Definitions

“Aggregate and Anonymous Information” is any information that cannot identify or be linked to a specific individual. For example, Astound may collect anonymous group data (demographics, online browsing habits, interests and preferences, aggregate traffic data, and so on) about users of our Site.

“Personal Data” means personal information relating to you, as an identified or identifiable natural person, which may allow the natural person to be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Personal Data is also commonly referred to as “personal information” or “personally identifiable information.”

2.2. Data you provide to us through optional, voluntary submissions

The types of personal information that we collect directly from you may include 

• Contact details, such as your name (in whole or in part), your email address, your postal address, date of birth, and/or telephone number 
• Any other information you choose to provide to us

2.3 Data from Site use, including cookies, web beacons, and embedded scripts

We collect data about how you and your devices interact with our Site to provide better user experiences. As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information about equipment, browsing actions, and patterns, such as details of your visits to our Site and other communication data and resources that you access and use on the Site. Through our servers and the use of cookies and other automated technologies, we collect the following information:

• Computer, device, and connection information, such as IP address, browser type and version, operating system and other software installed on your device, mobile platform, unique device identifier and other technical identifiers, error reports, and performance data
• Usage data, such as the features you used, the settings you selected, your URL clickstream data—including date and time stamp and referring and exit pages—search terms you used, and pages you visited or searched for on the Site.

2.3.1 Cookies

A cookie is a small piece of data that is sent to your browser from a web server and stored on your computer’s hard drive. A cookie cannot read data off your hard disk or read cookie files created by other sites. Cookies do not damage your system. We use cookies to identify which areas of Astound’s website you have visited so the next time you visit, those pages may be readily accessible. We may also use cookies to ascertain how many times you’ve visited a particular page. We may use this information to better personalize the content that you see on our Site.

If you are concerned about the storage and use of cookies, you may be able to direct your Internet browser to refuse all cookies or notify you and seek approval whenever a cookie is being sent to your hard drive. You may also delete a cookie manually from your hard drive through your Internet browser or other programs. Please note, however, that some parts of our website will not function properly or be available to you if you refuse to accept a cookie or choose to disable the acceptance of cookies.

2.3.2 Web Beacons

A web beacon is a small graphic image (often invisible) or other web programming code (also known as "1x1 GIFs" or "clear GIFs") usually used in conjunction with cookies that may be included in our web pages and email messages. Web beacons or similar technologies may be used for a number of purposes, including to count visitors to our Site, to monitor how users navigate our Site, to count how many emails that were sent were actually opened, or to count how many particular articles or links were actually viewed.

2.3.3 Embedded Scripts

An embedded script is a programming code that is designed to collect information about your interactions with our Site, such as the links you click on. The code is temporarily downloaded onto your computer from our web server or a third-party service provider, is active only while you are connected to our website, and is deactivated or deleted thereafter.

2.3.4 Social Media Widgets

Our Site include social media features, such as the Facebook Like button and widgets. These features may collect your IP address and which page you are visiting on our site and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the Privacy Policy of the company providing it.

3. Notice on Use and Sharing of Personal Data

Astound is committed to protecting your privacy and adheres to applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the Data Privacy Framework (DPF) for data transferred from the EEA, UK, and Switzerland to the U.S.

3.1 How We Use Your Information
We collect and use Personal Data to:

• Deliver and tailor our services;
• Respond to inquiries, feedback, or complaints;
• Send requested information and promotional content (with opt-out options);
• Improve our website, marketing, and customer experience;
• Conduct analytics, research, and business operations;
• Fulfill legal obligations and enforce agreements.

Your Personal Data is used only for the purposes for which it was collected or as subsequently authorized by you. We do not knowingly collect Personal Data from children under 13 without parental consent.

3.2 How We Share Your Information
We do not sell, rent, or trade your personal data. Disclosure is limited to:

3.2.1. Contractual Necessity 
To fulfill our services, we may share your data with:

• Service delivery partners;
• Professional advisers (legal, IT, financial, PR);
• Intermediaries and storage providers.

3.2.2. Legitimate Interests 
To support and manage our business, we may disclose data:

• For marketing and communications;
• For legal or strategic advice;
• To potential acquirers in a merger or sale.

3.2.3. Legal Requirements
We may disclose data to comply with laws, protect our rights, or respond to lawful requests from authorities. All such disclosures are reviewed for legality and limited in scope. Where permissible, we may challenge improper requests and notify affected individuals.

3.2.4 Onward Transfers & Third-Party Accountability
We only transfer data to third parties (controllers or agents) who:

• Use it for limited, authorized purposes;
• Commit to DPF-equivalent data protection;
• Notify us if they can no longer meet their obligations.

If a third party fails to comply, we take steps to halt and remediate any unauthorized processing.

4. Data Retention, Data Integrity and Purpose Limitation

We collect and process personal information only to the extent necessary for the specific purposes for which it was collected or as subsequently authorized by you. Personal information will not be processed in a manner that is incompatible with these purposes. We implement appropriate security measures to prevent unauthorized access.

We take reasonable steps to ensure that personal data is reliable, accurate, complete, and up to date for its intended use. You are provided with mechanisms to review and update your personal information where necessary to maintain its accuracy.

We retain your personal information for as long as necessary to provide our services and fulfill our obligations and/or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. When data is no longer needed, we will take appropriate steps to securely delete, anonymize, or otherwise dispose of it in accordance with its data retention policies. 

We remain committed to complying with the EU-US Data Privacy Framework Principles throughout the lifecycle of personal data under its control.

5. Data Security

Astound implements technical and organizational measures to seek to ensure a level of security appropriate to the risk to the personal information we process. Astound servers are protected with security technologies, including firewalls and data encryption. These technologies are designed to prevent unauthorized access, but no guarantee can be made that your information and data will be secure from intrusions and unauthorized releases to third parties. The security of your personal information is important to us. Unfortunately, the transmission of information via the internet is not completely secure. In the context of an onward transfer, Astound is responsible for processing personal information it receives under the DPF Principles and subsequent transfers to a third party acting as an agent on its behalf. Astound shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles unless the organization proves that it is not responsible for the event giving rise to the damage.

6. Modifications to the Privacy Policy

If we make any changes to our Privacy Policy, we will post those changes on this web page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it. We encourage you to periodically review this web page for the latest information on our privacy practices.

7. What are your Privacy Choices?

You have rights regarding the information we collect and how it’s used:

• You may opt out of emails from us by clicking the “unsubscribe” link provided in marketing emails that you have previously received from us or by contacting us at privacy@astounddigital.com
• You may submit requests to opt out of phone and postal marketing by contacting us at privacy@astounddigital.com
• You may access, review, and correct your Personal Data and preferences by contacting us at privacy@astounddigital.com to request a copy of the information we have stored about you and request any desired changes or deletions
• You have the right to object to, limit, delete, or restrict the use of your data 

However, please note the following:

• Your opt out will stop your further receipt of marketing and promotional communications from us BUT will NOT stop further communications from Astound of a transactional, administrative, or relationship nature or as required by law, such as notification of a material change in this Privacy Policy for the Site or notification of an actual or suspected security breach that affects your Personal Data stored by or for Astound.
• Astound will retain your personally identifiable Information for as long as is needed to provide your products or services and as necessary to comply with our legal obligations, resolve disputes, and enforce agreements. Aggregate and Anonymous Information may be retained indefinitely.

If you choose to object to, limit, or restrict the use of your data, this decision may impair the functioning of some of our Site or services.

8. California Privacy Rights

Residents of the State of California, under certain provisions of the California Civil Code, have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third-party direct marketing purposes. You are limited to one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. You can request this information by contacting us directly per Section 13 below.

9. US Federal Trade Commission (FTC) Enforcement

Astound’s commitments under the EU-U.S. DPF are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).

10. Withdrawal of Consent

In accordance with the DPF, Astound limits the use and disclosure of your Personal Data. If Personal Data is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized or is to be disclosed to a non-agent third party, Astound will provide you with an opportunity to choose whether to have your Personal Data so used or disclosed. However, it is not necessary for you to provide consent when disclosure is made to a third party that is acting as an agent to perform task(s) on behalf of and under Astound’s instructions.

If you have given your consent and you wish to withdraw it, you may do so at any time by contacting us at privacy@astounddigital.com.

11. Recourse, Enforcement, and Liability

We are committed to upholding the DPF Principles, ensuring robust mechanisms for compliance, recourse for individuals, and accountability in the event of non-compliance. To that end, we have established the following mechanisms:

a. Independent Recourse Mechanism

• We provide you with a readily available, independent, and cost-free mechanism to lodge complaints regarding non-compliance with the DPF Principles.
• Complaints will be investigated and expeditiously resolved by JAMS (an alternative dispute resolution provider located in the United States), which will assess disputes by reference to the DPF Principles and award damages where applicable under law or private-sector initiatives.

b. Verification and Compliance Monitoring

• We conduct regular internal and external assessments to verify that our privacy practices align with our public attestations and comply with the DPF Principles.
• Where non-compliance is identified, we are committed to taking appropriate remedial actions and implementing corrective measures.
• As required, we will respond promptly to inquiries and requests from the U.S. Department of Commerce regarding compliance with the EU-U.S. DPF.

c. Obligation to Remedy and Sanctions for Non-Compliance

• If we are found to have failed to comply with the DPF Principles, we will take immediate steps to remedy any issues, including updating policies, modifying data practices, and providing appropriate redress to affected individuals.
• Non-compliance may result in sanctions that are sufficiently rigorous to ensure compliance, including suspension or removal from the EU-U.S. DPF program.

d. Onward Transfer Liability

• When transferring personal data to third-party agents, we remain responsible for ensuring that such agents process personal data in accordance with the DPF Principles.
• We will take reasonable steps to ensure that third parties provide the same level of protection as required under the EU-U.S. DPF, and it will remain liable for any non-compliance unless it proves that it is not responsible for the event giving rise to the damage.

e. Binding Arbitration and Cooperation with Authorities

• You may invoke binding arbitration as provided under Annex I of the EU-U.S. DPF, provided that you have exhausted all other available recourse mechanisms.
• We will cooperate with U.S. statutory bodies, such as the Federal Trade Commission (FTC) or Department of Transportation (DOT), and will prioritize compliance inquiries from the U.S. Department of Commerce and EU Member State authorities.
• If required by a court order or U.S. statutory body order based on non-compliance, we will publicly disclose relevant EU-U.S. DPF-related compliance reports in accordance with confidentiality requirements.

We remain committed to upholding the highest standards of data privacy, ensuring that your rights under the EU-U.S. Data Privacy Framework is fully respected and enforced.

12. Contact Information and Complaints

In compliance with the DPF Principles, Astound commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Policy should first contact Astound at

Legal Department – Privacy

Astound Commerce Corporation

Suite 2075

945 E. Paces Ferry Road

Atlanta, Georgia 30326

USA

privacy@astounddigital.com

Astound has further committed to refer unresolved Privacy complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/ for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither Astound nor our dispute resolution provider resolves your complaint, you may invoke binding arbitration as outlined in Annex I of the EU-U.S. DPF. For detailed information, please visit https://www.dataprivacyframework.gov/.