SupportBlog
  1. Home
  2. Privacy Policy

GeoRiot Privacy Policy

1. Overview

GeoRiot provides a set of services ("Genius Link Services") to commercial customers ("Clients") for purposes of online marketing and sales of digital and physical products and services ("Products") to individual consumers. The Genius Link Services are provided to Clients worldwide, including in the United States ("US"), the member states of the European Union ("EU"), and Switzerland. The Genius Link Services are provided under the names "Genius Link" and "BookLinker.net." The Genius Link Services are not provided to individuals as consumers.

The Genius Link Services are dynamic links that are used to connect consumers visiting or interacting with a Client's websites, applications, social media, electronic documents, eBooks, text messages and other online digital properties ("Digital Properties") to retail websites ("Storefronts") maintained by international goods and services retailers ("Retailers") where Products identified on the Client's Digital Property ("Products") can be purchased. These dynamic links are called "Geni.us Links." Digital Properties including Geni.us Links are accessed through a personal computer, laptop, smartphone or other device providing Internet access through a browser ("Device") when an individual follows the Geni.us Link to a Storefront.

Information is collected automatically via a Geni.us Link when an individual using a Device clicks a Geni.us Link in the course of viewing and interacting with content on a Client's Digital Properties (a "Transaction"). Such an individual is referred to as a "Buyer" in this Policy. The information collected is referred to as "Potential Personal Information" in this Policy, and is described below. The core terms applicable to Potential Personal Information are provided in Sections 3, 5, 6 and 8.

GeoRiot also collects information about individuals acting as or on behalf of Clients for purposes of the Genius Link Services ("Client Personal Data"). Client Personal Data may be collected in the course of Client account registration and in communications and transactions between the Client and GeoRiot. The core terms applicable to Client Personal Data are provided in Section 4, 5, 7 and 8.

2. Adherence to Privacy Shield

GeoRiot and the Genius Link Services comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. GeoRiot has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

This compliance includes both Potential Personal Information, whether or not such information is in fact Personal Data for purposes of EU data protection laws and Privacy Shield, and Client Personal Data.

GeoRiot shall adhere to the Privacy Shield Principles, as they may be amended from time to time, with respect to and for as long as it retains Potential Personal Information or Client Personal Data collected or maintained while this Privacy Policy is in effect.

3. Collection and Processing of Potential Personal Information

GeoRiot does not provide any products or services to individuals or engage in transactions or communications with them. GeoRiot also does not collect or use information such as names, addresses or other contact information, governmental or corporate identification numbers, account numbers or images, or other information which specifically identifies individuals ("Personally Identifiable Information" or "PII").

GeoRiot does collect and use the information described below. While none of this information in itself identifies any specific individual, it may be possible to use some of this information in combination with information from other sources to identify individual Buyers. As a matter of due diligence and prudence GeoRiot has taken appropriate measures to ensure the security, integrity and ethical use of such information, called "Potential Personal Information" for purposes of this Policy. GeoRiot does not combine Potential Personal Information with other data to identify individuals for purposes of the Services.

When a Buyer clicks a Geni.us Link the following information is collected automatically. The information collected is determined by the coding of the Geni.us Link by GeoRiot.

  • Information identifying the operating system and browser used by the Device for the Transaction ("User Agent Information"), including information identifying and describing the Device used for the Transaction ("Device Data").

  • Information identifying the language used by the Device for the Transaction ("Language Information").

  • The Internet Protocol ("IP") address of the Device used for the Transaction, which allows identification of the logical and to some extent geographical location of the Device used in the Transaction ("Location Data").

  • The URL of the Client's Digital Property on which the originating Geni.us Link is sited ("Client URL").

  • Product identification information for Products via the Geni.us Link the Device was used to click ("Product Information").

In addition, GeoRiot may collect the following information from third party sources:

  • Product information including Product price, genre, name, developer, publisher, and other general information published by the Retailer, developer or other third party ("Third Party Product Information").

  • Limited purchase information obtained by the Retailer in the event a Buyer purchases a Product in the course of a Transaction, such as the number of products purchased, a list of items (or categories of items), purchase prices, and timestamp of the Transaction ("Purchase Information").

Information collected through Geni.us Links is transferred to and stored by GeoRiot in the United States, according to GeoRiot's standard Data Retention policies.

Geni.us Links may support the following uses of Potential Personal Information, for the benefit of Clients:

  • Dynamic Links. A Client can use a single link to route Buyers to the appropriate Retailer website based on information such as the user's location, device, and language set in the browser. This may include dynamic links on a Client's Digital Property which automatically populates a Storefront customized for the Buyer on the Digital Property. For example, a Client website that reviews technology devices may display related products with links to purchase them on Retailer Amazon's Storefront. The Geni.us Link may be used to ensure the Amazon link that appears on the Client's website is directed appropriately based on the Buyer's location.

  • Automatic Product Localization. A Client can use a single link to automatically route Buyers to the appropriate Product in the Buyer's local Storefront, such as the Amazon, iTunes, or Microsoft online stores. Automatic affiliation may be used to earn commissions from the correct local Retailer's Storefront. For example, a Buyer in Germany may be sent to the Amazon Germany Storefront by a Geni.us Link from a Client website, and the Client might earn a commission through the Amazon Germany affiliate program.

  • Choice Pages. A Client may use a link to provide a mobile-optimized landing page where a Buyer can view different buying options, rather than having an automated process pick for them.

  • Retargeting. The Client may use a Geni.us Link to set pixels on behalf of the Client to enable collection of Client activity data by third-parties such as Facebook and Google.

  • Data Analytics. The Data Analytics service provides Clients with marketing content based on data identifying the geographical location ("Location Data"), Device data, User Agent Data, Language Data and Transactions Data. The Data Analytics service helps Clients ensure that marketing efforts are relevant to the Buyer and appropriate to the country or region where the Buyer is located.

While Potential Personal Information may not be Personal Data within the meaning of Privacy Shield and the GDPR, as a matter of prudence and due diligence and to help assure transparency, GeoRiot has elected to attest to its adherence to the E.U.-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. GeoRiot has also implemented policies and procedures to assure its compliance with the E.U. General Data Protection Directive to the extent the GDPR applies to Potential Personal Information.

4. Collection and Processing of Client Personal Data

When a Client creates a Genius Link account the Client must provide GeoRiot with contact information for an individual user authorized to use the Genius Link Services and communicate with GeoRiot, either as an individual Client or on behalf of an organizational Client ("Client Users"). This information may include Client User name, email addresses and other contact information used to communicate with the Client User, as well as the content of communications between GeoRiot and the Client User and any transactions the Client User engages in with GeoRiot.

GeoRiot may use Client Personal Data to communicate with the Client User and with other individuals acting on behalf of the Client with respect to the Genius Link Services ("Administrative Purposes"), and may use Client Personal Data to identify and communicate with respect to potential opportunities for the Client to obtain or use Genius Link Services from GeoRiot, or otherwise promote GeoRiot to the Client and Client User ("Marketing Purposes"). GeoRiot will not use Client Personal Data for Marketing Purposes unless the Client or Client User has consented to such use of Client Personal Data.

Client Personal Data is transferred to and stored by GeoRiot in the United States, according to GeoRiot's standard Data Retention policies.

Client Personal Data is considered Personal Data within the meaning of Privacy Shield and the GDPR. GeoRiot has elected to attest to its adherence to the EU-U.S. Privacy Shield Framework and the Swiss-US Privacy Shield Framework with respect to Client Personal Data. GeoRiot has also implemented policies and procedures to assure its compliance with the GDPR with respect to Client Personal Data.

5. GeoRiot as Limited Data Controller and Data Processor

For Privacy Shield and GDPR purposes GeoRiot may be a Data Processor or a Joint Data Controller with respect to Potential Personal Information subject to this Policy. GeoRiot is a Data Controller with respect to Client Personal Data subject to this Policy.

For purposes of this Policy a "Data Controller" is a party which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, while a "Data Processor" is a party which processes Personal Data on behalf of a Data Controller.

To the extent Privacy Shield and the GDPR apply to Potential Personal Information, for purposes of the Genius Link Services GeoRiot and the applicable Client are Joint Data Controllers of Personal Data included in that Potential Personal Information as follows:

  • GeoRiot offers Geni.us Links and the Genius Link Services to Clients, with pre-established coding and design which determines the information which is collected and the means by which information is processed. The Client determines whether to implement Geni.us Link and use the Genius Link Services, and by agreement with GeoRiot determines to utilize the information collection scope and processing means offered by GeoRiot. All Genius Link Services are provided for the benefit of the Client. The Client is therefore the Data Controller with respect to the determination of the scope of the information to be collected and the means of its processing.

  • The Client determines where to site Geni.us Link(s) in the Client's Digital Properties, and the purpose(s) for which the information collected will be used (e.g., available Storefronts, implementation of routing alternatives, support for commissions, etc.). All Potential Personal Information is processed for the benefit of the Client. The Client is therefore the Data Controller with respect to the determination of siting of the Geni.us Link(s) and the purposes for which information is collected and processed.

  • GeoRiot determines the retention period for information collected via Geni.us Links. GeoRiot is therefore the Data Controller with respect to the retention of the Potential Personal Information.

GeoRiot alone controls the processing of Client Personal Data and is therefore the Data Controller with respect to such information.

6. Provision of Notice to Buyers

This Policy is published to provide notice of GeoRiot's data collection and privacy practices to individuals including Buyers. However, GeoRiot does not typically interact directly with individuals, since its presence on its Clients' Digital Properties is limited to the Geni.us Link(s) in/on the Client's Digital Properties. GeoRiot therefore contractually requires its Clients to ensure their compliance with any legal requirements for notification to and consent by individuals with respect to their data collection and use practices, as required in their applicable jurisdictions.

In addition, GeoRiot contractually requires its Clients to comply with the Network Advertising Initiative Code of Conduct where it is applicable to their business. In particular, if a Client attempts to combine PII or Personal Data from other sources with Potential Personal Information, it is required to notify the affected individuals and obtain their opt-in consent in accordance with the NAI Code of Conduct. If a Client collects data for interest-based advertising, it is required to clearly and conspicuously post a notice consistent with the NAI Code that contains:

  • A statement that data may be collected for interest-based advertising;

  • A description of types of data that are collected for interest-based advertising purposes;

  • An explanation of how, and for what purpose, the data collected will be used or transferred to third parties; and

  • A conspicuous link to an opt-out mechanism.

If GeoRiot should intentionally collect Personal Information directly from individuals for any other reason, GeoRiot will conform to the same standards.

a. Collection of Potential Personal Information

GeoRiot principally collects information through transactions that occur as part of "Link Localization." In this process a Geni.us Link which promotes or sells a product is posted on a Client's Digital Property, and automatically points to a Retailer's online Storefront designated by the Client. When a Buyer clicks the Geni.us Link, Potential Personal Information is collected and transmitted to GeoRiot's servers. This information is automatically analyzed to identify the location and type of Device being used to access the link. Based on this information, the Geni.us Link automatically redirects the Device to a web page in regional or country-specific storefront of the Retailer ("Localized Page") which promotes or sells the product.

GeoRiot does not create or administer either its Clients' Digital Properties or Retailers' Storefront pages, does not provide content for either, and does not sell or promote products on either. The only information GeoRiot collects from either the Digital Property or the Storefront is that provided in response to the click on the Genius Link.

GeoRiot may collect and process the following information from the Device used to click on the Geni.us Link:

  • User Agent Information which identifies the Device, operating system and browser used by the Device in use. User Agent Information is treated as if it were Potential Personal Information.

  • Location Information, which is the IP address of the Device used in the Transaction. The IP address provides network information, which can often be used to determine the country, state and sometimes city and postal code where the Device is in use. Location Information is treated as if it were Potential Personal Information.

  • Language Information, which is the language associated with the Device's browser. Language Information is not treated as Personal Data.

  • The Client URL, which is the URL of the Client's Digital Property on which the originating Geni.us Link is sited. The Client URL is not treated as Personal Data.

  • Product Information, which is identification information for Products the Device was used to view. Product Information is not treated as Personal Data.

  • Limited Purchase Information such as the number of products purchased, a list of items (or categories of items), purchase prices, and timestamp of the Transaction ("Limited Purchase Information"). Limited Purchase Information is collected and provided to GeoRiot by Clients, who are responsible for ensuring that any individual consent or authorization required for its use by GeoRiot has been obtained. Limited Purchase Information is treated as if it were Potential Personal Information.

  • Third Party Product Information including Product price, genre, name, developer, publisher, and other general information published by the Retailer, developer or other third party. Third Party Product Information is not treated as Personal Data.

GeoRiot does not collect any other information that might be considered, or might be used to derive, an individual's Personal Data, sensitive or otherwise.

GeoRiot's Genius Link Services are only offered with respect to individuals who are 18 years of age or older. GeoRiot does not knowingly collect or maintain any PII or Personal Data from individuals who are under 13 years of age, and no aspect of the Genius Link Services is designed to attract people under the age of 13. If GeoRiot obtains knowledge that a Buyer is under the age of 13, GeoRiot will remove Potential Personal Information with respect to that individual from its databases.

b. Use and Retention of Potential Personal Information by GeoRiot

GeoRiot may use Potential Personal Information it obtains as follows:

  • For purposes of Link Localization, to redirect Consumers from digital properties to appropriate Storefronts.

  • For purposes of Data Analytics, to create reports of Client marketing activities using Genius Link links. Reports include aggregated information about matters including click trends, geographic information, sales and commissions data, separately or in combination, based on Data collected by GeoRiot. Reports may be filtered based on specified parameters (e.g. number of clicks per day per specific location; clicks from specific referrers or from Devices using specific Software; etc.).

  • For purposes of Data Analytics, in aggregated data sets to support specific marketing strategies and Product and advertising content offerings, based on mashups of various types of data with different Transactions.

  • For purposes of GeoRiot's internal management and administration, and fulfillment of its legal responsibilities or protection of its legal interests.

Subject to the Section 6(c), Potential Personal Data may be retained by GeoRiot for any period GeoRiot determines is necessary to ensure compliance with its legal responsibilities or protection of its legal interests, according to GeoRiot's Data Retention policies, except that IP Address is only processed during the initial click on a Geni.us Link and is not stored after such processing.

c. Buyer Choice with Respect to Potential Personal Information

The Potential Personal Information GeoRiot maintains after processing a Geni.us Link click is limited to User Agent Information, Language Information, Client URL, Product Information, Limited Purchase Information and Third Party Product Information. The only information maintained by GeoRiot which might in principle allow identification of an individual Buyer is User Agent Information and Limited Purchase information, which would have to be combined with other information from third parties which is not available to GeoRiot in order to allow identification of an individual Buyer.

GeoRiot therefore can only provide a Buyer with an opportunity to exercise choice with respect to their Personal Data included in Potential Personal Information if the Buyer can provide GeoRiot with additional information regarding the Buyer's association with specific User Agent Information and/or Limited Purchase Information for GeoRiot to identify the Buyer with specific Potential Personal Information in GeoRiot's control, with a reasonably high degree of reliability. In the event a Buyer provides such information, GeoRiot will provide the opportunity to opt-in before any Personal Data included in Potential Personal Information associated with the Buyer is disclosed to a third party other than one disclosed in this Policy, or used for a purpose incompatible with the purpose for which it was originally collected or as otherwise permitted or authorized by the Buyer.

For additional information and to request the opportunity to opt-in, please email GeoRiot here.

GeoRiot may retain Device information that is subject to a Buyer's disclosure opt-in accordance with GeoRiot's Data Retention Policy. The purpose of retaining such information is for GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests. Residual User Agent information may also remain within databases, access logs, and other records.

GeoRiot does not collect, use or disclose sensitive information, which is defined as personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual. In the event GeoRiot should do so, GeoRiot will give Buyer's an explicit opt-in choice if their sensitive information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or as authorized by the individual.

d. Accountability for Onward Transfer of Potential Personal Information

GeoRiot may disclose or provide Potential Personal Information to third parties as follows:

  • To a Client for purposes of Data Analytics, as part of aggregated data in a report or data set.

  • To a subsidiary or affiliated company of GeoRiot, subject to their compliance with this Privacy Policy.

  • To a third-party services provider, such as a hosting or analysis service or a security consulting firm, for purposes of GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests, subject to contractual requirements for protection of the information consistent with this policy and Privacy Shield requirements.

  • To governmental authorities or their legal designees, if required by applicable law.

  • In the cases of a client using an affiliate program with the Genius Link Services, GeoRiot may share client and account information with affiliate program's account management teams in order to ensure compliance with the affiliate program.

GeoRiot shall not transfer Personal Data to a third-party Data Controller without the consent of the individuals, and shall first enter into a contract with Data Controller that provides:

  • That the Potential Personal Information may only be processed for purposes consistent with such consents.

  • That the Data Controller will provide the level of protection required for Personal Data required under Privacy Shield.

  • That the Data Controller will notify GeoRiot if the Data Controller makes a determination that it can no longer meet this obligation.

  • That the Data Controller will cease processing the Potential Personal Information or takes other reasonable and appropriate steps to remediate in case of such a determination.

Consent is not required when GeoRiot discloses Potential Personal Information to a third party that is acting as an agent to perform task(s) on behalf of and under the instructions of GeoRiot, such as a Data Processor. In the event of such a disclosure, GeoRiot shall:

  • Identify the purposes for which it is transferring such information.

  • Ensure that the agent is obligated to provide at least the same level of privacy protection as is required under Privacy Shield.

  • Take reasonable and appropriate steps to ensure that the agent effectively processes the Potential Personal Information transferred in a manner consistent with GeoRiot's obligations under Privacy Shield.

  • Require the agent to notify GeoRiot if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required under Privacy Shield

  • Require the agent upon notice, including notice based on a determination the agent can no longer meet its obligation to provide the same level of protection as is required under Privacy Shield, to take reasonable and appropriate steps to stop and remediate unauthorized processing.

GeoRiot shall provide a summary or a representative copy of the relevant privacy provisions of its contract with any such agent to the U.S. Department of Commerce upon request.

GeoRiot shall remain responsible for the processing of Potential Personal Information it transfers to an agent acting on its behalf, and shall be liable if the agent processes such Potential Personal Information in a manner inconsistent with the Privacy Shield unless GeoRiot proves that it is not responsible for the event giving rise to the damage, if any.

e. Buyer Access to Potential Personal Information

The Potential Personal Information GeoRiot maintains after processing a Geni.us Link click is limited to User Agent Information, Language Information, Client URL, Product Information, Limited Purchase Information and Third Party Product Information. The only information maintained by GeoRiot which might in principle allow identification of an individual Buyer is User Agent Information and Limited Purchase information, which would have to be combined with other information from third parties which is not available to GeoRiot in order to allow identification of an individual Buyer.

GeoRiot therefore can only provide a Buyer with an opportunity to review and request that GeoRiot update or delete their Personal Data included in Potential Personal Information if the Buyer can provide GeoRiot with additional information regarding the Buyer's association with specific User Agent Information and/or Limited Purchase Information for GeoRiot to identify the Buyer with specific Potential Personal Information in GeoRiot's control, with a reasonably high degree of reliability. In the event a Buyer provides such information, GeoRiot will upon request allow them to review and request that GeoRiot update or delete Potential Personal Information to the extent the information can be identified to the individual Buyer or is identifiable to a specific Device used by the Buyer for the Transaction(s) for which the information was collected.

For additional information and to request the opportunity to review and request update or deletion, please email GeoRiot here.

f. Security

GeoRiot maintains reasonable and appropriate physical, electronic and procedural safeguards to protect Potential Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Potential Personal Information. However, GeoRiot cannot guarantee that these safeguards will not be penetrated or compromised or that all information will remain secure under all circumstances.

g. Data Integrity and Purpose Limitation

GeoRiot will take reasonable steps to ensure that Potential Personal Information is accurate, complete, current, and reliable for its intended use, and to ensure that it does not process Potential Personal Information in a way that is incompatible with the purposes for which it was collected unless authorized by the individual. GeoRiot will take reasonable and appropriate measures to ensure that it does not retain Potential Personal Information which may identify an individual only for as long as is consistent with the purposes for which it was collected.

h. Disclosures for Law Enforcement and National Security Purposes

GeoRiot may be required to disclose Potential Personal Information in response to lawful requests by public authorities with appropriate jurisdiction, including to meet national security or law enforcement requirements, if require by applicable law.

7. Provision of Notice to Client Users

This Policy is also published to provide notice of GeoRiot's data collection and privacy practices to Client Users. GeoRiot interacts directly with Client Users in the course of account registration and communications and transactions with respect to the Genius Link Services.

a. Collection of Client Personal Data

When a Client creates a GeoRiot account it must provide GeoRiot with contact information for individual users authorized to use the Genius Link Services and communicate with GeoRiot as or on behalf of a Client ("Client Users"). This information may include Client User name, email addresses, and potentially other information used to communicate with the Client User, as well as the content of communications between GeoRiot and the Client User and any transactions the Client User engages in with GeoRiot.

b. Use and Retention of Client Personal Data

GeoRiot may use Client Personal Data to communicate with the Client User and with other individuals acting on behalf of the Client with respect to the Genius Link Services, and may use Client Personal Data to identify and communicate with respect to potential opportunities for the Client to obtain or use Genius Link Services from GeoRiot, or otherwise promote GeoRiot to the Client and Client User. GeoRiot will not use Client Personal Data for marketing or promotional purposes unless the Client or Client User has consented to such uses of Client Personal Data.

GeoRiot may also use Client Personal Data for purposes of GeoRiot's internal management and administration, and fulfillment of its legal responsibilities or protection of its legal interests.

Subject to Section 7(c), Client Personal Data may be retained by GeoRiot for any period during which the Client maintains an active account with GeoRiot, plus any additional period GeoRiot determines is necessary to ensure compliance with its legal responsibilities or protection of its legal interests, according to GeoRiot's standard data retention policies.

c. Client User Choice with Respect to Potential Personal Information

GeoRiot will provide Client Users the opportunity to opt-in if their Client Personal Data is to be disclosed to a third party other than one disclosed in this Policy, or used for a purpose incompatible with the purpose for which it was originally collected or as otherwise permitted or authorized by the Client User.

A Client User may request to opt-out of any previously authorized or permitted disclosure of Client Personal Data information by GeoRiot, except disclosure to the Client with which the Client User is associated, by emailing us here. In order to opt-out GeoRiot may require the Client's approval, if the Client is not the same as the Client User.

GeoRiot may retain Client Personal Data that is subject to a Client User's disclosure opt-out in accordance with GeoRiot's Data Retention Policy. The purpose of retaining such information is for GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests. GeoRiot is not responsible for updating or removing Client Personal Data disclosed to third parties before the Client User's opt-out.

GeoRiot does not collect, use or disclose sensitive information, which is defined as personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual. In the event GeoRiot should do so, GeoRiot will give Client Users an explicit opt-in choice if their sensitive information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or as authorized by the individual.

d. Accountability for Onward Transfer of Client Personal Data

GeoRiot may disclose or provide Client Personal Data to third parties as follows:

  • To the Client with which the Client User is associated, if applicable, for any purpose.

  • To a subsidiary or affiliated company of GeoRiot, subject to their compliance with this Privacy Policy.

  • To a third-party services provider, such as a hosting or analysis service or a security consulting firm, for purposes of GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests, subject to contractual requirements for protection of the information consistent with this policy and Privacy Shield requirements.

  • To governmental authorities or their legal designees, if required by applicable law.

GeoRiot shall not transfer Client Personal Data to a third-party Data Controller without the consent of the individuals, and shall first enter into a contract with Data Controller that provides:

  • That the Client Personal Data may only be processed for purposes consistent with such consents.

  • That the Data Controller will provide the level of protection required for Personal Data required under Privacy Shield.

  • That the Data Controller will notify GeoRiot if the Data Controller makes a determination that it can no longer meet this obligation.

  • That the Data Controller will cease processing the Client Personal Data or takes other reasonable and appropriate steps to remediate in case of such a determination.

Consent is not required when GeoRiot discloses Client Personal Data to a third party that is acting as an agent to perform task(s) on behalf of and under the instructions of GeoRiot, such as a Data Processor. In the event of such a disclosure, GeoRiot shall:

  • Identify the purposes for which it is transferring such information.

  • Ensure that the agent is obligated to provide at least the same level of privacy protection as is required under Privacy Shield.

  • Take reasonable and appropriate steps to ensure that the agent effectively processes the Client Personal Data transferred in a manner consistent with GeoRiot's obligations under Privacy Shield.

  • Require the agent to notify GeoRiot if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required under Privacy Shield

  • Require the agent upon notice, including notice based on a determination the agent can no longer meet its obligation to provide the same level of protection as is required under Privacy Shield, to take reasonable and appropriate steps to stop and remediate unauthorized processing.

GeoRiot shall provide a summary or a representative copy of the relevant privacy provisions of its contract with any such agent to the U.S. Department of Commerce upon request.

GeoRiot shall remain responsible for the processing of Client Personal Data it transfers to an agent acting on its behalf, and shall be liable if the agent processes such Client Personal Data in a manner inconsistent with the Privacy Shield unless GeoRiot proves that it is not responsible for the event giving rise to the damage, if any.

e. Client User Access to Potential Personal Information

GeoRiot provides Client Users with the opportunity to review and request that GeoRiot update or delete Client Personal Data. Modification or deletion of Client Personal Data may be subject to Client notice and approval. To access this information, email us here.

f. Security

GeoRiot maintains reasonable and appropriate physical, electronic and procedural safeguards to protect Client Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Client Personal Data. However, GeoRiot cannot guarantee that these safeguards will not be penetrated or compromised or that all information will remain secure under all circumstances.

g. Data Integrity and Purpose Limitation

GeoRiot will take reasonable steps to ensure that Client Personal Data is accurate, complete, current, and reliable for its intended use, and to ensure that it does not process Client Personal Data in a way that is incompatible with the purposes for which it was collected unless authorized by the individual. GeoRiot will take reasonable and appropriate measures to ensure that it does not retain Client Personal Data which may identify an individual only for as long as is consistent with the purposes for which it was collected.

h. Disclosures for Law Enforcement and National Security Purposes

GeoRiot may be required to disclose Client Personal Data in response to lawful requests by public authorities with appropriate jurisdiction, including to meet national security or law enforcement requirements, if require by applicable law.

8. Recourse, Enforcement and Liability

GeoRiot is subject to the jurisdiction of the United States Federal Trade Commission ("FTC") with respect to this Policy. The FTC may investigate violations of this Policy, and enforce compliance with the Privacy Shield and applicable law.

GeoRiot provides assurance of its compliance with this Policy by conducting internal assessments of its relevant practices internally. In the event such an assessment finds non-compliant privacy, corrective action plans will be developed to resolve the identified gaps in compliance, as well as preventive action plans to maintain compliance.

Any employee GeoRiot finds has violated this Policy will be subject to disciplinary action up to and including termination of employment.

In compliance with the Privacy Shield Principles, (your organization name) commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact GeoRiot by email at hi@geni.us or by mail at:

GeoRiot Networks, Inc.
Att'n: Data Protection
5506 6th Avenue S. #105
Seattle, WA 98108

GeoRiot will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy, and will respond to any complaint within thirty (30) days of receiving a complaint.

GeoRiot has further committed to refer unresolved Privacy Shield complaints to International Centre for Dispute Resolution of the American Arbitration Association ("ICDR"), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.icdr.org/Supportfor more information or to file a complaint. The services of ICDR are provided at no cost to you. In the event you have filed a complaint and pursued arbitration for a violation of this Policy or the Privacy Shield by GeoRiot and are not satisfied with the result, you have the right to seek arbitration by a Privacy Shield Panel. This panel may impose individual-specific, non-monetary equitable relief to remedy the violation of the Principles with respect to your rights.

GeoRiot will respond promptly and appropriately to inquiries about this Policy and compliance with the Privacy Shield from the FTC or the U.S. Department of Commerce.

9. Amendment of Policy

GeoRiot reserves the right to modify this Policy at any time without notice. If GeoRiot amends this Policy, notice of the amendment and the amended policy will be posted on the Genius Link website and such other sites as GeoRiot may deem appropriate. Any amendment will be consistent with the requirements of Privacy Shield and applicable E.U. law. The terms of this Privacy Policy in effect at the time Potential Personal Information is collected by GeoRiot shall continue to apply to such information notwithstanding such amendment.

10. Contact Information

Please contact us at hi@geni.us with any questions, comments, or concerns. You may also mail us at:

GeoRiot Networks, Inc.
Att'n: Data Protection
5506 6th Avenue S. #105
Seattle, WA 98108