Privacy Policy

PySimpleSoft Privacy Policy

Last updated: August 11, 2023

PySimpleSoft, Inc. (“PySimpleSoft”, “we”, “us” or “our”) is committed to protecting your privacy. This Privacy Policy applies to Personal Information that we collect, use, share or otherwise process in the conduct of our business operations, including through the Registration Services that we provide to our customers and/or through our Sites (each as more fully defined below).

This Privacy Policy describes the types of Personal Information that we collect; how and for what purposes we use Personal Information; in which circumstances we share Personal Information with third parties; how we secure and retain Personal Information; other information about our compliance with particular data protection laws and regulations; details about individuals’ rights and choices regarding their own Personal Information; and how you can contact us regarding our privacy practices.

Please read this Privacy Policy carefully to understand our policies and practices regarding our treatment of Personal Information. If you do not agree with our practices as described in this Privacy Policy, please contact us with any questions, and please do not access or use the Registration Services, our Sites, or any other aspect of our business.

1.         Overview

The following terms have the following meanings for purposes of this Privacy Policy:

·       Personal Information” means information or data that directly or indirectly identifies, describes, relates to or is reasonable capable of being associated with or linked to a particular individual, consumer or household. “Personal Information” includes information or data that would be considered “personal information” or “personal data” under applicable data protection laws and regulations.

·       Registration Services” means the functionality of the Sites that enables registration for and (as applicable) purchase of a license key for the Software.

·       Software” means the PySimpleGUI software.

·       Sites” means our web pages available at https://pysimplegui.com and related URLs.

·       You” means an individual whose Personal Information PySimpleSoft collects, uses, shares or otherwise processes as more fully set forth in this Privacy Policy, including without limitation:

o   an employee or contractor of one of our actual or prospective customers;

o   a user or recipient of beneficial use of the Registration Services; or

o   a visitor to our Sites.

2.         Information we Collect and Receive

We collect Personal Information directly from individuals, from third parties, and automatically through the Registration Services and Sites. We collect the following categories of information, which may be considered Personal Information when maintained in an identifiable format.

·       PySimpleGUI registration information: When a developer uses the Registration Services to register for a PySimpleGUI developer license key, we collect the developer’s email address and IP address.

·       Payment information: When a customer uses the Registration Services, we may receive and process payment information relating to the transaction via the use of third-party payment processors, who may provide us with part of the applicable payment information.

·       Automated technical usage data: When a user downloads or uses the Software, telemetry functionality within the Software may automatically generate and transmit to us a record of the user’s IP address.

·       Location and company information: We may receive information about a user’s approximate physical location, such as city and country, or about the company associated with an individual, in each case as determined based on the individual’s IP address.

·       Communications: When you communicate with us (via email, through the Registration Services or Sites, through your participation in PySimpleGUI activities on GitHub, or otherwise), we may maintain a record of your communication.

We may also collect and process other types of information and data which does not constitute Personal Information. For example, we may de-identify and aggregate certain Personal Information we collect such that the information no longer identifies, and cannot any longer reasonably be linked to, a particular user or individual. We may use this information to improve our Software, Registration Services and Sites, to analyze trends, and for other development, marketing, research and statistical purposes, and we may disclose such de-identified information to third parties for these purposes.

3.         Purposes and Legal Bases for Use of Personal Information

We use the Personal Information we collect for our legitimate business interests, which include the following purposes:

·       Providing the Software, Registration Services and Sites: To provide the Software, the Registration Services and the Sites; to authorize and manage access to the Software, Registration Services and the Sites; to communicate with you about your use of the Software, Registration Services and the Sites and respond to your inquiries; to perform essential business operations; and for other purposes to support customers and users and enable their use of the Software, Registration Services and the Sites.

·       Performing contractual obligations: To perform our contracts with customers and suppliers, and to satisfy contractual necessity to conduct our operations and provide the Software and Registration Services that we offer.

·       Analytics and development: To gather metrics to better understand how users access and use the Software, the Sites and the Registration Services; to evaluate and improve the Software, the Registration Services, and the Sites; and to develop new products, services and websites.

·       Compliance: To comply with legal obligations and requests, such as to comply with laws that compel us to disclose information to public authorities, courts, law enforcement or regulators, and to maintain records for a certain period.

·       Business and legal operations: To conduct our general business and legal operations, such as accounting, record-keeping, and other business administration purposes; and as necessary to establish, exercise and defend (actual and potential) legal claims.

·       Prevent misuse: To investigate, prevent or take action regarding unlawful activities, suspected fraud, situations involving potential threats to the security of the Registration Services or the Sites or to any person or property, or actual or potential violations of our terms of service, other agreements or this Privacy Policy.

We do not profile visitors to our Sites or collect, in any automated manner, any special categories of sensitive Personal Information. No automated decision-making, including profiling, is used when processing Personal Information.

The following legal bases for processing Personal Information apply to the foregoing purposes (see “European Economic Area, United Kingdom and Switzerland Residents Privacy Rights” for more information):

Purposes of Processing (see above)

Legal Bases of Processing

Providing the Software, Registration Services and Sites

·       Our legitimate business interests

·       Where necessary to enter into or perform a contract with you (upon your request, or as necessary to make the Registration Services available)

·       Compliance with law

·       As necessary to establish, exercise and defend legal claims

Performing contractual obligations

·       Our legitimate business interests

·       Where necessary to enter into or perform a contract with you (upon your request, or as necessary to make the Registration Services available)

·       Compliance with law

·       As necessary to establish, exercise and defend legal claims

Analytics and development

·       Our legitimate business interests

Compliance

·       Our legitimate business interests

·       Compliance with law

·       As necessary to establish, exercise and defend legal claims

Business and legal operations

·       Our legitimate business interests

·       Compliance with law

·       As necessary to establish, exercise and defend legal claims

Prevent misuse

·       Our legitimate business interests

·       Compliance with law

·       As necessary to establish, exercise and defend legal claims

 

4.         How we Share and Disclose Personal Information

We share Personal Information with the following categories of recipients and as set forth below:

  • Third-party vendors: Your Personal Information will only be shared with and processed by non-affiliated third-party vendors, including service providers and contractors, as permitted by law and for the purposes described in this Privacy Policy. We may disclose Personal Information to certain non-affiliated specialized service providers, including professional advisors, consultants, technical service providers, and other third parties, who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them. We may disclose your Personal Information to third-party service providers to provide us with services such as  hosting of the Registration Services and the Sites, and related infrastructure, customer service, email delivery, auditing and other similar services. 
  • Business transfers: When applicable, we may share your information in connection with an actual or proposed substantial corporate transaction, such as the sale of a Registration Service or business unit, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy; including in negotiations, due diligence, and integrations related to such transactions.
  • With your consent or at your direction: We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.
  • Other legal reasons: In addition, we may use or disclose your Personal Information as we deem necessary or appropriate: (1) under applicable law; (2) to respond to requests or required disclosures from public and government authorities; (3) to pursue available remedies or limit damages we may sustain; (4) to protect our operations; (5) to protect the rights, privacy, safety or property of PySimpleSoft, you and others; and (6) to enforce our terms and conditions or other agreements.

We may disclose de-identified or aggregated information that does not identify any individual (and therefore is not deemed to be Personal Information) without restriction.

5.         Data Security

We have implemented privacy and security measures reasonably adequate to preserve Personal Information from loss, misuse, unauthorized access, disclosure, alteration and destruction. We use a self-assessment approach to ensure compliance with our privacy statements and verify periodically that our statements regarding our handling and use of Personal Information are accurate and reasonably complete in regard to the information covered. Although we work hard to protect your Personal Information, we cannot guarantee the security of any information you choose to transmit to us through the Software, the Registration Services or the Sites, and you do so at your own risk. Please note that email is considered a non-encrypted (and therefore nonsecure) form of communication, and it has the potential to be accessed and viewed by others without your knowledge and permission. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “How to Contact Us” section below. In accordance with applicable law, we will use commercially reasonable efforts to let you know promptly if a breach occurs that we determine may have compromised the privacy or security of your Personal Information. We are not responsible for any outcome if you circumvent any privacy settings or security measures.

6.         Retention of Personal Information

We will retain Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy and in order to provide the Software and the Registration Services. We will also retain your Personal Information to comply with our legal obligations, to conduct audits, resolve disputes, and enforce our agreements.

7.         Children’s Privacy

The Registration Services and the Sites are only intended for individuals who are at least 16 years of age. We do not knowingly encourage or solicit visitors to the Sites who are under the age of 16 or knowingly collect Personal Information from anyone under the age of 16 without parental fiduciary consent. If we learn we have collected or received Personal Information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us in accordance with the “How to Contact Us" section below.

We are committed to complying with the Children’s Online Privacy Protection Act (COPPA). The Registration Services and the Sites are not directed to children under the age of 13 and children under the age of 13 are not to use or provide any information to the Registration Services or the Sites without express parental consent. We do not knowingly collect Personal Information from children under the age of 13. If we receive Personal Information that we discover was provided by a child under the age of 13 without parental consent, we will promptly destroy such information.

8.         Your Personal Information Choices

You have choices in how your Personal Information is used and shared. In addition to the rights specified in this section, under applicable law you may have additional or more specific rights, which we will respect. You have the right to update, access, and delete certain of your Personal Information.

Certain Exceptions to Deletion Request Rights: You have the right to request that we delete any of your Personal Information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. We may deny your deletion request, including where retaining the information is necessary for us or our service provider(s) to do the following (where permitted under applicable law):

  • Complete the transaction for which we collected the Personal Information, fulfill the terms of a written warranty or product recall conducted in accordance with applicable law, or otherwise perform our contract with you, and retain applicable records relating thereto.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another individual to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest.
  • Enable solely internal uses that are reasonably aligned with individual expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it and permitted under applicable law.

Exercising Access, Data Portability and Deletion Rights: To exercise the access, data portability, and deletion rights described above, please submit a verifiable request to us as provided in the “How to Contact Us” section below.

Verification of Your Identity:  Only you, or someone legally authorized to act on your behalf, may make a verifiable request related to your Personal Information. You may make a verifiable request for access or data portability twice within a 12-month period. You must:

  • provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and
  • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a request to exercise your rights does not require you to create an account with us.

9.         Withdrawal of your Consent

Where you have provided consent to process Personal Information, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal or the lawfulness of processing based on other lawful bases. You may do this by contacting us as set forth in the “How to Contact Us” section below.

10.       Timing and Format for Responses to Requests

We endeavor to respond to a verifiable request within 30 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

The response we provide will explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the Personal Information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

11.       European Economic Area, United Kingdom and Switzerland Residents Privacy Rights

Your Personal Information will be treated in a secure and confidential manner, using appropriate technical and organizational measures, in compliance with all applicable laws and regulations, including the European General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), and the Swiss Federal Act on Data Protection. Depending on the context in which personal information is provided, we may be a data processor (“processor”) or a data controller (“controller”) of your personal information.

As applicable under the GDPR and UK GDPR, individuals have additional rights including the following:

  • to obtain a copy of your personal information together with information about how and on what legal basis that personal information is processed;
  • to rectify inaccurate personal information (including to have incomplete personal information completed);
  • to erase your personal information (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);
  • to restrict processing of your personal information under certain circumstances;
  • to export certain personal information in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you and the processing is carried out by automated means;
  • to withdraw your consent to our processing of your personal information (where that processing is based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal);
  • to obtain, or see a copy of the appropriate safeguards under which your personal information is transferred to a third country or international organization; and
  • to object to our use and processing of your personal information that is conducted on the basis of our legitimate interest. You also have the right to object at any time to any processing of your personal information for direct marketing purposes, including profiling for marketing purposes; please note that we do not use your personal information to market to you.

Lodging a Complaint: You also have the right to lodge a complaint with your local supervisory authority for data protection, or privacy regulator. A list of data protection supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Submitting a Request: To exercise the above rights or contact us with questions or complaints regarding our treatment of your personal information, contact us at support@pysimplegui.com. Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will respond to your request within the applicable timeframes set out by law.

International Transfers: If you are located within the European Economic Area, the United Kingdom or Switzerland, you should note that your personal information may be transferred to countries outside these jurisdictions, including the United States where PySimpleSoft or certain of our third-party service providers are located. The United States is deemed by the European Union to provide inadequate data protection. Transfers of your Personal Information between us and a third party shall be done pursuant to adequate protections, which may include Standard Contractual Clauses, your explicit consent, and/or other permitted mechanisms under applicable law.

In addition, please check the following sections of this Privacy Policy: “Information we Collect and Receive”; “Purposes and Legal Bases for Use of Personal Information”; “How we Share and Disclose Personal Information”; “Your Personal Information Choices”; and “Withdrawal of your Consent”.

If you have any questions or concerns regarding this Privacy Policy or our privacy practices, including the processing of your personal information, if you would like to exercise your data rights under applicable laws, or if you believe your privacy rights have been violated, please contact us as provide in the “How to Contact Us” section below.

12.       Links to Third-Party Sites

Occasionally we may provide links to other sites for your convenience and information. These sites operate independently from our Sites and are not under our control. These sites may have their own privacy notices or terms of use, which you should review if you visit any sites linked through our Sites. We are not responsible for the content or use of these unrelated sites. 

13.       Updates to this Privacy Policy

PySimpleSoft may change its Privacy Policy from time to time, and at PySimpleSoft’s sole discretion. We encourage individuals to frequently check this page for any changes to the Privacy Policy.

14.       How to Contact Us

If you have any questions or concerns about this Privacy Policy or our Personal Information handling practices, please contact us at support@pysimplegui.com or write to us at PySimpleSoft, Inc., 3291 Wynnewood Drive, Greensboro, NC 27408.