This California Consumer Act Privacy Notice (“CCPA Notice”) applies to “Consumers” as defined by the California Consumer Privacy Act (“CCPA”). For the purpose of this CCPA Notice, personal information applies to “Personal Information” as defined by the CCPA (also referred to herein as “PI”).
We collect and share the following categories of PI from the corresponding sources and for the corresponding purposes set forth in the table below.
Some browsers have signals that may be characterized as do not track signals, but we do not understand them to operate in that manner or to indicate a do not sell expression by you, so we currently do not recognize these as a do not sell request. We understand that various parties are developing do not sell signals and we may recognize certain such signals if we conclude such a program is appropriate.
California Consumers have the right to exercise the privacy rights under the CCPA. California Consumers may exercise these rights via an authorized agent who meets the agency requirements of the CCPA. Any request you submit to us is subject to an identification and residency verification process (“Verifiable Consumer Request”). We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. In order to verify your identity, we will send you an email to the email address that you provide to us, and you must take action as described in our email. This will enable us to verify that the person who made the request controls and has access to the email address associated with the request. We will check our systems for the email address that you provide, and any information associated with such email address. If you provide us with an email address that has not been used to interact with us, then we will not be able to verify your identity. In other words, the only reasonable method by which we may verify the identity of individuals is if we have an email address on file that was provided to us in relation to our services. We will be unable to fulfill your request if we cannot verify your identity. Please mail us at email@example.com and respond to any follow up inquiries we may make.
Some personal information we maintain about Consumers is not sufficiently associated with enough personal information about the Consumer for us to be able to verify that it is a particular Consumer’s personal information (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA, we do not include that personal information in response to Verifiable Consumer Requests. If we cannot comply with a request, we will explain the reasons in our response.
We will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose, and otherwise use and to respond to your California Consumer privacy rights requests. We will typically not charge a fee to fully respond to your requests, but we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome.
To make a request according to your rights to know or to request deletion of your PI set forth below, please email us at firstname.lastname@example.org and you need to confirm your identity. In order to verify your identity, we will send you an email to the email address that you provide to us, and you must take action as described in our email. This will enable us to verify that the person who made the request controls and has access to the email address associated with the request. We will check our systems for the email address that you provide, and any information associated with such email address. If you provide us with an email address that has not been used to interact with us, then we will not be able to verify your identity. In other words, the only reasonable method by which we may verify the identity of individuals is if we have an email address on file that was provided to us in relation to our services. We will be unable to fulfill your request if we cannot verify your identity.
|Category of Personal Information||Sources of Personal Information||Purposes for Collection||Categories of Third Parties with whom Personal Information is Shared||Purposes of Third Parties Receiving PI|
|1. Identifiers and Personal Records
(e.g., email address, name, address, IP address, credit card number)
|Directly from you; your devices; Vendors||Performing Services;
Processing and managing interactions and transactions;
Quality Assurance; security; debugging; marketing
|Vendors which assist us in providing services and running our internal business operations (“Vendors”); Data Analytics Partners; Corporate affiliates||Performing Services on our behalf;
Processing and managing interactions and transactions; performing services;
Quality Assurance; security; debugging
|2. Customer Acct. Details/Commercial Information
(e.g., details of your use of our service)
|You; your devices; Vendors||Performing Services;
Research and development; quality assurance; security; debugging; and marketing
|Data Analytics Partners; Vendors; Corporate affiliates||Performing Services on our behalf; research and development; quality assurance; security; and debugging|
|3. Internet Usage Information (e.g., information regarding your interaction with our services)||You; your devices; Data Analytics Partners; Vendors||Research and development; quality assurance; security; and debugging||Partners; Vendors; Corporate affiliates||Performing Services on our behalf; Research and development; quality assurance; security; and debugging|
|4. Inferences (e.g., your preferences, likelihood of interest in certain of our services)||Data Analytics Partners; Vendors; Advertising Networks||Research and development; quality assurance; and marketing||Data Analytics Partners; Vendors; Advertising Networks; Corporate affiliates||Performing Services on our behalf; research and development; quality assurance; marketing|
For your specific pieces of information, as required by the CCPA, we will apply heightened verification standards, which may include a request to provide further information.
You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
The categories of PI we have collected about you. The categories of sources from which we collected your PI.
- The business or commercial purposes for our collecting or selling your PI.
- The categories of third parties to whom we have shared your PI.
- The specific pieces of PI we have collected about you.
- A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
- A list of the categories of PI sold about you in the prior 12 months, or that no sale occurred. If we sold your PI, we will explain:
- The categories of your PI we have sold.
- The categories of third parties to which we sold PI, by categories of PI sold for each third party.
You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining.
Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
Except to the extent we have a basis for retention under CCPA, you may request that we delete your PI that we have collected directly from you and are maintaining. Note also that we are not required to delete your PI that we did not collect directly from you.
You may alternatively exercise more limited control of your PI by instead exercising one of the following more limited opt-outs, including unsubscribing from email newsletters.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale and retention and use of your PI as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. Please note that participating in incentive programs is entirely optional, you will have to affirmatively opt-in to the program and you can opt-out of each program (i.e., terminate participation and forgo the ongoing incentives) prospectively by following the instructions in the applicable program description and terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.
Our Notice to Nevada Residents
If you are located in the European Economic Area (EEA):
Controller of your Personal Data
Legal Basis for Using Personal Data
We process your personal data only if we have a legal basis to do so, including:
- to comply with our legal and regulatory obligations;
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party;
- where you have given consent to our specific use.
The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is further explained below.
Some of our processing of your data will involve transferring your data outside the European Economic Area (“EEA”). Some of our external third-party service providers are also based outside of the EEA, and their processing of your personal data will involve a transfer of data outside the EEA. This includes the United States. Where personal data is transferred to and stored in a country not determined by the European Commission as providing adequate levels of protection for personal data, we take steps to provide appropriate safeguards to protect your personal data, including when appropriate entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data.
Retention of Personal Data
Data Subject Access Rights
You have the following rights:
- Right of access to your personal data: You have the right to ask us for confirmation on whether we are processing your personal data, and access to the personal data and related information.
- Right to correction: You have the right to have your personal data corrected, as permitted by law.
- Right to erasure: You have the right to ask us to delete your personal data, as permitted by law.
- Right to withdraw consent: You have the right to withdraw consent that you have provided.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority in the member state of your habitual residence.
- Right to restriction of processing: You have the right to request the limiting of our processing under limited circumstances.
- Right to data portability: You have the right to receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
- Right to object: You have the right to object to our processing of your personal data, as permitted by law, under limited circumstances.
In order to exercise any of these rights, please contact us according to the “How to Contact Us” section herein. Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.