Table of Contents
Definition of Personal Information
California “Shine the Light” Law
CCPA Disclosures and Rights; Do Not Sell
California Do Not Track Disclosure
Do We Use “Cookies”?
Third Party Links
Aggregate and De-Identified Information
Children’s Online Privacy Information
1. Definition of Personal Information
Personal Information does not include:
Publicly available information from government records.
De-identified or aggregated consumer information.
Other information excluded from the CCPA’s scope, such as:
health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
2. California “Shine the Light” Law/Your California Privacy Rights
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits consumers who are California residents, to request and obtain from us once a year, free of charge, information about the categories of personal information (as defined in the Shine the Light law), if any, that we disclosed in the preceding calendar year to third parties for those third parties’ direct marketing purposes. Our disclosure requirements apply only if we share our consumers’ personal information with third parties for them to directly market their own products to those consumers, instead of assisting us with our own business. If you are a California resident and would like to make such a request, contact us as provided in the “Contact Us” section below.
3. CCPA Disclosures and Rights; Do Not Sell
This Section describes the categories and examples of Personal Information we collect, the sources of that Personal Information, the purposes for which we may have used that information, and the third parties with whom it may have been shared.
3.1 Personal Information We Collect
The following is a list of categories of Personal Information which may have been collected from consumers or users of our Services within the last twelve (12) months. The categories and examples provided in the chart below are those defined in the CCPA. This does not mean that all examples of that category of Personal Information were in fact collected but reflects our good faith belief to the best of our knowledge that some of that information may have been collected about consumers. We will update this disclosure from time to time as appropriate.
A. Identifiers. A name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account username, screen name, password, Social Security number, driver’s license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status.
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement, including user generated content.
G. Geolocation data. Physical location or movements.
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information. Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
3.2 Sources of Personal Information.
Directly from you. For example, during account registration from forms you complete, subscriptions you purchase or comments you provide on our Websites.
Indirectly from you. For example, from observing your actions on our Website.
From third parties. For example, third party social networking providers and advertising companies, our affiliates and service providers who provide services or information to us. If you do not want us to collect information from social networks, you should review and adjust your privacy settings on those networks as desired before linking or connecting them to our Websites.
- From publicly available sources. For example, online database searches.
3.3 Use and Disclosure (“Sale”) of Personal Information
The CCPA broadly defines the term “sale” to mean:
“Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for valuable consideration; or (B) sharing orally, in writing, or by electronic or other means, a consumer’s personal information with a third party, whether for valuable consideration or for no consideration, for the third party’s commercial purposes.”
Within this meaning, we may have disclosed (as that term is defined by the CCPA) Personal Information in the categories below from consumers and users of our Services within the last twelve months where such disclosure may fall within the CCPA’s definition of a “sale.” When we disclose that we may have sold Personal Information, it means that we may have received some kind of benefit to our company in return for sharing Personal Information, it does not necessarily mean we received any money in exchange.
The categories below are those defined in the CCPA. This does not mean that all examples of that category of Personal Information were in fact “sold” but reflects our good faith belief to the best of our knowledge that some of that information may have been shared for value in return. We will update this disclosure from time to time as appropriate.
Personal information categories listed in the California Customer Records statute.
Protected classification characteristics under California or federal law.
Internet or other similar network activity.
Professional or employment-related information.
Non-public education information.
Inferences drawn from other personal information.
3.4 Use of Personal Information for Business Purposes or Commercial Purposes.
We may use or disclose Personal Information we collect for “business purposes” or “commercial purposes” (as defined under the CCPA), which may include the following examples. The examples provided are illustrative and not intended to be exhaustive.
(a) Auditing Interactions with Consumers. For example: monitoring traffic to our Websites, counting ad impressions, and auditing legal and regulatory compliance.
(b) Security.For example, maintaining the safety, security, and integrity of our Website, products and Services, databases and other technology assets and our business, including preventing fraud, detecting security breaches and prosecuting violators, and responding to law enforcement requests or court orders and to comply with any applicable laws and regulations.
(c) Debugging/Repair. For example, identifying and repairing errors in our Websites’ functionality.
(d) Certain Short-term Uses. For example, ad customization that does not involve or contribute to profiling.
(e) Performing Services. For example, creating, maintaining, customizing and securing your account with us, processing your purchases, transactions, and payments, hosting our Websites, fulfilling subscription orders, managing databases, performing analyses, billing, and marketing services such as managing promotions and contests.
(f) Internal Research for Tech Development. For example, testing, research, analysis, and product development, including to develop and improve our Website, products, and Services.
(g) Quality and Safety Maintenance and Verification. For example, improving, upgrading or enhancing our products, Services or Websites, and verifying the quality or safety of our Websites or Services.
(h) Other Commercial Purposes. For example, as described to you when collecting your Personal Information such as for promotions or contests, or to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, in which Personal Information we hold is among the assets transferred.
3.5 Disclosing Personal Information to Other Parties
We may disclose your Personal Information to the following categories of other parties for a business purpose or commercial purpose, as those terms are defined in the CCPA:
Service providers: such as contractors, agents or sponsors who help us manage or provide our products and services by, for example: developing or supporting products and features; sending email messages on our behalf; processing payments; fulfilling orders; delivering subscriptions; auditing; processing data or statistics; and serving, customizing or delivering marketing. These third party service providers are required to protect Personal Information entrusted to them and not use it for any other purpose than the specific service they are providing on our behalf.
Advertisers, advertising technology companies, analytics companies and other third parties with whom we have business relationships
Our legal advisors and parties involved in a legal process
To an entity involved in the sale of our business
Third parties to whom you or your agents authorize us to disclose your Personal Information in connection with products or Services we provide to you
3.6 Your CCPA Privacy Rights and Choices
California residents may have certain rights under the CCPA, many of which are subject to limitations or exceptions under applicable law:
(a) Right to Know about Personal Information Collected or “Sold”
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. After we receive and confirm your verifiable consumer request, we will disclose to you within the time required by the CCPA, the relevant information, which may include:
The categories of Personal Information we collected about you.
The categories of sources for the Personal Information we collected about you.
Our business or commercial purpose for collecting or selling that Personal Information.
The categories of third parties with whom we share that Personal Information.
The specific pieces of Personal Information we collected about you (also called a data portability request).
If we sold your Personal Information, or disclosed your Personal Information for a business purpose, two separate lists disclosing:
sales, identifying the Personal Information categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
(b) Right to Request Deletion of Personal Information
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions, including if we need the Personal Information for a reason related to our business, such as:
providing goods or Services to you;
detecting and resolving issues related to security or functionality;
complying with legal obligations;
conducting research in the public interest;
exercising free speech or ensuring another’s exercise of free speech; or
using the information for internal purposes that a consumer might reasonably expect.
After we receive and confirm your verifiable consumer request, we will delete your Personal Information from our records in the time and manner required by the CCPA, subject to any limitations or exceptions under law.
3.6.1 Exercising Your Rights
To exercise the rights described above, please submit a verifiable consumer request to us through the web form link provided below in Contact Us.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period.
The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. This means that in making a request you may be required to: provide your email and phone number, customer information, and/or account sign-up authentication or other information needed to verify your identity depending on the sensitivity of the Personal Information that is the subject of the request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. If we are unable to verify your identity, we reserve the right to deny the request.
Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
If you choose to use an authorized agent to submit a request to know or a request to delete your information, we may require that you: (1) provide the authorized agent written permission to do so; and (2) verify your own identity directly with us. We will not require these steps if we have received proof that you have provided the authorized agent with a power of attorney pursuant to California Probate Code sections 4000 to 4465. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf. We may also deny a request from an agent that does not meet the requirements for authorized agents under the CCPA.
Once we have verified your identity (and your authorized agent, as applicable), we will respond to your request as appropriate. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request. If we are unable to complete your request in whole or in part, we will let you know why.
3.6.2 Response Timing and Format
We use good faith efforts to respond to a verifiable consumer request within forty-five (45) days after its receipt. If we need more time (up to 90 days), we will inform you of the reason and the needed extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by email.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If we cannot comply with any portion of a request, the response we provide will also explain why, if applicable. For data portability requests, we will select a commercially reasonable format to provide your Personal Information that is commonly useable and should allow you to transmit the information from one entity to another entity without hindrance, but we do not guarantee that all formats are useable in all media. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
3.6.3 Non-Discrimination for the Exercise of CCPA Privacy Rights
We will not discriminate against you for exercising any of your CCPA rights. In particular, we will not:
Deny you goods or services
Charge you different prices for goods or services, whether through denying benefits or imposing penalties
Provide you with a different level or quality of goods or services
Threaten you with any of the above
3.6.4 Financial Incentives
We may offer you certain financial incentives for the collection of your Personal Information and as permitted by the CCPA. These incentives may result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time. Details of the incentive, if applicable, including how to opt in or out and the basis for the value of the incentive, will be provided prior to or at the time of your participation.
3.7 Do Not Sell My Personal Information.
The CCPA requires businesses to provide a web page where consumers can opt out of the ”sale” of their Personal Information. The link to our Do Not Sell web form is located here.
In addition, you may opt out of certain interest-based advertising by using the following resources:
(a) You may opt-out of tracking and receiving tailored advertisements on your mobile device by some mobile advertising companies and other similar entities by downloading the App Choices app at www.aboutads.info/appchoices.
(b) You may opt-out of receiving permissible targeted advertisements by using the NAI Opt-out tool available at optout.networkadvertising.org or visiting About Ads.
(c) You may opt-out of having your activity on our Websites and Services made available to Google Analytics by installing the Google Analytics opt-out add-on for your web browser by visiting: tools.google.com/dlpage/gaoptout for your web browser.
(d) Our providers may collect certain Personal Information from you on our Websites, such as your email (in hashed form), IP address or information about your browser or operating system. And then then returns to us an online identification code that is associated with your Personal Information, and that we may store in our first-party cookie for our own use in online and cross-channel advertising across our Websites. It may also be shared with advertising companies to enable interest-based and targeted advertising.
4. California Do Not Track Disclosures
We do not currently respond to browser Do Not Track signals or other browser or device based mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. Unless and until the law requires us to respond to browser Do Not Track signals, we will not respond to those signals as an opt out, but if we do so in the future, we will describe how we do so here. However, we do provide consumers with the ability to manage their cookie choices.
5. Do we use “Cookies”?
Yes. Cookies and similar technologies are small files that a website or its service provider transfers to a computer’s hard drive through a Web browser (if the user allows) that enables the website’s or service provider’s systems to recognize the user’s browser and capture and remember certain information.
We use commercially reasonable procedures and various technical, administrative and physical safeguards to help protect the confidentiality of Personal Information. However, no data transmitted over the Internet or stored or maintained by us or our third-party service providers can be 100% secure given the reality of communication via technology systems. Therefore, although we believe the measures implemented by us are commercially reasonable and reduce the likelihood of security problems to a level appropriate to the type of data involved, we do not promise or guarantee, and you should not expect, that your Personal Information or private communications sent to us over those systems will always remain private or secure. We are not responsible for the circumvention of any privacy settings or security features.
If you believe that your Personal Information has been accessed or acquired by an unauthorized person, please promptly Contact Us so that necessary measures can quickly be taken.
7. Third Party Links
Your Personal Information may be stored, transferred to, and processed in any country where we have facilities or in which we engage service providers. These countries may be outside the United States, and may have different data protection laws than in the United States.
9. Aggregate and De-Identified Information
We may aggregate and/or de-identify any information collected through the Websites and Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion.
10. Do Not Sell My Personal Information.
If you have reason to believe that a child under the age of 13 (or 16) has provided Personal Information “Contact Us” below with sufficient detail to enable us to delete that information from our databases.
Please contact us if you experience any difficulty in accessing any part of this Website or this Policy at email@example.com.
13. Contact Us
PLEASE NOTE: YOU SHOULD ONLY CONTACT US AT THIS NUMBER AND EMAIL FORM FOR PRIVACY RELATED CONCERNS, AND NOT FOR EDITORIAL, SUBSCRIPTION OR CONTENT-BASED ISSUES INCLUDING TAKE-DOWN REQUESTS RELATING TO YOUR NAME OR IMAGE APPEARING IN NEWS STORIES. PLEASE SEE OUR CORPORATE CONTACT US PAGE INSTEAD FOR THOSE MATTERS.
To fill out a Data Information or Deletion Request, firstname.lastname@example.org
Do Not Sell My Personal Information: email@example.com
For additional information and other non-privacy requests, at firstname.lastname@example.org.