Privacy Statement, effective as of May 24, 2018
At Cloud Conversion, Inc. trust is our #1 value. This Cloud Conversion Privacy Statement (“Privacy Statement”) describes our privacy practices. Please read this Privacy Statement carefully to learn how we collect, use, share and otherwise process information relating to individuals (“Personal Data”), and your rights and choices regarding our processing of your Personal Data.
A reference to “Cloud Conversion,” “we,” “us,” “our,” or the “Company” is a reference to Cloud Conversion, Inc.
1. Processing activities covered
This Privacy Statement applies to the following processing activities:
Visiting our websites which display or link through to this Privacy Statement;
Visiting our offices;
Receiving communications from us, including emails, texts or fax;
Registering for our events;
Participating in community and open source development.
Our websites may contain links to other websites, applications and services maintained by third parties. The information practices of such other services are governed by the third-party privacy statements, which we encourage you to review to better understand those third parties’ privacy practices.
2. Responsible Cloud Conversion entity
Cloud Conversion is the controller of your Personal Data and responsible for the collection, processing and disclosure of your Personal Data as described in this Privacy Statement, unless expressly specified otherwise.
This Privacy Statement does not apply to the extent we offer our customers various cloud products and services through which our customers may create their own websites and applications running on our platforms, sell or offer their own products and services, send electronic communications to other individuals, and collect and analyze Personal Data from individuals.
What Personal Data do we collect?
3.1 Personal Data we collect directly from you
The Personal Data that we collect directly from you may include the following:
if you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our websites, sign up for an event or webinar, or download certain content, we generally require you to provide us with your contact information, such as your name, job title, company name, address, phone number, email address, or username and password;
if you makes purchases via our websites or register for an event, we may also require you to provide us with financial information and billing information, such as billing name and address, credit card number, or bank account information;
if you attend an event, we may, upon your consent, scan your attendee badge which will provide us with your name, title and company name, address, country, phone number and email address;
if you register for an online community that we host, we may ask you to provide a username, photo and/or biographical information, such as your occupation, social media profiles, company name, and areas of expertise;
if you use and interact with our websites, we automatically collect log files and other information about your device and your usage of our websites through cookies, web beacons or similar technologies, such as IP-addresses or other identifiers, which may qualify as Personal Data (view the “What device and usage data we process” section below);
if you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival.
3.2 Personal Data we collect from other sources
We may also collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data provided by you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we collect Personal Data from the following sources:
Business contact information, including mailing address, job title, email address, phone number, ‘intent data’ which is web user behaviour data, IP addresses, social handles, LinkedIn URL and custom profiles from third party data providers for the purposes of targeted advertising, delivering relevant email content, event promotion and profiling;
Both Cloud Conversion and Commerce Cloud use platforms such as GitHub to manage code check-ins and pull requests. If you participate in an open source or community development project, we may associate your code repository username with your community account so we could inform you of program changes that are important to your participation or additional security requirements.
4. What device and usage data we process
We use common information-gathering tools, such as log files, cookies, web beacons and similar technologies to automatically collect information, which may contain Personal Data, from your computer or mobile device as you navigate our websites or interact with emails we have sent you.
4.1 Log Files
As is true of most websites, we gather certain information automatically via log files. This collected information may include your Internet Protocol (IP) address (or proxy server), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, to help us provide and improve our websites and to guarantee their security and continued proper functioning. We also collect IP addresses from users when they log into the services as part of the Company’s security features.
4.2 Cookies, web beacons and other tracking technologies
When you visit our websites, our servers or an authorized third party may place a cookie on your browser, which can collect information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track overall usage, determine areas that you prefer, make your usage easier by recognizing you and providing you with a customized experience.
We also use web beacons on our websites. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such such tracking technologies are used to operate and improve our websites and email communications and track the clicking of links or opening of emails.
The following sets out how we use different categories of cookies and similar technologies, as well as information on your options for managing the settings for the data collection by these technologies:
Type of Cookies Description Managing Settings
Required cookies enable you to navigate our websites and use their features, such as accessing secure areas of the websites.
If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
Because required cookies are essential to operate the websites there is no option to opt out of these cookies.
Functional cookies allow us to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features.
Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant messages, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.
We may use our own technology or third party technology to track and analyze usage and volume statistical information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
Cloud Conversion may also utilize HTML5 local storage or Flash cookies for these purposes. Flash cookies and HTML local storage are different from browser cookies because of the amount of, type of, and how data is stored.
To manage the use of functional cookies on our websites, consult your individual browser settings for cookies. Note that opting out may impact the functionality you receive when using our websites.
To opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here.
To learn how to control functional cookies using your browser settings click here.
To learn how to manage privacy and storage settings for Flash cookies click here.
Targeting or Advertising cookies
See Section 4.3, below, to learn more about these and other advertising networks and your ability to opt out of collection by certain third parties.
All cookies placed by Cloud Conversion and listed above expire after 12 months.
4.3 Notices on behavioral advertising and opt-out
As described above, we or third parties may place or recognize a unique cookie on your browser when you visit our websites for the purposes of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising, advertising networks and your ability to opt out of collection by certain third parties, please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here.
To manage the use of targeting or advertising cookies on this website, consult your individual browser settings for cookies. To learn how to manage privacy and storage settings for Flash cookies click here. Various browsers may offer their own management tools for removing HTML5 local storage.
4.4 Opt-Out from the collection of device and usage data
You may opt-out from the collection of device and usage data (see “What device and usage data we process” section above) by managing your cookies at the individual browser level. In addition, if you wish to opt-out of interest-based advertising click here, or if located in the European Union click here). Please note, however, that by blocking or deleting cookies and similar technologies used on our websites, you may not be able to take full advantage of the website.
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites. Cloud Conversion takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
4.5 Social Media Features
Our websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks, the latter may receive information that you have visited our website from your IP address. If you are logged into your social media account, it is possible that the respective social media network can link your visit of our websites with your social media profile.
Cloud Conversion also allows you to log in to certain of our websites using sign-in services such as Facebook Connect. These services will authenticate your identity and provide you the option to share certain Personal Data with us such as your name and email address to pre-populate our sign-up form.
Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.
4.6 Telephony log information
If you use certain service features, we may also collect telephony log information (like phone numbers, time and date of calls, duration of calls, SMS routing information and types of calls), device event information (such as crashes, system activity, hardware settings, browser language), and location information (through IP address, GPS, and other sensors that may, for example, provide us with information on nearby devices, Wi-Fi access points and cell towers).
5. Purposes for which we process Personal Data and the legal basis on which we rely
We collect, process your Personal Data for the purposes and on the legal bases identified in the following:
Promoting security of our websites: We will process your Personal Data by tracking use of our websites, creating aggregated, non-personal data, verifying accounts and activity, investigating suspicious activity, as well as violations of and enforcement of our terms and policies, to the extent this is necessary for the purpose of our legitimate interests in promoting the safety and security of the systems and application used for our websites, and protecting our rights and the rights of others;
Managing user registrations: We will process your Personal Data by managing your user account for the purpose of performing the contract with you according to any applicable terms of service;
Handling contact and user support requests: If you fill out a “Contact Me” web form, request user support, or if you contact us by other means, we will process your Personal Data for the performance of our contract with you and to the extent it is necessary for the purpose of our legitimate interests to fulfill your request and communicate with you;
Managing event registrations and attendance: We will process your Personal Data to plan and host the event or webinar, including related communication with you, on basis of the performance of our contract with you;
Managing payments: If you have provided financial information, we will process your respective Personal Data to check the financial qualifications and collect payments to the extent this is necessary for completing transaction with you under the contract entered into with you;
Developing and improving our websites: We will process your Personal Data to analyze trends, track your usage of our websites and interactions with emails to the extent this is necessary for our legitimate interests to develop and improve our websites and to provide our users with more relevant and interesting content;
Managing office visitors: We will process your Personal Data for security reasons, to register who visited our offices and who signed the non-disclosure agreement that visitors may be required to sign.
Displaying personalized advertisements and content: We will process your Personal Data to conduct marketing research, advertise to you, provide personalized information about us on and off our websites, and other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interests to advertise our websites or, where necessary, to the extent you have provided your prior separate consent (please also view “Your rights relating to your Personal Data” below to learn how you can control how your Personal Data is processed by Cloud Conversion for marketing purposes);
Sending marketing communications: We will process your Personal Data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, SMS, or push notifications) about us and our affiliates and partners, including information about our products, promotions or events as necessary for our legitimate interests to conduct direct marketing or to the extent you have provided your prior separate consent (please also view “Your rights relating to your Personal Data” section below to learn how you can control how your Personal Data is processed by Cloud Conversion for marketing purposes);
Complying with legal obligations: We will process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights, and is necessary for our legitimate interests to protect against misuse or abuse of our websites, to protect personal property or safety, to pursue remedies available to us and limit our damages, to comply with a judicial proceedings, court order or legal process, and/or to respond to lawful requests.
Where we need to collect and process Personal Data by law, or under a contract we have entered into with you and you fail to provide that required Personal Data when requested, we may not be able to perform the contract.
6. Who do we share Personal Data with?
We may share your Personal Data with the following recipients:
Our contracted service providers which provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, customer support and data enrichment; such service providers comprise companies located in the countries in which we operate;
If you use our websites to register for an event or webinar organized by a one of our affiliates, we may share your Personal Data with the affiliate to the extent this is required on the basis of the contract with you to process your registration and ensure your participation in the event; in such case, our affiliate will process the relevant Personal Data as a separate controller and will provide you with further information on the processing of your Personal Data, where required. A list of companies within the Cloud Conversion corporate group is available here;
If you attend an event or webinar organized by us, we may share your information with sponsors of the event if: (1) you consent to such sharing via an event registration form; or (2) you allow your attendee badge to be scanned at a sponsor booth. In that event, your information will be subject to the business partners’ respective privacy statements. If you do not wish for your information to be shared, you may choose not to opt-in via event registration or elect not to have your badge scanned at our events;
With third–party social networks, advertising networks and websites, which usually act as separate controllers, so that Cloud Conversion can market and advertise on third party platforms and websites;
Specifically in relation to the AppExchange website, information we collect from you may be sent to our third party partners who may contact you regarding their products or services;
In individual cases we may also share Personal Data with professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in countries in which we operate who provide consultancy, banking, legal, insurance and accounting services;
We may also share your Personal Data with other affiliates within the Cloud Conversion corporate group to the extent this is necessary to fulfill a request you have submitted via our websites, or for customer support, marketing, technical operations and account management purposes; a list of companies within the Cloud Conversion corporate group is available here;
If we are involved in a merger or reorganization, sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by another company, we may transfer some or all of your Personal Data to such third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any such transfer of Personal Data to an unaffiliated third party as processing of your Personal Data will be required for the purposes set out in “Purposes for which we process Personal Data and on which legal bases” section above.
Any Personal Data or other information you choose to submit in communities, forums, blogs, or chat rooms on our websites may be read, collected, and/or used by others who visit these forums, depending on your account settings.
7. International transfer of information collected
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates in other countries where we operate.
Therefore, your Personal Data may be processed outside the EEA, and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection in the EEA. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.
Our websites are not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us as described in the “Contacting Us” section below and we will take steps to delete such Personal Data from our systems.
9. How long do we keep your Personal Data?
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see “Purposes for which we process Personal Data and on what legal basis” section above). We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes of the processing through other means, as well as the applicable legal requirements (such as applicable statutes of limitation).
After expiry of the retention periods, your Personal Data will be deleted. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of the data.
10. Your rights relating to your Personal Data
10.1 Your rights
You have certain rights regarding your Personal Data, subject to local data protection laws. These may include the following rights:
to access your Personal Data held by us (right to access);
to rectify inaccurate Personal Data and ensure it is complete (right to rectification);
to erase/delete your Personal Data to the extent permitted by other legal obligations (right to erasure; right to be forgotten);
to restrict our processing of your Personal Data (right to restriction of processing);
to transfer your Personal Data to another controller to the extent possible (right to data portability);
to object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”); Automated Decision-Making currently does not take place on our websites;
to the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
10.2 How to exercise your rights
To exercise your rights, please contact us in accordance with the “Contacting Us” section below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. If you are an employee of a Cloud Conversion customer, we recommend you contact your company’s system administrator for assistance in correcting or updating your information.
In addition, if you have registered for an account with us, you may generally update your user settings, profile, organization’s settings or event registration by logging into the applicable website with your username and password and editing your settings or profile. To update your billing information, discontinue your account, and/or request return or deletion of your Personal Data and other information associated with your account, please contact us.
10.3 Your rights relating to Customer Data
As described above, we may also process Personal Data in the role of a processor (see “Responsible Cloud Conversion entity” section above). If your data has been submitted to us by a Cloud Conversion customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with our customer directly. Because we may only access our customer’s data upon instruction from the respective customer, if you wish to make your request directly to us, please provide the name of the Cloud Conversion customer who submitted your data when you contact us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
10.4 Your preferences for marketing communications
If we process your Personal Data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from us by clicking on the “unsubscribe” link located on the bottom of our marketing emails, by replying or texting ‘STOP’ if you receive SMS communications, or by turning off push notifications on our apps on your device. Additionally, you may unsubscribe by contacting us using the information in the “Contacting Us” section below. Please note that opting-out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as information about your subscriptions or event registrations, service announcements or security information.
We take precautions including organizational, technical, and physical measures, to help safeguard against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data we process or use.
While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us via the “Contacting Us” section below.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, address, telephone number, insurance policy number, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||NO|
|D. Commercial information.||Records products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||YES|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||N/A|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO|
Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our customers or our partners. For example, from information customers provide to us or through our third party partners, related to the services for which they engage us.
- Directly and indirectly from activity on our website (www.cloudconversion.com), application, and/or webclient, as applicable. For example, from submissions through our website portal or website usage details collected automatically.
- From third parties that interact with us in connection with the services we perform.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in order for us to prepare a shipping label, we will use that information to prepare the label.
- To provide you with information, products or services that you request from us.
- To provide you with email alerts and other notices concerning our products or services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, analysis and product development.
As necessary or appropriate to protect the rights of our clients or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category D: Commercial Information.
Category F: Internet or other similar network activity
Category G: Geolocation data.
We disclose your personal information for a business purpose to the following categories of third parties:
- Our affiliates.
- Service providers.
- Third-party partners in connection with products or services we provide to you.
To improve our services, we have provided limited identifiers (including name and postal address) and limited commercial information to our parent company. The actions taken by us may be considered a “sale” under the CCPA, but we received no monies for providing said information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Emailing the request to firstname.lastname@example.org
Calling: +1 (877) 780-8942
Only you or a person having the legal authority to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- If you are a current customer of Company, you must log into your account and process any request through the application and/or webclient, as applicable.
We may be unable to respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
13. Changes to this Privacy Statement
We will update this Privacy Statement from time to time to reflect changes in our practices, technology, legal requirements and other factors. If we do, we will update the “effective date” at the top of this Privacy Statement. If we make an update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you using the email address you provided.
We encourage you to periodically review this Privacy Statement to stay informed about our collection, processing and sharing of your Personal Data.
14. Contacting us
To exercise your rights regarding your Personal Data, or if you have questions regarding this Privacy Statement or our privacy practices please fill out this form or mail us at:
Data Protection Officer
2140 Webster Drive
Park City, UT 84060
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.