California Consumer Privacy Act
1. Personal Information Collected in the Past 12 Months
We collect, process and store various types of Personal Information. For purposes of this Policy, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include de-identified or aggregate information, or public information lawfully available from governmental records.
The following chart describes the categories of Personal Information covered by this Policy that we may have collected in the past 12 months and, for each category, where and why we collected it, and the categories of entities with which we shared the Personal Information.
|Categories of Consumers’ Personal Information||Categories of Sources||Purpose(s) for Collection of Consumers’ Personal Information||Categories of Third Parties With Which Personal Information Was Shared for a Business Purpose|
|Personal Identifiers – such as name, postal address, Internet Protocol address, email address, or other similar identifiers||Consumers directly||Provision of services
Responding to consumer inquires
|Commercial information – such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies||Consumers interacting with our website||Providing products and services
|Internet or other electronic network activity information, including browsing and search history||Consumers interacting with our website||Security processes|
|Audio, or similar information||Consumers who interact with our call center||Provision of services
Responding to consumer inquires
We do not and will not sell Personal Information.
Additional Information about How We Collect and Share your Personal Information
With respect to each of the categories of data above, we may also collect and share Personal Information with third parties to comply with legal obligations; when we believe in good faith that an applicable law requires it; at the request of governmental authorities or other third parties conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of our business, third parties, visitors to our websites and mobile apps, or the public. We may also share Personal Information with any person to whom we transfer any of our rights or obligations under any agreement, or in connection with a sale, merger or consolidation of our business or other transfer of our assets, whether voluntarily or by operation of law, or who is otherwise deemed to be our successor or transferee.
2. Personal Information We Will Continue to Collect About You and Why
We will continue to collect the same categories of Personal Information listed in the chart above, for the same purposes.
3. Rights Related to Personal Information Held by Us
Your Right To Request Disclosure of Information We Collect and Share About You
We are committed to ensuring that you know what Personal Information we collect. To that end, you can ask us for the categories and specific pieces of your Personal Information that we’ve collected about you in the 12 months prior to our receipt of your request.
If you ask us for information about the categories of Personal Information we’ve collected about you, for each identified category, you may receive the following information:
- The categories of sources from which your Personal Information was collected.
- The business or commercial purposes for collecting your Personal Information.
We are also committed to ensuring that you know what information we share about you. You can submit a request to us for the following further information:
- The categories of Personal Information that we’ve disclosed about you for a business purpose and the categories of third parties to which we made those disclosures.
Our responses to any of these requests will cover the 12-month period preceding our receipt of your request.
Your Right To Request Deletion of Personal Information We Have Collected From You
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.
California Shine the Light
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about the Personal Information (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year. We do not share Personal Information with third parties for their own marketing purposes.
Our Commitment to Honoring Your Rights
4. Exercising Your Rights and How We Will Respond
For requests for access or deletion, we will first acknowledge receipt of your request within 10 days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request in certain jurisdictions or under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations.
In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
5. Verification of Identity – Access or Deletion Requests
We will ask you for two pieces of Personal Information and attempt to match those to information that we maintain about you.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial.
You may designate an agent to submit requests on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State.
If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain Personal Information as described above, depending on whether you hold an account with us or not and the nature of the information your require, which we will endeavor to match the information submitted to information we maintain about you. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization. The agent will be required to provide us with proof of the agency relationship, which may be a declaration attesting to the agent’s identity and authorization by you to act on their behalf, signed under penalty of perjury. If the agent is a business entity, it will also need to submit evidence that it is registered and in good standing with the California Secretary of State. Information to identify and verify your agent can be submitted through the same mechanism and at the same time that you submit information to verify your identity.
Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.
Requests for Household Information
There may be some types of Personal Information that can be associated with a household (a group of people living together in a single dwelling). Requests for access or deletion of household Personal Information must be made by each member of the household. We will verify each member of the household using the verification criteria explained above.
If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.
6. Do Not Track Signals
“Do Not Track” is a privacy preference that users can set in certain web browsers. We do not respond to browser or do not track signals.
7. Personal Information of Minors
Our products and services are not directed to minors under the age of 18 and we do not knowingly collect or sell the Personal Information of minors.
8. How We Keep Your Personal Information Secure
We implement and maintain reasonable security appropriate to the nature of the personal information that we collect, use, retain, transfer or otherwise process. Our reasonable security program is implemented and maintained in accordance with applicable law and relevant standards. However, there is no perfect security, and reasonable security is a process that involves risk management rather than risk elimination. While we are committed to developing, implementing, maintaining, monitoring and updating a reasonable information security program, no such program can be perfect; in other words, all risk cannot reasonably be eliminated. Data security incidents and breaches can occur due to vulnerabilities, criminal exploits or other factors that cannot reasonably be prevented. Accordingly, while our reasonable security program is designed to manage data security risks and thus help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.
9. Changes to This Policy