California Privacy Notice

This California Consumer Act Privacy Notice (“CCPA Notice”) applies to “Consumers” as defined by the California Consumer Privacy Act (“CCPA”). For the purpose of this CCPA Notice, personal information applies to “Personal Information” as defined by the CCPA (also referred to herein as “PI”). 

We collect and share the following categories of PI from the corresponding sources and for the corresponding purposes set forth in the table below. 

Category of Personal Information	Sources of Personal Information	Purposes for Collection	Categories of Third Parties with whom Personal Information is Shared	Purposes of Third Parties Receiving PI
1. Identifiers and Personal Records (e.g., email address, name, address, IP address, credit card number)	Directly from you; your devices; Vendors	Performing Services; Processing and managing interactions and transactions;  Quality Assurance; security; debugging; marketing	Vendors which assist us in providing services and running our internal business operations (“Vendors”); Data Analytics Partners; Corporate affiliates	Performing Services on our behalf; Processing and managing interactions and transactions; performing services; Quality Assurance; security; debugging
2.  Customer Acct. Details/Commercial Information (e.g., details of your use of our service)	You; your devices; Vendors	Performing Services; Research and development; quality assurance; security; debugging; and marketing	Data Analytics Partners; Vendors; Corporate affiliates	Performing Services on our behalf; research and development; quality assurance; security; and debugging
3. Internet Usage Information (e.g., information regarding your interaction with our services)	You; your devices; Data Analytics Partners; Vendors	Research and development; quality assurance; security; and debugging	Partners; Vendors; Corporate affiliates	Performing Services on our behalf; Research and development; quality assurance; security; and debugging
4. Inferences (e.g., your preferences, likelihood of interest in certain of our services)	Data Analytics Partners; Vendors; Advertising Networks	Research and development; quality assurance; and marketing	Data Analytics Partners; Vendors; Advertising Networks; Corporate affiliates	Performing Services on our behalf; research and development; quality assurance; marketing

In addition, we may collect, use and disclose your PI as required or permitted by applicable law, or as directed by you, in accordance with this Privacy Policy.

We do not knowingly “sell” personal information that we collect from you, in accordance with the definition of “sell” in the CCPA, and will treat personal information we collect from you as subject to a do not sell request. There is not yet a consensus as to whether third-party cookies and tracking devices associated with our websites and mobile apps may constitute a “sale” of your PI as defined by the CCPA. You can exercise control over browser-based cookies by adjusting the settings on your browser. We also list cookies and provide access to their privacy information and, if available, opt-out programs in our Cookie Policy. Further, you can learn more about your choices regarding certain kinds of online interest-based advertising with the Digital Advertising Alliance or the Network Advertising Initiative. We do not represent that these third-party tools, programs or statements are complete or accurate.

Some browsers have signals that may be characterized as do not track signals, but we do not understand them to operate in that manner or to indicate a do not sell expression by you, so we currently do not recognize these as a do not sell request. We understand that various parties are developing do not sell signals and we may recognize certain such signals if we conclude such a program is appropriate.

California Consumers have the right to exercise the privacy rights under the CCPA. California Consumers may exercise these rights via an authorized agent who meets the agency requirements of the CCPA. Any request you submit to us is subject to an identification and residency verification process (“Verifiable Consumer Request”). We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. In order to verify your identity, we will send you an email to the email address that you provide to us, and you must take action as described in our email. This will enable us to verify that the person who made the request controls and has access to the email address associated with the request. We will check our systems for the email address that you provide, and any information associated with such email address. If you provide us with an email address that has not been used to interact with us, then we will not be able to verify your identity. In other words, the only reasonable method by which we may verify the identity of individuals is if we have an email address on file that was provided to us in relation to our services. We will be unable to fulfill your request if we cannot verify your identity. 

Some personal information we maintain about Consumers is not sufficiently associated with enough personal information about the Consumer for us to be able to verify that it is a particular Consumer’s personal information (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA, we do not include that personal information in response to Verifiable Consumer Requests. If we cannot comply with a request, we will explain the reasons in our response. 

We will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose, and otherwise use and to respond to your California Consumer privacy rights requests. We will typically not charge a fee to fully respond to your requests, but we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. 

To make a request according to your rights to know or to request deletion of your PI set forth below, please click here, where you will find a description of the process we use to verify your request and any information that we will need to confirm your identity. In order to verify your identity, we will send you an email to the email address that you provide to us, and you must take action as described in our email. This will enable us to verify that the person who made the request controls and has access to the email address associated with the request. We will check our systems for the email address that you provide, and any information associated with such email address. If you provide us with an email address that has not been used to interact with us, then we will not be able to verify your identity. In other words, the only reasonable method by which we may verify the identity of individuals is if we have an email address on file that was provided to us in relation to our services. We will be unable to fulfill your request if we cannot verify your identity.

For your specific pieces of information, as required by the CCPA, we will apply heightened verification standards, which may include a request to provide further information.

You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:

• The categories of PI we have collected about you.
• The categories of sources from which we collected your PI.
• The business or commercial purposes for our collecting or selling your PI.
• The categories of third parties to whom we have shared your PI.
• The specific pieces of PI we have collected about you.
• A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
• A list of the categories of PI sold about you in the prior 12 months, or that no sale occurred. If we sold your PI, we will explain:
• The categories of your PI we have sold.
• The categories of third parties to which we sold PI, by categories of PI sold for each third party.

You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining. 

Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.

Except to the extent we have a basis for retention under CCPA, you may request that we delete your PI that we have collected directly from you and are maintaining. Note also that we are not required to delete your PI that we did not collect directly from you. 

You may alternatively exercise more limited control of your PI by instead exercising one of the following more limited opt-outs, including unsubscribing from email newsletters.

We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data.  In addition, we may offer you financial incentives for the collection, sale and retention and use of your PI as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. Please note that participating in incentive programs is entirely optional, you will have to affirmatively opt-in to the program and you can opt-out of each program (i.e., terminate participation and forgo the ongoing incentives) prospectively by following the instructions in the applicable program description and terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.

Our Notice to Nevada Residents

Under Nevada law, Nevada residents may opt out of the sale of certain “covered information” collected by operators of websites or online services. We currently do not sell covered information, as “sale” is defined by such law, and we don’t have plans to sell this information. However, if you would like to be notified if we decide in the future to sell personal information covered by the Act, please go to [email protected] to provide your name and email address. We may share your data as explained in this privacy policy, such as to enhance your experiences and our services, and those activities will be unaffected by a Nevada do not sell request. You may also have other choices regarding our data practices as set forth elsewhere in this privacy policy.

Legal Basis for Using Personal Data

We process your personal data only if we have a legal basis to do so, including:

• to comply with our legal and regulatory obligations;
• for the performance of our contract with you or to take steps at your request before entering into a contract;
• for our legitimate interests or those of a third party;
• where you have given consent to our specific use.

International Transfers

Some of our processing of your data will involve transferring your data outside the European Economic Area (“EEA”). Some of our external third-party service providers are also based outside of the EEA, and their processing of your personal data will involve a transfer of data outside the EEA. This includes the United States. Where personal data is transferred to and stored in a country not determined by the European Commission as providing adequate levels of protection for personal data, we take steps to provide appropriate safeguards to protect your personal data, including when appropriate entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data.

Retention of Personal Data

We will retain your personal data only for as long as necessary for the purposes it was retained, such as to enable you to use the Website and your products or to provide services to you. In some instances, we may retain data for longer periods in order to comply with applicable laws (including those regarding document retention), resolve disputes with any parties, and otherwise as necessary to allow us to conduct our business. All personal data we retain will be subject to this Privacy Policy and our internal retention guidelines.

Data Subject Access Rights

You have the following rights:

• Right of access to your personal data: You have the right to ask us for confirmation on whether we are processing your personal data, and access to the personal data and related information.
• Right to correction: You have the right to have your personal data corrected, as permitted by law.
• Right to erasure: You have the right to ask us to delete your personal data, as permitted by law.
• Right to withdraw consent: You have the right to withdraw consent that you have provided.
• Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority in the member state of your habitual residence.
• Right to restriction of processing: You have the right to request the limiting of our processing under limited circumstances.
• Right to data portability: You have the right to receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
• Right to object: You have the right to object to our processing of your personal data, as permitted by law, under limited circumstances.

In order to exercise any of these rights, please contact us according to the “How to Contact Us” section herein. Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.