WEBSITE PRIVACY POLICY
[Last Modified: March 18, 2024]
This Privacy Policy (“Privacy Policy”) governs the processing and transfer of personal data collected or processed by Shani Shenhav Services Co. Ltd. (Collectively with its affiliates and subsidiaries shall be referred to as “Company”, “we”, “us” or “our” and the “Shani Shenhav Group”) when you access or use any of our websites and landing pages, including https://shanishenhav.co.il/eng (“you” or “your” and “website”).
This Privacy Policy explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it and how you may exercise your rights related to your Personal Data (as defined below), as required under relevant privacy regulation, including where applicable the EU General Data Protection Regulation (“GDPR”), the Israeli Privacy Protection Law, 1981, the California Consumer Privacy Act (“CCPA”) and other US states as further detailed below.
Additional Notice to California Residents: In the event you are a California resident – please review our CCPA Privacy Notice [APM1] to learn more about our privacy practices with respect to the California Consumer Privacy Act.
Additional Notice to Colorado, Virgina, Connecticut or Utah Residents: In the case you are a resident of one of these US states – please also the ”Jurisdiction-Specific Notices” section below to learn more about our privacy practices and your rights under the privacy and data protection legislation which applies in these states.
If you have any questions regarding this Privacy Policy or our data practices, you are welcome to contact us at: [email protected]. [Company – in the EU and US, it is highly recommended having a designated “privacy@” email for privacy inquiries]
You are not required by law to provide us with any Personal Data. However, please note that some of our services and website features require the processing of certain Personal Data and without such data we may not be able to provide you with all or part of such services and features.
FURTHER, PLEASE NOTE THAT THIS PRIVACY POLICY GOVERNS THE USE OF OUR PROMOTIONAL WEBSITES AND LANDING PAGES, DESIGNATED FOR INFORMATIONAL PURPOSES ONLY, AS EXPRESSLY DESCRIBED IN THE TERMS. THIS PRIVACY POLICY DOES NOT COVER THE USE OF ANY OF OUR PRODUCTS AND SERVICES
POLICY AMENDMENTS:
We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. Any amendments to the Policy will become effective immediately, unless we notify you otherwise. If we materially change the way in which we process your previously collected personal data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to review this Policy periodically to ensure that you understand our most updated privacy practices.
CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:
Shani Shenhav is the Data Controller (as such term is defined under the GDPR or equivalent privacy legislation) of your Personal Data of the Personal Data collected from you as a visitor or user of our website.
You may contact us as follows:
- By email: [email protected]
- By Phone: [Phone]
- By Mail:
Shani Shenhav
5 Ha’Barzel St.
DATA SETS WE COLLECT AND FOR WHAT PURPOSE:
Below you can find information regarding the purposes for which we process your personal data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data, and how it is technically processed.
Non-Personal Data
During your interaction with the Website, we may collect aggregated, non-personal non-identifiable information (“Non-Personal Data “). We are not aware of the identity of the user from which the Non-Personal Data is collected. We collect Non-Personal Data regarding your use of the website, such as the scope, frequency, latency, pages accessed and viewed, time and date stamp, interactions with content and materials displayed through our website, language preference, and other technical information regarding the device used to access the website, for example type of device, type of browser, operating system, etc. Non-Personal Data may be used by us without limitation and for any purpose.
We may sometimes process and anonymize or aggregate Personal Data and identifiable information in a manner that shall create a new set of data that will be Non-Personal Data. Such a new data set can no longer be associated with any identified natural person.
If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined.
Personal Data
We may also collect from you, directly or indirectly, during your access or interaction with the website, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data”). The types of Personal Data that we collect as well as the purpose for processing and the lawfulness are specified in the table below.
On our website, we do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person’s health or data concerning a person’s sex life or sexual orientation (“Special Categories of Personal Data”).
Below please find details regarding our processing of Personal Data, the purpose, lawful basis, and processing operations:
Contact Information:
- Types of Personal Data: If you voluntarily contact us, e.g., through a “contact us” form in our website, you may be required to provide us with certain personal data such as your name, job title, company name, email address, and any additional information you decide to share with us.
*** additional information which is not personal in nature, such as a description of company or business and other business-related data may be required.
- Purpose of Processing and Operations: We will use this data to respond to your inquiry. The correspondence with you may be processed and stored by us in order to improve our internal operations, as well as in the event we reasonably determine it is needed for future assistance or to handle any dispute you might have with us. We may retain and manage such information using external services and platforms such as CRM systems.
*** please note that we may use your contact information in certain cases, per applicable law, for contacting you with marketing materials and propositions.
- Legal Basis per the GDPR (where applicable): We process such Contact Information subject to our legitimate interest. If you are an active customer of our services approaching us regarding to the services we provide you with, the data will be processed per the contract between us.
Newsletter & Updates Registration:
- Types of Personal Data: In the event you sign up to receive our newsletter or other promotional materials, you will be requested to provide your contact details, such as email address.
- Purpose of Processing and Operations: We will use the information you provide in order to include you in our mailing list and send you the materials you have signed up to receive.
- Legal Basis per the GDPR (where applicable): Our lawful basis for the processing of this data is your consent. You may withdraw your consent at any time by clicking the “unsubscribe” link which will be included in the email we will send you. You may also contact us through the above means of contact and request to unsubscribe.
Online Identifiers and Advertising and Targeting data:
- Types of Personal Data: When you interact with the website, we may collect online identifiers such as your Internet Protocol address (IP), Cookie-ID, etc., and other information that relates to your activity through the website, such as pages viewed, click stream data, login time and date stamp, etc. This data might be collected directly by us or by through our use of third parties’ cookies and advertisement platforms. Similarly, we may collect Ad calls, which is a code shared with advertisers, include zip code, advertiser ID, the webpage the end user came from, the IP address, approximate location which assists the advertiser to determine which ads to place. The ad call will also include the end user’s preference regarding interest-based advertisement as further explained herein.
- Purpose of Processing and Operations: Collection of device identifiers is needed for the following purposes: (i) Internal statistics and analysis, for which device identifiers might be combined with usage data, for example, to analyze how many visitors have accessed certain content and from which country (where the country is extracted from the IP address) in order to enhance and improve our website and its content; and (ii) Marketing and advertising purposes. Our partners will process this data to manage and deliver advertisements and content more effectively and personally, including contextual, behavioral and interests-based advertising based on your activity, preferences or other data available to us or to our business partners and advertisers, including for re-targeting purposes.
- Legal Basis per the GDPR (where applicable): Our lawful basis for processing this data for technical and security purposes is based upon our legitimate interests. If we process your Personal Data for analytics and advertising purposes and to the extent required under applicable laws (e.g., if we use third party cookies), we will obtain your consent for such processing. In any such case, you may withdraw consent or change your preferences at any time by using the cookie settings tool available on our website.
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of personal data to third-party countries, as further detailed in the Data Transfer Section, is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the website and to enforce the Terms, as well as to protect the security or integrity of our databases and the website, and to take precautions against legal liability. Such processing is based on our legitimate interests.
HOW WE COLLECT YOUR INFORMATION:
Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:
- Automatically – we may use cookies (as elaborated in the section below) or similar tracking technologies (such as pixels, tags, agent, etc.) to gather some information automatically.
- Provided by you or about you voluntarily – we will collect information if and when you choose to provide us with the information, such as contact us form, etc. all as detailed in this Privacy Policy.
- Provided from third parties – where permitted under applicable law and provided with your consent for cookie usage, we may enrich the Personal Data collected about you with data provided by third parties.
COOKIES
When you access or use the website, we use “cookies” or similar tracking technologies, which store certain information on your device (i.e., locally stored). The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies are used by us for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and advertising. You can find more information about our use of cookies here: www.allaboutcookies.org.
There are several types of cookies, including without limitation:
- Essential, Functionality, Operation & Security Cookies. These cookies are essential for enabling Visitor movement around the website, for the website to function properly, and for security purposes (i.e., used to authenticate Visitors, prevent fraudulent use, and protect Visitor data from unauthorized parties). This category of cookies either cannot be disabled, or if disabled, certain features of the website may not work.
- Analytic, Measurement & Performance Cookies. These cookies are used to collect information about how Visitors use our website, in order to improve our website, content, and the way we offer them, as well as assess performance of the content and marketing campaigns. These cookies enable us, for example, to assess the number of Visitors who have viewed a certain page as well as their country of origin. It enables our website to remember information that changes the way it behaves or looks, such as your preferred language.
- Preference, Targeting & Advertising Cookies. These cookies are used to advertise across the internet and to display relevant ads tailored to Visitors based on the parts of the website they have visited (e.g., the cookie will indicate you have visited a certain webpage and will show you ads relating to that webpage).
You may find more information about the cookies we use as well as opt-out of cookies or change your preferences at any time by using the cookies setting tool available on the footer of our website.
Where we use third-party advertising cookies, such third-party may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, as well as additional data sets, including to combine such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaign you interacted with. These third parties collect and use this information under their own privacy policies, and we are not responsible for their privacy practices.
DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:
We share your data with third parties, including our partners or service providers that help us operate and make the most of the website. You can find here information about the categories of such third-party recipients.
- Our Affiliated Companies, including the Shani Shenhav Group We may share Personal Data with our affiliated companies and subsidiaries in order to provide joint services, for example, marketing, improving our services, etc.
- Our Service Providers We share your Personal Data with our trusted service providers and business partners that perform business operations for us on our behalf (as data processors) and pursuant to our instructions.
This includes the following categories of service providers:
- Advertising and marketing service providers, who help us with advertising measurements, email marketing, etc.;
- Payment processors, who helps ass process your purchase securely and collect the consideration you owe us;
- Data storage providers, with whom we entrust the hosting and storage of our data;
- Consent Manager (CMP), an external service that provides us with the ability to allow website visitors to control and manage their cookies preferences and consent;
- General IT and SaaS providers – providing us with IT systems for the management of our daily conduct;
- Data analytics and data management providers, who help us improve, personalize and enhance our operation.
- Data security partners, who help us detect and prevent potentially illegal acts, violations of our policies, fraud and/or data security breaches and ensure compliance with legal obligations.
- Legal and Law Enforcement We may disclose certain Personal Data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other Visitor to legal liability, and solely to the extent necessary to comply with such purpose.
- Corporate Transactions In the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale) we will share the Personal Data we store with our acquiring company.
In any such case, we will oblige the acquiring company to assume the rights and obligations as described in our Privacy Policy.
When we share information with service providers and partners, we ensure they only have access to such information that is strictly necessary for us to operate the website. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).
DATA RETENTION:
In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to optout, where applicable.
Transactional Data, such as invoices, record keeping regarding your purchase, etc., will be kept for long periods and sometimes without limitation, as such data is part of our internal record keeping.
Other circumstances in which we will retain your Personal Information for longer periods of time include: (i) where we are required to do so in accordance with legal requirements, or (ii) for us to have an accurate record of your interaction with us in the event of any inquiries or contact requests, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obligated to retain your data for a particular period, and we may delete it for any reason and at any time, without providing you with prior notice of our intention to do so.
SECURITY MEASURES:
We take great care in implementing physical, technical, and administrative security measures for the website that we believe comply with applicable regulation and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed, or accidentally lost.
If you feel that your privacy was not dealt with properly or was dealt with in a way that was in breach of our Privacy Policy or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data, please contact us at our email.
INTERNATIONAL DATA TRANSFER:
Due to our global business operation, we may store or process your Personal Data in several territories, including, for example in Israel, the UK, EU, US or in other countries (whether directly or through the use of our vendors). Thus, your Personal Data may be transferred to and processed in countries other than the country from which you accessed our websites or otherwise the country of your jurisdiction. We will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer in accordance with applicable law.
Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection) it shall be transferred under the provisions of the standard contractual clauses approved by the European Union. If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at our email.
In addition, some of the third parties used for cookies management on our website may store and process data globally, including in the US (e.g., Google Analytics servers). When granting consent for such cookies through the cookies tool on the website, you hereby acknowledge and approve such cross-border transfer, in accordance with such third party’s privacy practices.
YOUR RIGHTS
According to data protection and privacy laws may grant you certain rights with regards to your Personal Data, all according to your jurisdiction. The rights may include one or all of the following: (i) request to amend your Personal Data we store accessing; (ii) review and access your Personal Data that we hold; (iii) request to delete your Personal Data that we hold (as long as we do not have a legitimate reason for retaining the data); (iv) restrict or object to the process your Personal Data; (v) exercise your right of data portability (vi) contact to a supervisory authority in your jurisdiction and file a complaint; and (vii) withdraw your consent (to the extent applicable).
If you wish to submit a request to exercise your rights, please fill out the Data Subject Request Form (“DSR”) available here [APM2] and send it to our email at: [email protected].
When you contact us and request to exercise your rights regarding your Personal Data, we will require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort, as required or permitted under applicable law. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.
You have the right to lodge a complaint with the EU Member State supervisory authority if you are not satisfied with the way in which we handled the complaint.
For additional rights under various jurisdictions, including US state laws, please refer to Section II “JURISDICTION-SPECIFIC NOTICES” herein below.
OPT OUT OPTIONS
Interest-Based Advertising (“IBA“): We do not sell your Personal Data. Our websites may include providing you with advertisements therefore we may “share” your Personal Data with third parties for personalized advertising purposes. If you wish to opt out from the sharing of your personal data with third parties for the purpose of cross-contextual interest-based advertising there are many ways to do so, as further detailed below. Please note that even if you opt-out you may still see personalized ads based on information other companies and ad networks have collected about you, if you have not opted out of sharing with them. Such activity is not under our responsibility nor control.
For IBA opt out options on desktop and mobile websites, please visit:
- Digital Advertising Alliance (US) https://www.aboutads.info/choices/
- Digital Advertising Alliance (Canada) https://youradchoices.ca/en/tools
- Digital Advertising Alliance (EU) https://www.youronlinechoices.com/
- Network Advertising Initiative https://optout.networkadvertising.org/?c=1
Additional information on opt-out rights and means is available through the designated cookie bar on our website.
THIRD PARTY WEBSITES:
Our Privacy Policy only addresses the use and disclosure of Personal Data we collect from you. To the extent that you disclose your Personal Data to other parties via the website (e.g., by clicking on a link to any other website or location), different rules may apply to their use or disclosure of the Personal Data you disclose to them, and this Privacy Policy does not apply to any such third-party products and services. You agree that we shall have no liability whatsoever with respect to such third-party sites and your usage of them.
ELIGIBILITY AND CHILDREN PRIVACY:
The website is not intended for use by children (the phrase “child” shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 13), and we do not knowingly process children’s information. We will discard any information we receive from a user that is considered a “child” immediately upon discovering that such a user shared information with us. Please contact us at: [email protected] if you have reason to believe that a child has shared any information with us.
JURISDICTION-SPECIFIC NOTICES:
The below Jurisdiction-Specific privacy notices shall only apply to the extent the personal data collected by the Company is subject to such jurisdiction specific regulations, given, inter alia, the thresholds and applicability criteria set by such regulations.
ADDITIONAL NOTICE TO COLORADO RESIDENTS
Under the Colorado Privacy Act (“CPA”) if you are a resident of Colorado, acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context), your rights with respect to your personal data are described below.
“Personal Data” as defined in the CPA means: “information that is linked or reasonably linkable to an identified or identifiable individual” and does not include any of the following: publicly available information, de-identified or aggregated consumer, and information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.
Section I.C “DATA SETS WE COLLECT AND FOR WHAT PURPOSE” of the Privacy Policy, we describe our collection and processing of personal data, the categories of personal data that are collected or processed, and the purposes. Additionally, Section I.F “DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH” details the categories of third-parties the controller shares for business purposes.
YOUR RIGHTS UNDER CPA:
Herein below, we will detail how consumers can exercise their rights, and appeal such decision, or if we sell the Personal Data, or sells the Personal Data for advertising and how to opt-out.
- Right to Access/ Right to Know You have the right to confirm whether and know the Personal Data we collected on you. You can exercise your right by reviewing this Privacy Policy and approaching us through the DSR form as explained herein.
- Right to Correction You have the right to correct inaccuracies in your Personal Data, taking into account the nature and purposes of processing of such Personal Data. You can exercise this right directly or by approaching us through the DSR form as explained herein.
- Right to Deletion You have the right to delete Personal Data, this right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) Complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you; (2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) Debug products to identify and repair errors that impair existing intended functionality; (4) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) Comply with the law or legal obligation; (6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (7) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) Make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action. If you would like to delete your personal information, please approach us through the DSR form as explained herein.
- Right to Portability You have the right to obtain the Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. If you would like to exercise your portability right, please contact us through filling a DSR form as explained herein, and we will select a format to provide your Personal Data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
- Right to opt out from selling Personal Data and / or Right to opt out from Targeted Advertising and/or Right to opt out from Profiling You have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer.
You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc.
We do not sell your personal information, so we do not offer an opt out.We may “share” personal information with third parties for personalized advertising purposes. You may opt-out of the sharing of your Personal Data with third parties for personalized advertising on third party sites as detailed in Section I.K OPT OUT OPTIONS.
To opt out from the use of cookies on our website, please click the “do not sell or share my personal information” or otherwise use the settings of our cookies bar in the footer of the website which will enable you to customize the use of cookies on our website.
We do not profile you, thus we do not need to provide an opt-out.
- Duty not to violet the existing laws against discrimination or non-discrimination Such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate our users.
HOW TO SUBMIT A REQUEST UNDER CPA?
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data, through downloading our DSR[APM3] form, filing it and sending it back to us by mail. If the DSR is submitted by someone other than the consumer about whom information is being requested, proof of authorization (such as power of attorney or probate documents) will be required.
We will respond to your request within 45 days after receipt of a verifiable Consumer Request and no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal against our decision within a reasonable period time by contacting us by at [email protected] specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/.
If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account to submit a request.
Any disclosures we provide will only cover the 12-month period preceding receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
ADDITIONAL NOTICE TO VIRGINIA RESIDENTS
Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.
“Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. “Personal data” does not include de-identified data or publicly available information. Personal Data does not include de-identified data or publicly available data, and information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.
The VCDPA requires us to disclose the Categories of data processing and the purpose of each category, as detailed in Section “DATA SETS WE COLLECT AND FOR WHAT PURPOSE” of the Privacy Policy, the categories of data shared and the third parties with whom it is shared, as detailed in “DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH”. Disclosure of sale of data or targeted advertising are detailed in Section OPT OUT OPTIONS above, and in the DSR Form. Further, the table above under “ADDITIONAL NOTICE TO COLORADO RESIDENTS” details the rights you have under VCDPA and how you may exercise your rights.
HOW TO SUBMIT A REQUEST UNDER VCDPA?
We shall respond to your request within 45 days of receipt. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at [email protected] and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.
We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.
ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS
Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your Personal Data are described below.
“Personal data” means any information that is linked or reasonably linkable to an identified or identifiable individual. It does not include de-identified data or publicly available information. If further does not include information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.
The categories of Personal Data processed, purpose of processing, are detailed in Section “DATA SETS WE COLLECT AND FOR WHAT PURPOSE”, categories of Personal Data shared with third parties, categories of third parties with whom data is shared, are detailed in Section “DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH”. Disclosure of sale of data or targeted advertising are detailed in Section OPT OUT OPTIONS above, and in the DSR Form.
Instructions on how to exercise your rights are detailed in the table above under Section “ADDITIONAL NOTICE TO COLORADO RESIDENTS” details the rights you have under CDPA and how you may exercise your rights.
HOW TO SUBMIT A REQUEST UNDER CDPA?
We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45-day response period, together with the reason for the extension.
If we decline to take action on your request, we shall inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.
We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.
ADDITIONAL NOTICE TO UTAH RESIDENTS
Under the Utah Consumer Privacy Act (the “UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your Personal Data are described below. “Personal Data” refers to what is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data.
The categories of Personal Data processed, purpose of processing, are detailed in Section “DATA SETS WE COLLECT AND FOR WHAT PURPOSE”, categories of Personal Data shared with third parties, categories of third parties with whom data is shared, are detailed in Section “DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH”. Disclosure of sale of data or targeted advertising are detailed in Section I.K OPT OUT OPTIONS above, and in the DSR Form.
Further, the table above “ADDITIONAL NOTICE TO COLORADO RESIDENTS” details the rights you have under CDPA and how you may exercise your rights.