Last revised: 17.12.2022
Types of personal data collected
- Personal data provided by you through the Website
If you voluntarily contact us by sending an email at email@example.com or any other request or notification, you may be required to provide us with specific personal data such as your name and email address.
- Usage Data
Usage Data has collected automatically when using the Website.Usage Data may include information such as your Device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
How do we use your personal data
- When you request us to contact you
Via our Website, if you voluntarily contact us by sending an email at firstname.lastname@example.org or any other request or notification regarding questions, queries, comments, or complaints. When you do so, we will collect the data you fill out, including your name and email address. Therefore, we use this data for our legitimate interest in conducting business with you or establishing our future contract with you.
- Data we collect automatically when you use this Website
When you access the Website, we may collect certain data automatically, including Usage Data, cookies, and similar tracking technologies. This data is collected for our legitimate interest in improving and administering our Website, including data analysis, troubleshooting, and statistical and survey purposes.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may be unable to use some parts of our Website.
With whom we may share your personal data
- With Service providers
If necessary, we may share your personal data with Service providers to monitor and analyze the use of our Website, store the personal data, show advertisements to you, help support and maintain our Website, contact you, etc. We have concluded agreements with our Service providers to protect your personal data.
- For business transfers
- With business partners
We may share your personal data with our business partners to offer you certain products, services, or promotions.
- Law enforcement
Under certain circumstances, the Company may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
- Other legal requirements
The Company may disclose your personal data in the good faith belief that such action is necessary to comply with a legal obligation, to protect and defend the rights or property of the Company, to prevent or investigate possible wrongdoing in connection with the Website, to protect the personal safety of users of the Website or the public, to protect against legal liability.
Сookies and similar tracking technologies
There are several types of cookies, among others:
- Essential, Functionality, Operation & Security cookies. These cookies are essential for enabling user movement around the website, for the website to function properly, and for security purposes (i.e., used to authenticate users, prevent fraudulent use, and protect user data from unauthorized parties). This category of cookies either cannot be disabled or, if disabled, certain features of the Website may not work.
- Analytic, Measurement & Performance cookies. These cookies are used to collect data about how users use our Website to improve their and the way we offer them, as well as assess the performance of the Website. These cookies enable us, for example, to assess the number of users who have viewed a specific article as well as their country of origin. It enables our Website to remember data that changes how it behaves or looks, such as your preferred language.
- Preference, Targeting & Advertising cookies. These cookies are used to advertise across the Internet and to display relevant ads tailored to users based on the parts of the website they have (e.g., the cookie will indicate you have visited a certain webpage and will show you ads relating to that webpage).
Most browsers will allow you to erase cookies from your computer’s hard drive, block the acceptance of cookies, or receive a warning before a cookie is stored. You may remove our cookies by following the instructions of your device preferences. However, if you block or erase cookies, some features of the Website may not operate properly, and your online experience may be limited.
The Website is not intended for individuals under the age of eighteen (18); accordingly, we do not use the Website to knowingly solicit data from or market to children defined under applicable law (e.g., thirteen (13) regarding US individuals and sixteen (16) regarding European Economic Area (“EEA”) individuals). We request that such individuals do not provide personal data through our Website. We reserve the right to request proof of age at any stage to verify that children under the age of eighteen (18) are not using the Website. If you become aware or have any reason to believe that a child has shared with us, please contact us at email@example.com, and we will take reasonable steps to ensure that such data is deleted from our files.
How long do we keep your personal data
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Website, or we are legally obligated to retain this data for more extended time periods.
Transfer of personal data
Security of the personal data
We take great care in implementing and maintaining the security measures of the Website and your personal data. We employ industry standard procedures and policies and implement technical and administrative security measures to ensure the safety of our user’s personal data and prevent unauthorized access or use of any such personal data. However, no data transmission over the internet or any wireless network can be guaranteed to be 100% secure, and we can not be responsible for the acts of those who gain unauthorized access or abuse our Website, and we make no warranty, express, implied or otherwise, that we will prevent such access.
Terms related to EU/EEA users
Legal basis for processing personal data (for EU/EEA users)
If you are an individual in the European Union or European Economic Area (EEA), we collect and process data about you only where we have a legal basis for doing so under applicable EU laws, including the General Data Protection Regulation (GDPR). The legal basis depends on how you use the Website. This means we collect and use your data only where:
- It is necessary for the performance of a contract, such as to provide you with the services you requested, including operating the services, providing customer support and personalized features, and protecting the safety and security of the services, including all processing necessary for the performance of our contract(s) with you;
- It satisfies a legitimate interest that is not outweighed by your data protection rights and interests, such as for research and development, to market and promote our services, and protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
In any case, we will gladly help clarify the specific legal basis that applies to the processing, mainly whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract.
Your rights as a data subject
- Request access to your personal data. The right to access, update or delete the data we have on you. Whenever made possible, you can access, update or request the deletion of your personal data directly by contacting us at firstname.lastname@example.org. This also enables you to receive a copy of the personal data we hold about you.
- Request correction of the personal data that we hold about you. You have the right to have incomplete or inaccurate information we hold about you corrected.
- Object to processing of your personal data. This right exists where we rely on legitimate interest as the legal basis for our processing, and there is something about your particular situation that makes you want to object to our processing of your personal data on this ground. You also have the right to object to where we are processing your personal data for direct marketing purposes.
- Request the erasure of your personal data. You have the right to ask us to delete or remove personal data when there is no good reason for us to continue processing it.
- Request the transfer of your personal data. We will provide to you, or to a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated data which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw your consent. You have the right to withdraw your consent to use your personal data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the Website.
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
No fee is usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Timeframe for responding to a request
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Disclosure of your personal data
- To our subsidiaries and affiliates;
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them;
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by Company about our Website users is among the assets transferred;
- To fulfill the purpose for which you provide it;
- With your consent.
We may also disclose your personal data:
- To comply with any court order, law, or legal process, including responding to any government or regulatory request;
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging data with other companies and organizations for the purposes of fraud protection and credit risk reduction.
The inclusion of third-party websites on or through our Website in no way constitutes an express or implied endorsement of such websites’ policies or notices.
Types of personal data collected
We collect data that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. The following is a list of categories of personal data that we may have collected from California residents within the last twelve (12) months.
Please be aware that the categories and examples provided in the list below are those defined in the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”). This does not mean that all examples of that category of personal data were, in fact, collected by us but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal data would only be collected if you provided such personal data directly to us.
- Category A. Identifiers
Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers.
- Category B. Personal data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
- Category C. Protected classification characteristics under California or federal law
Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
- Category D. Commercial data
Examples: Records and history of products or services purchased or considered.
- Category E. Biometric data
Examples: Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
- Category F. Internet or other similar network activity
Examples: Interaction with our Website.
- Category G. Geolocation data
Examples: Approximate physical location.
- Category H. Sensory data
Examples: Audio, electronic, visual, thermal, olfactory, or similar information.
- Category I: Professional or employment-related data
Examples: Current or past job history or performance evaluations.
- Category J. Non-public education data (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalfs, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
- Category K. Inferences are drawn from other personal data
Examples: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- Category L. Sensitive personal data
Examples: social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of the email, email, and text messages unless the business is the intended recipient of the communication; genetic data; the processing of biometric information for the purpose of uniquely identifying; personal data collected and analyzed concerning health; personal information collected and analyzed concerning sex life or sexual orientation.
Under CCPA and CPRA, personal data does not include:
- Publicly available information from government records;
- Deidentified or aggregated consumer information;
- Information excluded from the CCPA’s scope, like:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal Information is covered by specific sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Use of personal data
We may use or disclose personal data we collect for “business purposes” or “commercial purposes” (as defined under the CCPA and CPRA), which may include the following examples:
- To operate our Website.
- To provide you with support and to respond to your inquiries, including investigating and addressing your concerns and monitoring and improving our Website.
- To fulfill or meet the reason you provided the data. For example, if you share your contact data to ask questions about our Website, we will use that personal data to respond to your inquiry.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal data or as otherwise set forth in the CCPA and CPRA.
- For internal administrative and auditing purposes.
- To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, including, when necessary, prosecuting those responsible for such activities.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our Website users is among the assets transferred.
Sharing of personal data
We may disclose your personal data to a third party for business purposes or sell your personal data, subject to your right to opt out of those sales. When we disclose personal data for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal data confidential and not use it for any purpose except the contract. The CCPA, CPRA, and Virginia Consumer Data Protection Act (“VCDPA”) prohibit third parties who purchase the personal data we hold from reselling it unless you have received explicit notice and an opportunity to opt out of further sales.
We may share your personal data with the following categories of third parties:
- Service providers;
- Data aggregators;
- Third-party vendors to whom you or your agents authorize us to disclose your personal data in connection with products or services we provide to you.
Disclosure of personal data for business purposes
We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal data for business or commercial purposes:
- Category A. Identifiers.
- Category B. Personal data categories are listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
- Category D. Commercial data.
- Category F. Internet or other similar network activity.
Please note that the categories listed above are those defined in the CCPA and CPRA. This does not mean that all examples of that category of personal information were, in fact, disclosed but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been disclosed.
Sale of personal data
As defined in the CCPA, “sell” and “sale” mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal data by the business to a third party for monetary or other valuable consideration. This means that we may have received some kind of benefit for sharing personal data, but not necessarily a monetary benefit.
Please note that the categories listed below are those defined in the CCPA. This does not mean that all examples of that category of personal data were, in fact, sold but it reflects our good faith belief, to the best of our knowledge, that some of that data from the applicable category may be and may have been shared for value in return.
We may sell and may have sold in the last twelve (12) months the following categories of personal data:
- Category A. Identifiers.
- Category B. Personal data categories are listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
- Category D. Commercial data.
- Category F. Internet or other similar network activity.
Sale of personal data of minors under 16 years of age
We do not sell the personal data of consumers we know less than 16 years of age unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age or the parent or guardian of a consumer less than 13 years of age. Consumers who opt in to the sale of personal data may opt-out of future sales at any time. To exercise the right to opt out, you (or your authorized representative) may submit a request to us at firstname.lastname@example.org.
If you have reason to believe that a child under the age of 13 (or 16) has provided us with personal data, please contact us with sufficient detail to enable us to delete that data.
Your rights under the CPPA, CPRA, and VCDPA
The CCPA and CPRA provide California residents, and VCDPA provides Virginia residents with specific rights regarding their personal data. If you are a resident of California and/or Virginia, you have the following rights:
- The right to notice. You have the right to be notified of which categories of personal data are being collected and the purposes for which the personal data is being used.
- The right to request. Under CCPA, CPRA, and VCDPA, you have the right to request that we disclose data to you about our collection, use, sale, disclosure for business purposes, and sharing of personal data. Once we receive and confirm your request, we will disclose to you:
- The categories of personal data we collected about you.
- The categories of sources for the personal data we collected about you.
- Our business or commercial purpose for collecting or selling that personal data.
- The categories of third parties with whom we share that personal data.
- The specific pieces of personal data we collected about you.
- If we sold your personal data or disclose your personal data for a business purpose, we will disclose to you:
- a) The categories of personal data sold;
- b) The categories of personal data disclosed.
- The right to say no to the sale or sharing of personal data (opt out) for California residents You have the right to direct us not to sell or share your personal data. To submit an opt-out request, please contact us at email@example.com.
- The right to opt out of the processing of the personal data for Virginia residents for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. To submit an opt out request, please contact us at firstname.lastname@example.org.
- The right to correct inaccuracies. Under CCPA, CPRA, and VCDPA, you have the right to request us to correct the inaccurate personal data that we maintain about you, taking into account the nature of the personal data and the purposes of the processing of the personal data.
- The right to limit the use and disclosure of sensitive personal data. Under CPRA, you have the right to direct us to limit our use of your sensitive personal data to that use which is necessary to perform the services. To submit such a request, please contact us at email@example.com.
- The right to delete personal data. You have the right to request the deletion of your personal data, subject to certain exceptions. Once we receive and confirm your request, we will delete your personal data from our records unless an exception applies. We may deny your deletion request if retaining the data is necessary for our service providers or us:
- To complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- To debug products to identify and repair errors that impair existing intended functionality.
- To exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
- To comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- To engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws when the data’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
- To enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- To comply with a legal obligation
- To make other internal and lawful uses of that data that are compatible with the context in which you provided it.
- The right not to be discriminated against. You have the right not to be discriminated against for exercising any of your consumer rights, including by:
- Denying goods or services to you.
- Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties.
- Providing a different level or quality of goods or services to you.
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
The right to opt out
For California residents
If you are 16 years of age or older, you have the right to direct us not to sell or share your personal data at any time (the “right to opt-out”). We do not sell or share the personal data of consumers we know less than 16 years of age unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age or the parent or guardian of a consumer less than 13 years of age. Consumers who opt in to personal data sales or sharing may opt out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us at firstname.lastname@example.org.
For Virginia residents
Virginia residents have the right to opt out of the processing of personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
To exercise the right to opt out, you may submit a request to us at email@example.com.
“Do not track” policy is required by California Online Privacy Protection Act (CalOPPA)
Our Website does not respond to do not track (“DNT”) signals.
However, some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.
Our Website does not address anyone under the age of 13. We do not knowingly collect personally identifiable data from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 13 without verification of parental consent, we take the necessary steps to remove that data from our servers.
If we need to rely on consent as a legal basis for processing your data and your country requires consent from a parent, we may require your parent’s consent before we collect and use that data.
Other California privacy rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us at firstname.lastname@example.org.