AVALON TECHNOLOGY SOLUTIONS, LLC DBA ELEVATED MANAGED PRINT PRIVACY POLICY Residents of certain states may have additional rights concerning their Personal Information (defined later in this Policy) under the laws of those states. If you are a resident of Nevada, California, Colorado, Connecticut, Utah or Virginia, please click the hyperlinked name of your state, which will immediately take you to the “Additional Privacy Information for Certain Jurisdictions” section provided below. Please read this Privacy Policy carefully. Avalon Technology Solutions, LLC dba Elevated Managed Print (“Company”, “we”, “us”, and “our”), is committed to ensuring the security and protection of the personal information that we collect. This Privacy Policy includes (a) our products or services and processes, which may result in the collection of personal data; (b) the purpose for processing personal data; (c) the persons or entities with whom we share personal data; and (d) how long we maintain personal data. This Privacy Policy applies to: All information we collect through the products, events, promotions, surveys, contests and all other services (collectively, the “Services”) provided on our websites, applications and platforms, including mobile websites, applications and platforms, any affiliated or non-affiliated third party sites, and all social media platforms (collectively, the “Sites”); [1] All current, potential and former employees, users, independent contractors, vendors, third parties and/or any other person whose personal data we have collected electronically, in person or otherwise. [2] Special Note: The Sites are general audience sites and are not designed or intended to target children younger than 16. We do not knowingly target or collect personal information from any person younger than 16. What Information Do We Collect? Information We Collect Automatically. If you use the Sites, read or download information, your web or mobile browser may automatically send us your internet or other network activity including one or more of the following (collectively, “Network Information”): [Your internet protocol (IP) address, registration date, and one or more cookies that may uniquely identify your browser; Your internet domain and the specific path, actions and navigation choices; The internet address of the site from which you linked the Sites, and the time and date you accessed the Sites; · Your browsing history, search history, information on your interaction with the Sites or other websites and applications or advertisements; and Your browser software, operating system and browser language, and information about your location and mobile device, including a unique identifier for the mobile device.][3] Why We Collect: We collect this information for business and commercial purposes, including in order to: [Maintain or analyze the functioning of the Sites or Services and to maintain network communications; Monitor and analyze web traffic and online behavior for search engine optimization and social media marketing; Host data files that enable the Sites to function, be distributed, and to provide specific features or parts of the Sites; To create, maintain, customize, secure, and manage your accounts with us, including for accounting, finance, and dispute resolution purposes (such as accounts receivable, accounts payable, account reconciliation, cash management, or money movement) and for consolidated management and reporting; To personalize your experience on the Sites and to deliver content and Services relevant to your interests and requests through our Sites (with your consent as required by law); To process your requests, purchases, transactions, and payments and to prevent financial fraud and other illicit activity; For testing, research analysis, and product development, including to develop and improve the Sites and Services; Initiate, assess, develop, maintain, or expand a business relationship, including negotiating, contracting, and fulfilling obligations under contracts; Manage a database of email information, phone information or other information and send transactional communications (such as requests for information, responses to requests for information, orders, confirmations, training, and service updates); Assure quality control and to enforce Company’s standards and policies; Manage security, including monitoring individuals with access to the Sites and Services, applications, systems, or facilities, investigation of threats, and as needed for any data security breach notification; Manage relationships with current and potential customers and for marketing purposes, including sending marketing, promotional, product and service, and customer communications and surveys and other communications to individuals who have not objected to receiving such communications; Anonymize or de-identify the personal information; View and incorporate content hosted on external sites; Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and Process payment information and transactions.][4] Information You Give To Us and Information We Collect From Others. If you use the Sites or Services, or you otherwise use or purchase our Services, we receive and store information you enter on the Sites, or that you give us in-person, via telephone, email, or otherwise. [We may also collect personal information from third parties that operate (a) portions of the Sites and Services on our behalf or (b) independent websites.][5] [When we obtain personal data from third parties, we will treat the acquired information like the information that we collect ourselves.][6] Depending on the Services we provide to customers and/or the services being provided to us by other third parties, we may collect (and over the previous 12 months have collected) the following information about you from you and/or others: Network Information; Personal information and identifiers, such as name, postal address, email address, telephone numbers, account name, social security number, driver’s license or state identification card number, passport number or other similar information, physical characteristics or description, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information (collectively, “Personal Information and Identifiers”); Protected classification information, such as race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), veteran or military status,
sexual orientation or other similar information (collectively, “Protected Class Information”); Commercial information, such as the Services purchased, obtained or considered, or other purchasing or consuming histories (collectively, “Commercial Information”); Biometric and identifying information, such as fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait or other physical patterns, and sleep, health or exercise data, genetic, physiological, behavioral and biological information or other similar information (collectively, “Biometric Information”); Sensory data, such as audio, electronic, visual, thermal, olfactory or similar information (collectively, “Sensory Information”); Geolocation data, such as physical location or movements (collectively, “Geolocation Information”); Professional or employment-related information, such as work history and job descriptions with current and prior employers (collectively, “Employment Information”); Education information, such as student financial information, grades, transcripts, class lists and other records related to a student maintained by an educational institution or party acting on its behalf (collectively, “Education Information”); and inferences drawn from any of the personal information listed above to create a profile or summary, such as, for example, an individual’s preferences, abilities, aptitudes, predispositions, and characteristics (collectively “Profile Information”).] [7] Why We Collect: We collect this information for business and commercial purposes, including in order to: [To create, maintain, customize, secure, and manage your account with us, including for accounting, finance, and dispute resolution purposes (such as accounts receivable, accounts payable, account reconciliation, cash management, or money movement) and for consolidated management and reporting; To personalize your experience on the Sites and to deliver content and Services relevant to your interests and requests through our Sites (with your consent as required by law); To process your requests, purchases, transactions, and payments and to prevent financial fraud and other illicit activity; For testing, research analysis, and product development, including to develop and improve the Sites and Services; Initiate, assess, develop, maintain, or expand a business relationship, including negotiating, contracting, and fulfilling obligations under contracts; Perform due diligence regarding an individual’s qualifications and eligibility for the Services, including verifying the identity, qualification, authority, and creditworthiness of the individual and obtaining publicly-available information from third parties (such as publicly-available sanction lists from screening companies); Manage a database of email information, phone information or other information and send transactional communications (such as requests for information, responses to requests for information, orders, confirmations, training, and service updates); Assure quality control and to enforce Company’s standards and policies; Manage and mitigate risk, including for audit and insurance functions, and as needed to meet our obligations and to protect assets; Manage security, including monitoring individuals with access to the Sites, applications, systems, or facilities, investigation of threats, and as needed for any data security breach notification; Monitor and analyze web traffic and online behavior for search engine optimization and social media marketing; Host data files that enable the Sites and Services to function, be distributed, and to provide specific features or parts of the Sites and/or Services; Manage relationships with current and potential customers and for marketing purposes, including sending marketing, promotional, product and service, and customer communications and surveys and other communications to individuals who have not objected to receiving such communications; Anonymize or de-identify the personal information; View and incorporate content hosted on external sites; Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and Process payment information and transactions.] [8] [How We Collect Information From Customers. Pursuant to our agreements with customers, and in order to perform and provide the Services thereunder, our customers may provide us with information about their clients, employees and contractors when using the Sites or Services.][9] How We Collect Information From Other Third Parties. We may use cookies to recognize you when you return to the Sites in order to provide you with a better user experience. We also allow our affiliates and third-party vendors to use cookies on our Sites; some of these parties may use cookies in ways that we do not. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Sites. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log onto our Sites. Facebook, Instagram, & Google.[10] Technologies like cookies, pixel tags, device or other identifiers and local storage are used to deliver, secure, and understand products, services, and ads, on and off [Facebook, Instagram, X (formerly known as Twitter), LinkedIn, YouTube, and related social media platforms].[11] They also are used to gather information for remarketing to similar audiences on our Sites. Because of this, third-party vendors, including Google, show our ads on sites across the internet. This technology allows third-party vendors, including Google, to use cookies to serve ads based on someone’s past visits to our Sites. You may opt out of Google’s use of cookies by visiting Google’s Ads Settings. You may also opt out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page. Do We Share Information With Third Parties? We take reasonable precautions to be sure that nonaffiliated third parties and affiliates, to whom we disclose your personally identifiable information are aware of this Privacy Policy and will treat the information in a similarly responsible manner.[12] [Our contracts and written agreements with nonaffiliated third parties that receive information from us about you prohibit those parties from transferring the information other than to provide the Services that you obtain from us.][13] Over the previous 12 months, we have shared the following categories of personal information with third parties: [Personal Information and Identifiers, Protected Classification Information, Commercial Information, Biometric Information, Network Information, Sensory Information, Geolocation Information, Employment Information, Education Information, and Profile Information.][14] [We will not disclose your personal information to third parties except to provide you with information or services you request, deliver our Services that include your personal information, or under certain circumstances as described in this Privacy Policy,][15] including: Your Consent. We may share personal data with your consent. Disclosure For Legal Reasons. We may release personal data to third parties: (1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order; or (2) in special cases, such as a physical threat to you or others, a threat to homeland security, a threat to our system or network, or cases in which we believe it is reasonably necessary to investigate or prevent harm, fraud, abuse, or illegal conduct. We may also disclose personal data where needed to affect the sale or transfer of business assets, to enforce our rights, protect our property, or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. Agents & Contractors. Our contractors sometimes have access to your personal data in the course of assisting in the operation of our business and providing Services to you. These contractors include vendors and suppliers that provide us with technology, services, and/or content for the operation and maintenance of the Sites and the Services. [Access to your personal information by these contractors is limited to the information reasonably necessary for the contractor to perform its limited function. Contractors have an obligation under their contracts with us to keep your information confidential and to comply with our privacy and security policies.][16] Links To Other Sites. The Sites may contain links to other websites and resources located on servers maintained by third parties. These links are provided for your convenience and information only and, as such, you access them at your own risk.
[When you click on one of those links, we will not provide any personal information about you, but may let the site know that you came from the Sites.][17] We do not control the privacy practices and policies of other sites. Please read their privacy policies in order to understand what information they collect about you and how they use it. Aggregated, Non-Personal Information. We may share aggregated, non-personal information about you with third parties. This is information that is combined with the non-personal information of other users and does not allow you to be identified or contacted. Depending on the circumstances, we may or may not charge third parties for this aggregated information. We also may not limit the third parties' use of the aggregated information. Changes In Our Corporate Structure. If all or part of the Company is merged, acquired or otherwise transferred to another entity, the personal data you have provided to us may be transferred as part of that transaction. We will take steps to ensure that any personal data that is transferred will not be used or shared in a manner inconsistent with this Privacy Policy, as it may be amended. Do We Sell Your Personal Information? [No. Although the Company shares data with third parties as outlined in this Privacy Policy, the Company does not sell any of your personal information to any third party.][18] How and Where Do We Process and Store Data? Methods of Processing. The data processing is carried out in accordance with our privacy procedures and policies and using computers and/or related software and IT tools. In some cases, the data may be accessible to certain types of (i) internal parties in charge or involved with the operation of our Sites and Services (i.e., administration, legal, sales and marketing, etc.) or (ii) external parties who assist us in providing, operating, and maintaining our Sites and Services, (i.e., third-party technical service providers, mail carriers, hosting providers, communications agencies, etc.). [Still, we notify both internal and external parties of this Privacy Policy and require that internal parties (through employment agreements and related employment policies) and external parties (through written agreements) keep and maintain the data in accordance with the safeguards described in this Privacy Policy and related policies and procedures.][19] Third Party Processing. [We assess and review each of our third party processers to ensure that they are in compliance with this Privacy Policy.][20] How Do We Protect Personal Data? The Company protects data using administrative, technical, and physical safeguards. When we use third-party service providers, we ask those providers to implement similar safeguards. However, we cannot guaranty that your information is completely secure either within the Company or on the systems of third party service providers. How Long Do We Keep Your Personal Data? We retain personal data we collect from you when we have an ongoing legitimate business need to do so (i.e., to provide you with the Services you have requested or to comply with applicable legal requirements). When we no longer have an ongoing legitimate business need to process your personal information, we will physically destroy, delete or anonymize it or, if this is not possible, then we will securely store your personal data and isolate it from any further processing until deletion is possible. How To Contact Us If you have any questions regarding this Privacy Policy or exercising any of your privacy rights, please contact us at the telephone number or email address listed next: Telephone Number: [385-281-8441] Email Address: [sales@elevatedgroup.com] Mailing Changes To This Privacy Policy We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Privacy Policy, we will give notice to you via (i) the Sites or (ii), where feasible, and at our discretion, contact information available to us. We encourage you to periodically review this Privacy Policy so as to remain informed on how we are protecting your information.
Additional Privacy Information for Certain Jurisdictions Note that these rights only apply to Personal Information that we collect and process under the terms of this policy. In our capacity as a service provider to other businesses, we may collect or process other Personal Information as reasonably necessary to provide our services. This Personal Information is not subject to the rights outlined below. 1. Rights of Nevada Consumers. Nevada residents have the right to opt-out of the sale of “Personally Identifiable Information,” which is defined as a natural person’s first name or first initial and last name in combination with their Social Security Number, driver’s license number, identification card number, account number, credit card number, debit card number, in combination with any required security code, access code, or password that would permit access to that person’s financial account. However, we do not sell Personally Identifiable Information, so an opt-out mechanism is not required. 2. Rights of California Consumers. Under the California Consumer Privacy Act (“CCPA”), California residents have the right to receive certain disclosures regarding our processing and sharing of “Personal Information,” as defined under the CCPA. Right to Access: With respect to the Personal Information we have collected about you in the prior 12 months, you have the right to request from us (up to twice per year and subject to certain exemptions): Categories of Personal Information about you we have collected; The sources from which we have collected that Personal Information; Our business or commercial purposes for collecting, selling, or sharing that Personal Information; The categories of third parties to whom we have disclosed that Personal Information; A copy of the specific pieces of your Personal Information we have collected. Right to Correct: You have the right to request that we correct inaccuracies in your Personal Information. Right to Delete: Subject to certain conditions and exceptions, you may have the right to request deletion of Personal Information that we have collected about you. California consumers who are registered users of the Sites and under 18 years of age may request the removal of content or information they posted on the site. We will remove such content or information when we are required to do so by law. To request the removal of content or information you posted on the Sites, you may contact us as described below. Please note that even if we remove the content or information that you posted, we cannot prevent further use or disclosure of that content or information by others once you have shared it publicly. Right to Opt-Out of Sale: Under the CCPA, a “sale” includes disclosing or making available Personal Information to a third party in exchange for monetary or other valuable consideration. We do not sell Personal Information for monetary compensation. However, we may share Personal Information with certain exhibitors and sponsors of our Experience Conference. If you are a California resident, you may decline from the sharing of your information for this purpose at the time you register for the event or in your Experience Conference registration preferences by selecting the “Do Not Sell My Personal Information” option. To exercise your CCPA rights you can send us an email at: sales@elevatedgroup.com or by fill-in and submit the form below: Under the California Consumer Privacy Act As a resident of California you have the right to:
Access your personal data
Know what personal data is being collected about you
Know whether your personal data is sold or disclosed, and to whom
Not be discriminated against for exercising your
privacy rights
Delete your personal data
Correct your personal data
Dispute your personal data
Limit the use and disclosure of your sensitive data
Opt-out of automation
Opt-out of sharing your personal data
Opt-out of the sales of your personal data
Under the California Consumer Privacy Act. As a resident of California you have the right to: Access your personal data Know what personal data is being collected about you Know whether your personal data is sold or disclosed, and to whom Not be discriminated against for exercising your privacy rights Delete your personal data Correct your personal data Dispute your personal data Limit the use and disclosure of your sensitive data Opt-out of automation Opt-out of sharing your personal data Opt-out of the sales of your personal data Right to Non-Discrimination: We will not discriminate against you for exercising any of the rights described in this section. Authorized Agent: You may designate someone as an authorized agent to submit requests and act on your behalf. To do so, you must provide us with written permission to allow the authorized agent to act on your behalf. Right to Know: The chart below describes the categories of Personal Information we collect, the categories of sources from which the Personal Information is collected, our purposes for processing each category, whether we sell or share Personal Information, whether we have disclosed Personal Information for a business purpose in the last 12 months, the categories of recipients. Identifiers: Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, and/or email address. Commercial information: Including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Categories Collected in the Last 12 Months Categories of Sources Purposes for Processing Sold Disclosed for a Business Purpose Categories of Recipients Identifiers: such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address. From you; from third parties; automatically Providing our Services
Protecting our rights and responding to legal requests/obligations No Yes Experience Conference Exhibitors and Sponsors.
We may collect account name, social security number, driver’s license number, passport number, or other similar identifiers on behalf of our business customers. Commercial information: Including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. From you Providing our Services
Protecting our rights and responding to legal requests/obligations
3. Rights of Colorado Consumers. Under the Colorado Privacy Act (“CPA”), Colorado residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the CPA, as well as certain rights with respect to our processing of such Personal Data. We may share de-identified information about individuals with third parties for any reason. We commit to maintaining and using de-identified data without attempting to re-identify a Colorado consumer except as permitted by law. Right to Access: To confirm if a Controller is processing your Personal Data and to access the data. Right to Correction: To correct inaccuracies in your Personal Data, considering the nature of the Personal Data and the purposes of the processing of your Personal Data. Right to Deletion: To delete Personal Data provided by or obtained about you. Right of Portability: To obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller or business, the processing is carried out by automated means. Right to Opt-Out of Sale: Under the CPA, a “sale” includes disclosing or making available Personal Information to a third party in exchange for money. We do not “sell” Personal Information under this definition, so an opt-out mechanism is not required. Right to Opt-Out of Ads: To opt out of the processing of your Personal Data for Targeted Advertising. Right to Opt-Out of Significant Profiling: To opt out of the processing of your Personal Data for decisions that produce legal or similarly significant effects. We currently do not process Personal Data to make decisions with significant effects on consumers. Our Right to Refuse Your Request: We may deny your request if (1) we are not reasonably capable of associating your request with the Personal Data or it would be unreasonably burdensome for us to associate your request with the Personal Data; (2) we do not use the Personal Data to recognize or respond to you specifically or associate the Personal Data with other Personal Data about you; and (3) we do not sell the Personal Data to any third party or otherwise voluntarily disclose the Personal Data to any third party other than a processor, except as otherwise permitted under Colorado law. Right to Appeal: If we decline to take action regarding your request, we will notify you and provide our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you contact the Attorney General to submit a complaint. 4. Rights of Connecticut Consumers. Under the Connecticut Data Privacy Act (“CDPA”), Connecticut residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the CDPA, as well as certain rights with respect to our processing of such Personal Data.Right to Appeal: If we decline to take action regarding your request, we will notify you and provide our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you contact the Attorney General to submit a complaint. We may share de-identified information about individuals with third parties for any reason. We commit to maintaining and using de-identified data without attempting to re-identify a Connecticut consumer except as permitted by law. Right to Access: To confirm if a Controller is processing your Personal Data and to access the data. Right to Correction: To correct inaccuracies in your Personal Data, considering the nature of the Personal Data and the purposes of the processing of your Personal Data. Right to Deletion: To delete Personal Data provided by or obtained about you. Right of Portability: To obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller or business where the processing is carried out by automated means. Right to Opt-Out of Sale: Under the CDPA, a “sale” includes disclosing or making available Personal Information to a third party in exchange for money. We do not “sell” Personal Information under this definition, so an opt-out mechanism is not required. Right to Opt-Out of Ads: To opt out of the processing of your Personal Data for Targeted Advertising. Right to Opt-Out of Significant Profiling: To opt out of the processing of your Personal Data for decisions that produce legal or similarly significant effects. We currently do not process Personal Data to make decisions with significant effects on consumers. Our Right to Refuse Your Request: We may deny your request if (1) we are not reasonably capable of associating your request with the Personal Data or it would be unreasonably burdensome for us to associate your request with the Personal Data; (2) we do not use the Personal Data to recognize or respond to you specifically or associate the Personal Data with other Personal Data about you; and (3) we do not sell the Personal Data to any third party or otherwise voluntarily disclose the Personal Data to any third party other than a processor, except as otherwise permitted under Virginia law. 5. Rights of Utah Consumer. Under the Utah Consumer Privacy Act (“UCPA”), Connecticut residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the UCPA, as well as certain rights with respect to our processing of such Personal Data. We may share de-identified information about individuals with third parties for any reason. We commit to maintaining and using de-identified data without attempting to re-identify a Connecticut consumer except as permitted by law. Right to Access: To confirm if a Controller is processing your Personal Data and to access the data. Right to Deletion: To delete Personal Data provided by or obtained about you. Right of Portability: To obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller or business where the processing is carried out by automated means. Right to Opt-Out of Sale: Under the UCPA, a “sale” includes disclosing or making available Personal Information to a third party in exchange for money. We do not “sell” Personal Information under this definition, so an opt-out mechanism is not required. Right to Opt-Out of Ads: To opt out of the processing of your Personal Data for Targeted Advertising. Right to Opt-Out of Significant Profiling: To opt out of the processing of your Personal Data for decisions that produce legal or similarly significant effects. We currently do not process Personal Data to make decisions with significant effects on consumers. Our Right to Refuse Your Request: We may deny your request if (1) we are not reasonably capable of associating your request with the Personal Data or it would be unreasonably burdensome for us to associate your request with the Personal Data; (2) we do not use the Personal Data to recognize or respond to you specifically or associate the Personal Data with other Personal Data about you; and (3) we do not sell the Personal Data to any third party or otherwise voluntarily disclose the Personal Data to any third party other than a processor, except as otherwise permitted under Virginia law. Right to Appeal: If we decline to take action regarding your request, we will notify you and provide our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you contact the Attorney General to submit a complaint.
Rights of Virginia Consumers: Under the Virginia Consumer Data Protection Act (“VCDPA”), Virginia residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the VCDPA, as well as certain rights with respect to our processing of such Personal Data.
We may share de-identified information about individuals with third parties for any reason. We commit to maintaining and using de-identified data without attempting to re-identify a Virginia consumer except as permitted by law. Right to Correction: To correct inaccuracies in your Personal Data, considering the nature of the Personal Data and the purposes of the processing of your Personal Data. Right to Deletion: To delete Personal Data provided by or obtained about you. Right of Portability: To obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller or business where the processing is carried out by automated means. Right to Opt-Out of Sale: Under the VCDPA, a “sale” includes disclosing or making available Personal Information to a third party in exchange for money. We do not “sell” Personal Information under this definition, so an opt-out mechanism is not required. Right to Opt-Out of Significant Profiling: To opt out of the processing of your Personal Data for decisions that produce legal or similarly significant effects. We currently do not process Personal Data to make decisions with significant effects on consumers. Our Right to Refuse Your Request: We may deny your request if (1) we are not reasonably capable of associating your request with the Personal Data or it would be unreasonably burdensome for us to associate your request with the Personal Data; (2) we do not use the Personal Data to recognize or respond to you specifically or associate the Personal Data with other Personal Data about you; and (3) we do not sell the Personal Data to any third party or otherwise voluntarily disclose the Personal Data to any third party other than a processor, except as otherwise permitted under Virginia law. Right to Appeal: If we decline to take action regarding your request, we will notify you and provide our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you contact the Attorney General to submit a complaint.
[1] Client to confirm scope of this Privacy Policy. Typically, we draft privacy policies broadly so that we can use them uniformly across sites and applications. [2] Same as above. Client to confirm scope of Privacy Policy. [3] Client to confirm list is accurate, comprehensive and/or to make any appropriate revisions. [4] Client to confirm list is accurate, comprehensive, and to revise accordingly. Note that the purposes here should be reasonably tailored for reasons specific to automatic collection. For example, automatic collection of information is typically collected for purposes relating to the functioning of the Sites and/or marketing. It’s fine to err on the side of being over-inclusive, but the reasons here should probably not be identical to the reasons given in the next section. [5] Client to confirm this is accurate. [6] Client to confirm this accurate. [7] This is purposely meant to be over-inclusive. These are the categories of personal information outlined by the California Consumer Privacy Act. Because an increasing amount of states will be requesting more transparency and specificity in the type of information that is being collected, we have included these categories in the general privacy policy. Please revise this by removing any information that the Company does not collect, and inserting any additional information that the Company does collect. [8] Client to confirm list is accurate, comprehensive. The Company needs to strike a balance here because in some ways it is better to be overbroad, but in others (due to the hasty drafting and resulting ambiguity of the CCPA) it may need to be specific with respect to the purposes of the collection. For example, the CCPA’s purpose limitation clause prohibits collected personal information for purposes not listed in the privacy notice or uses unrelated to those purposes. This would incentivize the Company to be overbroad in this section. On the other hand, the ambiguity between business purposes (more narrowly defined) and commercial purposes (more broadly defined) and how and when businesses may collect information pursuant to one or both is unclear. A conservative approach in this respect would lead the Company to be more specific. Having said all of that, so long as the above list is reasonably tailored, the better approach is to broadly describe the purposes for collecting the information. [9] Client to confirm the Company will have corporate customers that will allow employees and others to use the App and Services. If not, we can remove this Section. [10] Client to confirm this applicable to the Company. [11] Client to revise as necessary. [12] Client to confirm this is correct. The CCPA requires that information provided to service providers is adequately protected and that the disclosing party ensures that this is, in fact, the case. [13] As mentioned in Footnote 13, this is no longer a best practice because it is required by the CCPA. Moreover, though this is only (so far) required by California, this is likely to catch on with other states who are now considering comprehensive privacy laws. [14] Client to revise as necessary. [15] Client to confirm accuracy. [16] Client to confirm. As mentioned above, this is required by the CCPA for any information that we provide to any third party service providers. [17] Client to confirm this is accurate. [18] Client to confirm this correct. If this is not correct, we’ll need to add some language regarding privacy protections applicable to consumers whose information we sell. [19] Client to confirm this is correct. [20] Client to confirm this correct. [21] Client to provide at least two ways to contact the Company (the phone number must be toll-free).