GLOBAL PSA | Help VDX.tv spread information about COVID-19

Learn more

PRIVACY

VDX.tv Privacy Policy

Note: this privacy policy can be printed by clicking the Print icon, or an audio version can be obtained by emailing privacy@vdx.tv.

Last updated: June 30, 2020
Effective Date: January 1, 2020

INTRODUCTION

Exponential Interactive, Inc. doing business as VDX.tv (“we”, “us”, or “our”) is an advertising media services company whose clients and customers are online advertisers (“Advertisers”) and digital content providers (collectively, our “Partners”).  We help our Partners reach their target audiences and grow through ad sales.  Learn more about us at VDX.tv.

We are active members of advertising industry groups the Network Advertising Initiative (“NAI”), the Digital Advertising Alliance (“DAA”), and the Digital Advertising Alliance of Canada (“DAAC”).  We comply with the NAI Code of Conduct and are signatories to the DAA Self-Regulatory Principles for Online Behavioral Advertising and the DAAC Self-Regulatory Principles for Online Behavioural Advertising.

PURPOSE

This Privacy Policy (“Policy”) describes our practices, both online and offline, regarding the collection, use, disclosure and sale of personal data and personal information, and of the rights of consumers regarding their own personal data and personal information (collectively, “your information”) when you visit our website at VDX.tv (“Site”), in relation to the services we provide our Partners, and any other means in which you interact with us, directly or indirectly.  We are committed to protecting your privacy and processing your information in accordance with all applicable privacy and data protection laws, rules, and regulations, such as the European Union General Data Protection Regulation 2016/679, as amended (“GDPR”), Privacy Shield Principles, and the California Consumer Privacy Act of 2018, as amended (“CCPA”).

Please read this Policy carefully.  When you use this Site, you consent to our collection, storage, use, disclosure, and safeguarding of your information as described in this Policy.  If you do not agree with the terms of this Policy, do not use this Site.

INFORMATION WE COLLECT AND HOW WE USE IT

We may collect, transmit, and store your information provided to us from the following categories of sources (i.e., types or groupings of persons or entities from which a business collects personal information about consumers) and categories of third parties (i.e., types or groupings of third parties with whom the business shares personal information) – directly from you, our online technology, and our Partners.

Directly from You

We collect your information directly from you and for the following purposes when you:

  • submit a job application, resume, cover letter, or social media profile to a job vacancy, or interview with us;
  • enter into an employment or consulting services contract with us;
  • complete forms, post content on our Site, respond to surveys, or use any features on our Site;
  • provide feedback to us by phone, email, physical mail, or any other means of providing feedback;
  • interact with us on our social media accounts, including without limitation LinkedIn, Twitter, and Facebook;
  • subscribe to any of our marketing materials; and
  • participate in contests sponsored by us.

Online Technology

We may automatically collect certain information when you use our online technology.  Such information includes:

  • Internet Protocol (“IP”) Address: An address provided by your internet service provider (“ISP”) to connect you to the internet and enable delivery of your online requests.
  • Cookie Identifier: A cookie (data file) with a unique identifier that we set from our domain “tribalfusion.com”.
  • User Agent: Information related to the web browser that acts on your behalf and enables your interaction with web content.
  • Clickstream Data: Information about your interaction with a webpage (e.g., time and date you visited the page; webpage address; title of ad shown; topics (such as “beach” or “Caribbean”) that we interpret (as “summer vacation”) from the page.
  • Viewed Content Data: Information related to video content viewed on an internet-connected TV (“Connected TV”).

Other information that may be collected include browser session location, ISP, pages that you visit before, during, and after using our Site, links you click, how you use our online technology, and information from any associated devices used to interact with our online technology.

Our Partners

Our Partners receive your information when you visit or use their services or through third parties they work with.  We require our Partners to have lawful rights to collect, use, and share your information before we receive any of your information.  A list of Partners with whom we may share data is available on our Partnerships & Accreditations page located at https://vdx.tv/partnerships.  Our Partners perform different services such as advertising brand safety and quality, advertising brand reporting, privacy, data management platforms, and advertising inventory.

We may also use analytics vendors such as Google Analytics to allow tracking technologies and remarketing services through the use of first- and third-party cookies to analyze and track users’ use of this Site, determine the popularity of certain content, and better understand online activity.  We do not transfer your information to these analytics vendors.

However, by accessing this Site, you consent to the collection and use of your information by these analytics vendors.  We encourage you to review these vendors’ privacy policies.  If you do not want your information to be collected and used by these analytics vendors, contact the responsible analytics vendor directly or use the NAI Opt-Out Tool, DAA Opt-Out Tool, or DAAC Opt-Out Tool.

COOKIES

We and our Partners may use web beacons, tags, advertising identifiers, and similar technology (collectively, “cookies”) related to your use of this Site and in providing our services.

Cookies may transmit information about you and your use of this Site, such as your browser type, IP address, data relating to ads displayed to you or ads that you have interacted with, and the date and time of your use.  Cookies may be persistent (e.g., stored on your device until it expires or until you delete them) or stored only during an individual web browsing session.  Our tracking cookies automatically expire (i.e., are automatically deleted from your web browser) ninety (90) days from the last time we encounter you. 

Generally, cookies help make ads more relevant to you and remove ads you already viewed.  Cookies also make ads more valuable to our Partners by improving reporting on campaign performance (e.g., whether an advertiser reached its audience or not; how many ads were shown; how many clicks an ad received; etc.).

We use cookies for the following purposes:

  • Create audience segments, build targeting profiles, and delivering ads based on automated decision-making related to those profiles;
  • Help our Partners to measure the effectiveness and distribution of their ads and digital content, and to understand the consumers who use Partner services;
  • Detect and prevent fraud;
  • Troubleshoot problems to increase the efficiency and operation of this Site; and
  • As required by applicable law, rule, or regulation if we believe your information is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect our rights or the rights of others.

Opting Out of Our Cookies

If you do not want our cookies on your device, you can opt-out by visiting our Opt-Out page at http://exponential.com/privacy/opt-out and clicking on the Opt-Out link.  The Opt-Out page will automatically confirm whether or not your opt-out request was successful.

When you opt-out, your device will overwrite our cookie with a non-identifying opt-out cookie (“Opt-Out Cookie”).  The Opt-Out Cookie indicates that your data should not be used for behaviorally-targeted advertising.  The details of the Opt-Out Cookie are shown below.

If you reject our cookie, you may still use our Site, but your ability to use some features or areas of our Site may be limited.  If you have any questions about opting out of our cookies, please contact us as outlined in Section 7 (Contact Information) below.

If you do not want targeted advertising cookies from us or similar companies, please use one of the opt-out mechanisms provided by NAI, DAA, or DAAC.  If you do not want any cookies on your device, you can change your browser or device settings to reject cookies or visit About Cookies.

To opt-out of sharing your Viewed Content Data from your Connected TV, please consult the manufacturer’s device information.

THIRD PARTIES AND CATEGORIES OF INFORMATION

The categories of third parties that may receive your information include Partners.

The categories of information related to third parties include:

  • Aggregated and Deidentified Information: We receive and share aggregated and deidentified information with third parties in connection with advertising programs and data analytics.  For example, we may provide our Partners with the number of users who have been exposed to or interacted with certain ads.
    • NAI Health-Related Targeting Segment Notice: As an NAI member, VDX.tv is required to fully and publicly disclose health-related audience segments for tailored advertising and provide a representative sample of custom audience segments used for the same purposes.  VDX.tv does not receive, use, or transmit personally identifiable health information but uses aggregated and deidentified data to help determine health-related audience segments (i.e., wellness, beauty, fitness, etc.).  A representative sample of health-related audience segments for advertiser targeting (i.e., inferred from user interaction with related ads or sites) is available on our NAI Healthcare Targeting Segment Declaration page at https://vdx.tv/nai-health-targeting-segment-declaration.
  • Business Transfers: We may share information from or about you with companies under common control with us and require those companies to also honor this Policy.  If another company acquires us, or all or substantially all of our assets, such company will possess the same information.
  • Investigations and Legal Disclosures: We may investigate and disclose your information if we have a good faith belief that such investigation or disclosure: (i) is reasonably necessary to comply with legal, regulatory or law enforcement processes, such as a search warrant, subpoena, statute, judicial proceeding, or other legal or regulatory process or law enforcement request; (ii) is helpful to identify, investigate, or prevent possible wrongdoing related to our Site or Partners; or (iii) is necessary to protect our rights or the rights of others.
  • Links: The Site may link to the websites of third party (non-Partners) that we are not affiliated with.  We do not share your information with third party (non-Partners) and are not responsible for their privacy practices.

DATA RETENTION

Our tracking cookie automatically expires (i.e., are automatically deleted from your web browser) ninety (90) days from the last time we encounter you.  Please refer to Section 2 (Cookies) above for instructions on overwriting our tracking cookie.  Alternatively, you can request removal of your information by contacting us as outlined in Section 7 (Contact Information) below.

We may, however, retain your information as required by our legal and regulatory obligations.  We may also maintain residual copies of your information in our backup systems as required by law.

CHILDREN’S PRIVACY

Our Site and services are not intended for children.  We do not knowingly collect, maintain, or sell the personal information of children under the age of sixteen (16).  If you are under the age of sixteen (16), please do not access our Site or use our services.  If we learn that we have inadvertently collected personal information of children under the age of sixteen (16), we will delete such information unless otherwise required by applicable law, regulation, or rule.

SECURITY

We use commercially reasonable administrative, technical, and physical security measures to safeguard your information.  Despite our efforts, please note that any information disclosed online is inherently vulnerable to interception and misuse by unauthorized parties.  As such, we cannot absolutely guarantee total security of your information.

CONTACT INFORMATION

Please contact us with any questions about this Policy using the information below:

United States Address
Exponential Interactive, Inc. d/b/a VDX.tv
Attn: Legal Department
5858 Horton Street, Suite 300
Emeryville, CA 94608

U.S. Phone
U.S. toll-free number +1 (800) 480-0816
Emeryville local office number +1 (510) 250-5500

United Kingdom Address
Exponential Interactive, Inc. d/b/a VDX.tv
Attn: Data Protection Officer
30 Stamford Street London, SE19LQ

Email
privacy@vdx.tv

To protect the security of your information, we will take steps as we deem necessary to confirm your identity or the identity of your Authorized Agent or valid power of attorney before completing a request or sharing any personal information with you or your Authorized Agent or valid power of attorney.

CHANGES TO THIS POLICY

We reserve the right to update this Policy at any time and for any reason.  Any changes or modifications will be effective as of the “Effective Date” at the top of this Policy.  We will notify you about any changes to this Policy by updating the “Last updated” date at the top of this Policy.  In some cases, we may also notify you of Policy updates by adding a statement to our Site homepage, via email, or by any other means of communication allowed by law.

We encourage you to review this Policy from time to time to stay informed about our privacy practices and your options.  By continuing to access or use this Site after those updates become effective, you agree to be bound to the terms of the then-current Policy.

CALIFORNIA PRIVACY RIGHTS

Under the CCPA, California residents and households have certain rights around the collection, use, and sharing of their personal information.

Disclosure or Sale of Personal Information

We have not disclosed or sold any personal information to third parties for any business or commercial purpose in the preceding twelve (12) months.  We do not and will not disclose or sell your personal information without giving you notice and an opportunity to opt out of such disclosure or sale as required by law.

We do not offer financial incentives associated with our collection, use, or disclosure of your personal information.

We collect various categories of personal information when you use this Site or our Partner sites, including identifiers, commercial information, internet or other electronic network or device activity, geolocation data, and professional information.  A detailed description of the information we collect and how we use it is provided in Section 1 (Information We Collect and How We Use It) above.  Section 3 (Third Parties and Categories of Information) above describes the categories of third parties with whom we share personal information, and what information may be shared and under what circumstances.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”).  In particular, we have collected the following categories of personal information from consumers from the following within the last twelve (12) months:

Category

Examples

Collected

A. Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

Yes

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.  Some personal information in this category may overlap with other categories.

Yes

C. Protected classification characteristics under California or federal law

Age (forty (40) years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Yes

D. Commercial information

Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Yes

E. Biometric information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

No

F. Internet or other similar network activity

Browsing history, information on a consumer’s interaction with a website, application, or advertisement.

Yes

G. Geolocation data

Physical location or movements.

Yes

H. Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information.

No

I. Professional or employment-related information

Current or past job history or performance evaluations, and administering employment benefits including retirement, health, and other benefit programs, services, or products to which consumers and their dependents or their beneficiaries receive access through the consumer’s employer.

Yes

J. Non-public education information (Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99))

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

No

K. Inferences drawn from other personal information

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Yes

Under the CCPA, personal information does not include:

  • Publicly available information from government records;
  • Deidentified or aggregated consumer information;
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996, and the California Confidentiality of Medical Information Act, or clinical trial data; or
  • Sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.

We receive the categories of personal information listed in the chart above from the following sources:

  • Directly from you;
  • Partners or their agents (e.g., information that our Partners give to us related to the services for which they engage us); and
  • Directly and indirectly from activity on our Site (e.g., usage details collected automatically).

Use of Personal Information

We may use or disclose the personal information we collect for some or more of the following business purposes:

  • To fulfill or meet the reason for which such personal information is provided;
  • To provide you with information, products, or services that you request from us;
  • To improve our Site and its contents to you;
  • For testing, research, analysis, and product development;
  • As necessary or appropriate to protect our rights or the rights of others;
  • To respond to law enforcement requests and as required by applicable law, regulation, rule, or court order;
  • As otherwise set forth in the CCPA; or
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without notifying you as required by law.

Sharing Personal Information

We may disclose your personal information to a third party (i.e., our Partners) for a business purpose.  When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information (listed above) for a business purpose with two (2) categories of third parties: (1) service providers (“Service Providers”); and (2) third parties to whom you or your agents authorized us to disclose your information in connection with our products or services (“Authorized Third Parties”) – detailed in the chart below:

Category

Examples

Categories of Third Parties We Shared Personal Information With

A. Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

  • Service Providers; and
  • Authorized Third Parties

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.  Some personal information in this category may overlap with other categories.

  • Service Providers; and
  • Authorized Third Parties

C. Protected classification characteristics under California or federal law

Age (forty (40) years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

  • Service Providers; and
  • Authorized Third Parties

D. Commercial information

Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

  • Service Providers; and
  • Authorized Third Parties

F. Internet or other similar network activity

Browsing history, information on a consumer’s interaction with a website, application, or advertisement.

  • Service Providers; and
  • Authorized Third Parties

G. Geolocation data

Physical location or movements.

  • Service Providers; and
  • Authorized Third Parties

I. Professional or employment-related information

Current or past job history or performance evaluations, and administering employment benefits including retirement, health, and other benefit programs, services, or products to which consumers and their dependents or their beneficiaries receive access through the consumer’s employer.

  • Service Providers; and
  • Authorized Third Parties

K. Inferences drawn from other personal information

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

  • Service Providers; and
  • Authorized Third Parties

Your Data Privacy Rights Under CCPA

Generally, California resident or household consumers have the following data privacy rights under the CCPA:

  • Right to Know: You may request that a business tell you what specific personal information it collected, shared, or sold about you, and why it was collected, shared, or sold;
  • Right to Delete: You may request that a business delete personal information that it collected from you, subject to some exceptions;
  • Right to Opt-Out: You may request that a business stop selling your personal information;
  • Rights for Minors: A business cannot sell the personal information of minors under the age of sixteen (16) without their permission and, for children under thirteen (13), without parental consent; and
  • Right to Non-Discrimination: A business may not discriminate against consumers who exercise their rights under the CCPA.

Right to Know (i.e., Information About and Access to Your Personal Information)

You have the right to request that we disclose personal information we collected about you pursuant to Civil Code sections 1798.100, 1798.110, or 1798.115 including any or all of the following:

  • Specific pieces of personal information that we collected about you;
  • Categories of personal information we collected about you;
  • Categories of sources from which your personal information is collected;
  • Categories of personal information that we sold or disclosed for a business purpose about you;
  • Categories of third parties to whom your personal information was sold or disclosed for a business purpose; and
  • The business or commercial purpose for collecting or selling your personal information.

In responding to your verified consumer request to know, we will provide information on:

  • The categories of personal information we collected about you (e.g., IP address, geolocation data, internet activity such as web browsing histories, and professional or employment-related information) in the preceding twelve (12) months from the date we receive your request;
  • The categories of sources from which your personal information was collected (e.g., cookies);
  • The business or commercial purpose for which we collected or sold your personal information (e.g., fraud prevention, marketing, etc.);
  • The categories of third parties with which we share your personal information;
  • The categories of personal information that we sold in the preceding twelve (12) months, and for each category identified, the categories of third parties to which we sold that particular category of personal information; and
  • The categories of personal information that we disclosed for a business purpose in the preceding twelve (12) months, and for each category identified, the categories of third parties to whom we disclosed that particular category of personal information.

The CCPA also requires that if requested, we provide you with responsive materials in a readily usable format that allows you to transmit your information from one (1) entity to another without hindrance.

Right to Delete

The CCPA generally permits you to request that we and our direct service providers (i.e., Partners) delete personal information collected from you in accordance with Civil Code section 1798.105.  However, we are not required to delete your personal information for any of the following reasons:

  • if we need your information to complete the transaction for which it was collected;
  • to comply with a legal obligation;
  • to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.), as amended;
  • to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • to identify and repair errors that impair existing and intended functionality; or
  • to make other internal and lawful uses of your information that are compatible with the context in which you provided it.

Verifiable Consumer Requests

The CCPA considers the right to know and the right to delete as verifiable consumer requests.  Verifiable consumer requests must: (i) provide sufficient information that allows us to reasonably verify that you are in fact the California resident or Household about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We may deny a request to know or a request to delete if we cannot verify your identity or authority to make the request or confirm that the requested personal information relates to you.

We will only use personal information that you provide us to verify your identity or authority.

How to Submit a Request to Know or a Request to Delete

  • Submit your request using the information in Section 7 (Contact Information) above and include the value of your tribalfusion.com ANON_ID cookie (“TF ANON_ID Cookie Value” or “Cookie Value”) as explained below.

Verifying Your Identity with Your TF ANON_ID Cookie Value

Your Cookie Value is the only repository where consumer identifying information may be stored.  To find your TF ANON_ID Cookie Value (highlighted blue in example below):

  • Open your web browser and go to “tribalfusion.com”;
  • Locate the ANON_ID cookie (see image below) in your browser’s privacy or cookie settings (location will vary by browser); and
  • Copy the TF ANON_ID Cookie Value and email it to privacy@VDX.tv.

Once we receive your Cookie Value, we will decode it and the values for it, and any other activity linked to it.

Our Confirmation of or Response to Your Request to Know or Request to Delete

Requests to Know

Confirmation

Except where permitted by law, we will confirm receipt of your request usually by email (unless you request another method) within ten (10) business days.  Our confirmation will include a general description of our verification process for right to know requests and when you should expect a response – unless we already granted or denied your previous right to know request(s).

Response

We will respond to your request within forty-five (45) calendar days – starting on the day we receive your request.  If we cannot verify your identity within the forty-five (45)-day period, we may deny your request.  If necessary, we may take up to an additional forty-five (45) calendar days to respond to your request, for a maximum total of ninety (90) calendar days from the day we receive your request.  If we need to take more than forty-five (45) calendar days to respond to your request, we will notify you generally by email and explain our reason.

Requests to Delete

Response

We will notify you that we will maintain a record of the request (as allowed under the CCPA) to ensure that your personal information remains deleted from our records.  We will also inform your whether or not we complied with your request.

We will comply with your deletion request by performing any of the following:

  • permanently and completely erasing your personal information on our existing systems (except archived or back-up systems);
  • deidentifying your personal information; or
  • aggregating your personal information.

If we deny your request, we will (unless otherwise prohibited by law):

  • describe the basis for the denial, including any conflict with federal or state law, or CCPA exception;
  • delete any personal information that is not subject to the exception (if any); and
  • will not use your personal information retained for any other purpose than provided for by the CCPA exception.

If we are unable to verify your identity, we may deny your request.  However, we will inform you that your identity cannot be verified.

Right to Opt-Out of the Sale of Your Information

Under the CCPA, you may opt-out of the sale of your personal information from a business to third parties.  While we do not sell your personal information suppression of any sharing of your personal information can be applied by following the same steps laid out in the Right to Delete above.

Rights for Minors

Our Site and services are not intended for children.  We do not knowingly collect, maintain, or sell the personal information of children under the age of sixteen (16).

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.  We will not:

  • Deny you services;
  • Charge you different prices or rates for services by granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of services; or
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.

Who May Exercise Your CCPA Rights

Only you, a valid power of attorney under the California Probate Code, as amended, or a natural person or business entity registered with the Secretary of State to conduct business in California that you authorize to act on your behalf (“Authorized Agent”), may make a verifiable consumer request to know or delete related to your information.

If you wish to submit a request to know or a request to delete via an Authorized Agent, your Authorized Agent must provide us with written and signed permission from you to submit the request(s).  “Signed” means that the written attestation, declaration, or permission has either been physically signed or provided electronically per the Uniform Electronic Transactions Act, Civil Code section 1633.7 et seq. 

Next, contact us (as outlined in Section 7 (Contact Information) above) so we may verify your identity and confirm that you provided the requesting Authorized Agent permission to submit the request(s).

Fees

We will not charge a fee to process or respond to your verifiable consumer request unless it is excessive.  If we reasonably determine that the request requires a fee, we will tell you why we made that decision and give you a cost estimate in writing before completing your request.

Shine The Light Law

Separate from the CCPA, California Civil Code Section 1798.83, as amended, also known as the “Shine The Light” law gives California residents the right to request and obtain what personal information we share with third parties for those third parties’ direct marketing purposes.  We do not disclose your personal information to third parties for such third parties to directly market their services to you.  If you have any questions about our Shine The Light Law practices, please contact us as outlined in Section 7 (Contact Information) above.

Do Not Track

California law requires us to tell you how we respond to web browser Do Not Track (“DNT”) signals.  DNT allows users a way to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services.  We do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

EUROPEAN PRIVACY RIGHTS

This Section 10 applies to European Residents only.  A “European Resident” is a resident of a country in the European Economic Area (“EEA”).

The GDPR describes situations in which companies are permitted to collect or reuse your personal information.

Our legal basis for collecting and using your information depends on the specific information at issue and the corresponding circumstances of collecting such information.  We collect your personal information only with your consent or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.  We may also have legal obligations to collect your information or may otherwise need your information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement, we will specify the legal requirement and the information we require.  If we collect and use your information in reliance on our legitimate interests (or those of any third party), our legitimate interests will generally involve operating and improving this Site, communicating with you, marketing purposes, or detecting or preventing fraud.  For more information about GDPR, please visit the EU’s “Data protection and online privacy” page.  If you have questions about our compliance with GDPR, please contact us as outlined in Section 7 (Contact Information) above.

INTERNATIONAL DATA TRANSFER: PRIVACY SHIELD CERTIFICATION

We are committed to subjecting all personal information received from the EEA and United Kingdom (“Privacy Shield Covered Data”), respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, including supplemental principles described in each Privacy Shield Framework (collectively, the “Privacy Shield Principles”).

We have certified to the U.S. Department of Commerce that we adhere to the Privacy Shield Principles.  To learn more about the Privacy Shield Framework and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield List.  If there is any conflict between the terms of the Privacy Shield Principles and this Policy, the terms of the Privacy Shield Principles will govern.

Under the Privacy Shield Framework, we collect, use, and disclose Privacy Shield Covered Data for the purposes described in this Policy.  Additionally, the Privacy Shield Framework enables you to ask us if we process personal information about you, request access to your information, and ask that we correct, amend, or delete your information where such information is inaccurate or processed in violation of the Privacy Shield Principles.  We are responsible for the processing of personal information under each Privacy Shield Framework, and subsequent transfers to a third party acting as an agent on its behalf.  The Privacy Shield requires that we remain liable if a third party processes your information in a manner inconsistent with the Privacy Shield Principles.

With respect to Privacy Shield Covered Data received or transferred pursuant to the Privacy Shield Framework, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).  We may be required to disclose personal information in response to lawful requests by the FTC or similar public authorities to meet national security or law enforcement requirements.  You may, after exhausting other dispute resolution procedures and subject to certain conditions, request free binding arbitration from JAMS (a dispute resolution provider) by visiting the Privacy Shield Arbitration page.  If your request remains unresolved, you may contact the national data protection authority for your EU Member State.

If you reside in the European Union, your personal information may be processed outside of EEA.  We take all necessary steps to ensure that your information is adequately protected and processed in accordance with this Policy, including: only transferring data to countries approved by the European Commission;
only transferring data to U.S.-based providers who utilize the EU-U.S. Privacy Shield – which requires similar protection to personal information shared between Europe and the U.S.; and
using (where applicable) the European Commission’s Standard Contractual Clauses – European Commission-approved contracts that offer personal information the same protection under European law.