1 – PURPOSE
3 – OUR RELATIONSHIP WITH YOU
The Qenta operating entity you contract with determines the means and purposes of processing your personal information in relation to the Services provided to you (typically referred to as a “data controller”).
4 – THE PERSONAL INFORMATION WE COLLECT
Information you provide to us. To establish an account and access our Services, we’ll ask you to provide us with some important information about yourself. This information is either required by law (e.g., to verify your identity), necessary to provide the requested services (e.g., you will need to provide your bank account number if you’d like to link that account to our Services or products), or is relevant for certain specified purposes, described in greater detail below. As we add new features and Services, you may be asked to provide additional information.
If you choose not to share certain information with us, we may not be able to serve you as effectively or offer you, our Services. Any information you provide to us that is not required is voluntary.
We may collect, among others, the following types of information from you:
- Personal Identification Information: Full name, date of birth, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.
- Formal Identification Information: Government-issued identity document such as Passport, Driver’s License, National Identity Card, State ID Card, Tax ID number, passport number, driver’s license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.
- Institutional Information: Employer Identification Number (or comparable number issued by a government), proof of legal formation (e.g., Certificate or Articles of Incorporation), personal identification information for all material beneficial owners.
- Financial Information: Bank account information, payment card primary account number (PAN), transaction history, trading data, and/or tax identification.
- Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.
- Employment Information: Office location, job title, and/or description of the role.
- Correspondence: Survey responses, the information provided to our support team or user research team.
- Audio, electronic, visual, and similar information, such as call and video recordings.
Information we collect from you automatically. To the extent permitted under the applicable law, we may collect certain types of information automatically, such as whenever you interact with the Sites or use the Services. This information helps us address customer support issues, improve the performance of our Sites and Services, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:
- Online Identifiers: Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
For example, we may automatically receive and record the following information on our server logs:
- How you came to and use the Services;
- Device type and unique device identification numbers;
- Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL);
- How your device interacts with our Sites and Services, including pages accessed and links clicked;
- Broad geographic location (e.g., country or city-level location); and
- Other technical data collected through cookies, pixel tags, and other similar technologies that uniquely identify your browser
- We may also use identifiers to recognize you when you access our Sites via an external link, such as a link appearing on a third-party site
Information we collect from our affiliates and third parties. From time to time, we may obtain information about you from our affiliates or third-party sources as required or permitted by applicable law. These sources may include:
- Our Qenta Family of Companies: By applicable law, we may obtain information about you from our Affiliates as a normal part of conducting business, if you link your various Qenta accounts so that we may offer our Affiliates’ Services to you.
- Public Databases, Credit Bureaus & ID Verification Partners: We obtain information about you from public databases and ID verification partners for purposes of verifying your identity in accordance with applicable law. ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. In some cases, we may process additional data about you to assess risk and ensure our Services are not used fraudulently or for other illicit activities. In such instances, the processing is necessary for us to continue to perform our contractual obligations with you and others.
- Blockchain Data: We may analyze public blockchain data to ensure parties utilizing our Services are not engaged in illegal or prohibited activity under our Terms, and to analyze transaction trends for research and development purposes.
- Joint Marketing Partners & Resellers: For example, unless prohibited by applicable law, joint marketing partners or resellers may share information about you with us so that we can better understand which of our Services may be of interest to you.
5 – ANONYMIZED AND AGGREGATED DATA
Qenta may use anonymized or aggregate customer data for any business purpose, including to better understand customer needs and behaviors, improve our Services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties.
Types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators
6 – HOW YOUR PERSONAL INFORMATION IS USED
Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We generally use personal information to create, develop, operate, deliver, and improve our Services, content, and advertising; and for loss prevention and anti-fraud purposes. We may use this information in the following ways:
- To maintain legal and regulatory compliance
Most of our core Services are subject to laws and regulations requiring us to collect, use, and store your personal information in certain ways. For example, Qenta must identify and verify customers using our Services to comply with anti-money laundering laws across jurisdictions. This includes the collection and storage of your photo identification. In addition, we use third parties to verify your identity by comparing the personal information you provide against third-party databases and public records. When you seek to link a bank account to your G-Coin wallet account, we may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. If you do not provide the personal information required by law, we will have to close your account.
- To enforce our terms in our user agreement and other agreements
Qenta handles sensitive information, such as your identification and financial data, so it is very important for us and our customers that we actively monitor, investigate, prevent, and mitigate any potentially prohibited or illegal activities, enforce our agreements with third parties, and/or prevent and detect violations of our posted user agreement or agreements for other Services. In addition, we may need to collect fees based on your use of our Services. We collect information about your account usage and closely monitor your interactions with our Services. We may use any of your personal information collected for these purposes. The consequence of not processing your personal information for such purposes is the termination of your account.
- To detect and prevent fraud and/or funds loss
We process your personal information to help detect, prevent, and mitigate fraud and abuse of our services and to protect you against account compromise or funds loss.
- To provide Qenta’s Services
We process your personal information to provide the Services to you. For example, when you want to store funds on our platform, we require certain information such as your identification, contact information, and payment information. We cannot provide you with Services without such information. Third parties such as identity verification services may also access and/or collect your personal information when providing identity verification and/or fraud prevention services.
- To provide Service communications
We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes.
- To provide customer service
We process your personal information when you contact us to resolve any questions, disputes, collect fees, or troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.
- To ensure quality control
We process your personal information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions.
- To ensure network and information security
We process your personal information to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services.
- For research and development purposes
We process your personal information to better understand the way you use and interact with Qenta’s Services. In addition, we use such information to customize, measure, and improve Qenta’s Services and the content and layout of our website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services.
- To enhance your experience
We process your personal information to provide a personalized experience and implement the preferences you request. For example, you may choose to provide us with access to certain personal information stored by third parties. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services.
- To facilitate corporate acquisitions, mergers, or transactions
We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions.
- To engage in marketing activities
Based on your communication preferences, we may send you marketing communications (e.g., emails or mobile notifications) to inform you about our events or our partner events; to deliver targeted marketing, and to provide you with promotional offers. Our marketing will be conducted in accordance with your advertising marketing preferences and as permitted by applicable law.
- To protect the health and safety of our employees and visitors, our facilities and our property, and other rights. If you visit one of our locations, to maintain security at such locations you may be photographed or videotaped.
- For any purpose that you provide your consent.
We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time, and as required under the applicable law, we may request your permission to allow us to share your personal information with third parties. In such instances, you may opt out of having your personal information shared with third parties, or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to limit the use of your personal information, certain features or Qenta Services may not be available to you.
7 – LEGAL BASES FOR PROCESSING YOUR INFORMATION
For individuals who are located in the European Economic Area, the United Kingdom or Switzerland (collectively “EEA Residents”) at the time their personal information is collected, our legal bases for processing your information under the EU General Data Protection Regulation (“GDPR”) will depend on the personal information at issue, the specific context in the which the personal information is collected and the purposes for which it is used. We generally only process your data where we are legally required to, where processing is necessary to perform any contracts, we entered with you (or to take steps at your request before entering into a contract with you), where processing is in our legitimate interests to operate our business and not overridden by your data protection interests or fundamental rights and freedoms, or where we have obtained your consent to do so. In some rare instances, we may need to process your personal information to protect your vital interests or those of another person. Below is a list of how Qenta uses your personal information, as described above in Section 5, with the corresponding legal bases for processing. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
|Purpose of Processing||Legal Bases for Processing|
|To enforce our terms in our user agreement and other agreements, to provide Qenta’s Services, to provide Service communications, to provide customer service, or to ensure quality control||Based on our contract with you or to take steps at your request before entering a contract.|
|For research and development purposes, to enhance your experience, to facilitate corporate acquisitions, mergers, or transactions, or to engage in direct marketing activities||Based on our legitimate interests. When we process your personal data for our legitimate interests, we always ensure that we consider and balance any potential impact on you and your rights under data protection laws.|
|To maintain legal and regulatory compliance, to detect and prevent fraud and/or funds loss, to ensure network and information security, or to protect your or our vital interests||Based on our legal obligations, the public interest, or in your vital interests.|
|To enhance your experience, to engage in third party marketing activities or for any purpose to which you consent||Based on your consent.|
8 – WHY WE SHARE PERSONAL INFORMATION WITH OTHER PARTIES
We take care to allow your personal information to be accessed only by those who require access to perform their tasks and duties, and to share only with third parties who have a legitimate purpose for accessing it (which shall be subject to their relationship with us as data controller). Qenta will never sell or rent your personal information to third parties without your explicit consent. We will only share your information in the following circumstances:
- With third party identity verification services to prevent fraud. This allows Qenta to confirm your identity by comparing the information you provide us to public records and other third-party databases. These service providers may create derivative data based on your personal information that can be used in connection with the provision of identity verification and fraud prevention services. For example:
- With financial institutions with which we partner to process payments you have authorized.
- With service providers under contract who help with parts of our business operations. Our contracts require these service providers to only use your information in connection with the services they perform for us and prohibit them from selling your information to anyone else. Examples of the types of service providers we may share personal information with (other than those mentioned above) include:
- Network infrastructure
- Cloud storage
- Payment processing
- Transaction monitoring
- Document repository services
- Customer support
- Internet (e.g. ISPs)
- Data analytics
- Information Technology
- With companies or other entities that we plan to merge with or be acquired by. You will receive prior notice of any change in applicable policies.
- With companies or other entities that purchase Qenta assets under a court-approved sale or where we are required to share your information under insolvency law in any applicable jurisdiction.
- With our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services to complete third party financial, technical, compliance, and legal audits of our operations or otherwise comply with our legal obligations.
- With law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our User Agreement or any other applicable policies.
- We share personal information about you with our Affiliates as a normal part of conducting business and offering Services to you.
- Where we believe it is necessary to protect the vital interests of any person. If you establish a G-Coin wallet indirectly on a third-party website or via a third-party application, any information that you enter on that website or application (and not directly on a Qenta website) will be shared with the owner of the third-party website or application and your information will be subject to their privacy policies. For more information see the “Third-Party Sites and Services” section below.
9 – HOW WE PROTECT AND STORE PERSONAL INFORMATION
We understand how important your privacy is, which is why Qenta maintains (and contractually requires third parties it shares your information with to maintain) appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the personal information you entrust to us.
We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the US and elsewhere in the world where our facilities or our service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.
For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to personal information only for those employees who require it to fulfill their job responsibilities. Full credit card data may be securely transferred and hosted off-site by payment vendors in compliance with Payment Card Industry Data Security Standards (PCI DSS). This information is not accessible to Qenta or Qenta staff.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.
Furthermore, we cannot ensure or warrant the security or confidentiality of the information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us using the contact information provided in the “How to contact us” section below.
10 – RETENTION OF PERSONAL INFORMATION
We store your personal information securely and will only retain only such personal information in accordance with applicable law for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting obligations or to resolve disputes.
11 -THIRD-PARTY SITES AND SERVICES
If you authorize one or more third-party applications to access your Qenta Services, then information you have provided to Qenta may be shared with those third parties. A connection you authorize or enable between your Qenta account and a non-Qenta account, payment instrument, or platform is considered an “account connection.” Unless you provide further permissions, Qenta will not authorize these third parties to use this information for any purpose other than to facilitate your transactions using Qenta Services. Please note that third parties you interact with may have their own privacy policies, and Qenta is not responsible for their operations or their use of data they collect. Information collected by third parties, which may include such things as contact details, financial information, or location data, is governed by their privacy practices and Qenta is not responsible for unauthorized third-party conduct. We encourage you to learn about the privacy practices of those third parties.
Examples of account connections include:
- Merchants: If you use your Qenta account to conduct a transaction with a third-party merchant, the merchant may provide data about you and your transaction to us.Your Financial Services Providers: For example, if you send us funds from your bank account, your bank will provide us with identifying information in addition to information about your account in order to complete the transaction.
- Information that we share with a third party based on an account connection will be used and disclosed in accordance with the third party’s privacy practices. Please review the privacy notice of any third party that will gain access to your personal information. Qenta is not responsible for such third-party conduct.
12 – CHILDREN’S PERSONAL INFORMATION
We do not knowingly collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, Qenta will require the user to close his or her account and will not allow the user to continue using our Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.
13 – EMPLOYEE AND PROSPECTIVE EMPLOYEE PERSONAL INFORMATION
We abide by the same principles outlined in this policy in the handling of the personal information of our employees. As for prospective employees the following guidelines apply:
- Responsible Person
Qenta has implemented the page for your application, which gives you the opportunity to submit your application for a position at Qenta Inc. or one of the group companies of Qenta Inc. via this platform and to enter the application data directly via a web interface.
We use the latest technical and organizational precautions to protect your data, and our employees are also regularly trained in handling personal data.
Qenta Inc. are responsible for processing your applicant data.
- Personal Information Collected
- If and when a person applies for a specific role with Qenta, we may collect the following information from such person:
- First name, last name, e-mail and, if applicable, address/place, date of birth, salutation, telephone number, citizenship;
- Additional questions depending on the respective advertisement (e.g. driver’s license);
- Resume/curriculum vitae, in particular information on professional experience and education;
- Skills (e.g. Java, MS Office);
- Qualifications, awards and language skills;
- Motivation letter;
- Other files and documents that the applicant voluntarily shares with us.
- Data Processing
Prospective employee personal information will be processed by Qenta to verify eligibility for a position on our job portal and to contact applicants in connection therewith.
With the applicant’s consent, we will also compare their data with that of other applicants and job offers (advertised on any of the Qenta websites or on any third-party websites) to find the most suitable candidate. For such purposes it may also be necessary to share such personal information with other entities within our group, include the entity advertising the relevant position.
- Data Retention Periods
Personal data of rejected applicants will be stored for a maximum period of 6 months as from the day on which the application was rejected, unless applicants request in writing for such information to be stored by Qenta for a longer period of time at any point during the application process (e.g. to be considered for future job openings).
- Data Privacy Rights
- Job applicants may contact us if they wish to:
- access, correct, update or request deletion of their personal information;
- object to the processing of their personal information as described herein; and/or
- withdraw their consent for the processing of their personal information.
- Third Party Transfers and Processing
- Data Privacy Rights
Job applicant’s personal information obtained as part of the application process will neither be published nor shared with third parties without the respective applicant’s consent. However, such personal information may be shared by Qenta’s human resources department who must process it as part of the application process and who may share it with:
- previous employers and/or referrers; and
- IT and other service providers (including providers of human resources management solutions) in connection with the application process or in accordance with our policies
- Consent Revocation
Job applicants may revoke their consent for the handling of their personal information in accordance with this policy at any time by emailing us at firstname.lastname@example.org.
14 – COOKIES
Personal details can be saved in cookies if you have consented. For example, cookies may be used to facilitate secure online access so that you do not need to enter your user ID and password again.
More information on cookies and their use can be found at www.aboutcookies.org or www.allaboutcookies.org.
If you choose not to accept Cookies, you can still access and use our website. You can prevent Cookies from being stored on your device by setting your browser to not accept Cookies. The exact instructions for this can be found in the manual for your browser. You can delete Cookies already on your device at any time. However, if you choose not to accept Cookies that are strictly necessary for the provision of our services provided by our website, it may result in a reduced availability of such services.
For statistical analysis, and with your acceptance, we may use analytics tools such as Adobe Analytics or Google Analytics from time to time. You may object at any time to the collection and analysis of statistical data regarding your access to and use of our website by writing to email@example.com.
We do not currently use third-party Cookies but could use them in the future, in which case we will update this policy to include information on such third parties and the way they handle your information. However, third-party tracking technologies are not controlled by us, and statements regarding our practices do not apply to these third parties or their use of information, nor can we make representations regarding the policies or practices of such third parties, or are we responsible for the effectiveness of or compliance with any third parties opt-out options.
For regulatory compliance purposes, we do not respond to browser “Do Not Track” signals.
15 – INTERNATIONAL TRANSFERS
If you have a complaint about our privacy practices and our collection, use, or disclosure of personal information please submit your request via email to firstname.lastname@example.org.
Data transferred out of the EU:
We rely primarily on the European Commission’s Standard Contractual Clauses and Binding Corporate Rules (BCR) to facilitate the international and onward transfer of personal information collected in the European Economic Area (“EEA”), the United Kingdom and Switzerland (collectively “European Personal Information”), to the extent the recipients of the European Personal Information are located in a country that the EU considers to not provide an adequate level of data protection. This may include transfers from our EU-based operating entities to our operating entities in the US or other jurisdictions where we operate. We may also rely on an adequacy decision of the European Commission confirming an adequate level of data protection in the jurisdiction of the party receiving the information, or derogations in specific situations.
Qenta is responsible for the processing of personal information it receives and subsequently transfers to a third party acting as an agent on its behalf. Before we share your information with any third party, Qenta will enter into a written agreement that the third party provides at least the same level of protection for personal information as required under applicable data protection laws.
16 – YOUR PRIVACY RIGHTS AND CHOICES
Depending on applicable law where you reside, you may be able to assert certain rights related to your personal information identified below. If any of the rights listed below are not provided under law for your operating entity or jurisdiction, Qenta has absolute discretion in providing you with those rights.
- You have the right to be provided with information concerning your personal information. However, these rights are not absolute. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would harm another’s privacy; (c) to protect our rights and properties within the applicable law; (d) where you already have the requested information, or for other reasons permitted by the applicable law.
- Access and portability. You may request that we provide you with a copy of your personal information held by us. This information will be provided without undue delay subject to a potential fee associated with the gathering of the information (as permitted by law) unless such provision adversely affects the rights and freedoms of others. In certain circumstances, you may request to receive your personal information in a structured, commonly used, and machine-readable format, and to have us transfer your personal information directly to another data controller.
- Rectification of incomplete or inaccurate personal information. You may request us to rectify or update any of your personal information held by Qenta that is inaccurate.
- Withdraw consent. To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of Qenta processing based on consent before your withdrawal.
- Restriction of processing. In some jurisdictions, applicable law may give you the right to restrict or object to our processing or transferring your personal information under certain circumstances. We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
- Automated individual decision-making, including profiling. Qenta relies on automated tools to help determine whether a transaction or a customer account presents a fraud or legal risk. In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
- Marketing communications. You will only be contacted by Qenta based on a legitimate interest or your consent. You can opt out of receiving marketing communications from Qenta at any time. Direct marketing includes any communications to you that are only based on advertising or promoting our products and services. We will only contact you by electronic means (email or SMS) based on our legitimate interests, as permitted by applicable law, or your consent. If you do not want us to send you marketing communications, please go to your account settings to opt-out or submit a request via email to email@example.com.
- For users in the European Economic Area, the United Kingdom, and Switzerland: To the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services that are like those which were the subject of a previous sale or negotiations of a sale to you. We will only contact you by electronic means for marketing purposes if you have consented to such communication. You may raise such objections concerning initial or further processing for purposes of direct marketing, at any time and free of charge.
How to make a privacy request
You can make privacy rights requests relating to your personal information by contacting us via email at firstname.lastname@example.org. Please note that when we receive an individual rights request via other intake methods, we may take steps to verify your identity before complying with the request to protect your privacy and security.
How to lodge a complaint
If you believe that we have infringed your rights, we encourage you to first submit a request via email to email@example.com so that we can try to expeditiously resolve the issue. If that does not resolve your issue, you may contact the Qenta Data Protection Officer at firstname.lastname@example.org .
17 – HOW TO CONTACT US
California Privacy Notice
This California Privacy Notice (“Notice”) is a supplement to Qenta Inc.’s (“Qenta” “us” “we” “our”) other privacy policies or notices. In the event of a conflict between any other Qenta policy, statement, or notice and this Notice, this Notice will prevail as to California residents and their rights under California law.
THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
In accordance with the CCPA’s requirements, this Notice describes our Collection, use, and disclosure of California Consumers’ “Personal Information” (“PI”) during the preceding twelve months, as well as the rights California Consumers have under the CCPA. Terms defined in the CCPA that are capitalized in this Notice have the same meanings as in the CCPA unless otherwise stated.
Consistent with the CCPA, job applicants, current and former employees and contractors, and subjects of certain business-to-business communications acting solely in their capacity as representatives of another business, are not considered Consumers for purposes of this Notice or the rights described herein.
Collection and Use of Personal Information
We Collect and share PI about California Consumers as described in the table below.
|Category||Examples of PI Collected||Categories of Recipients|
|Identifiers||Identifiers such as those enumerated below, or other similar identifiers, based on your usage of our services.|
|Automatically collected for all users: online identifier, internet protocol address.||Service providers such as analytics and/or advertising platforms, fraud prevention services, cloud services and hosting providers, our CRM/CDP systems, and other similar vendors.|
|As you provide information to use certain features of our services: real name, alias, postal address, email address.||Service providers such as analytics and/or advertising platforms, our CRM/CDP systems, email marketing providers, direct mail marketing providers, and other similar vendors.|
|If you choose to open an account with us, additional information as required to identify you and/or comply with other regulatory requirements: account holder name, social security number or tax identification number, driver’s license number, passport number.||Services used to verify your identity for compliance purposes, fraud prevention, e-signature collection, and other similar purposes|
|Customer Records||If you choose to conduct a transaction with us, the following information may be provided by you: telephone number, tokenized instances of payment card details, tokenized instances of bank account details, bank account routing and/or account numbers, cryptocurrency wallet/payment address||Service providers such as payment processors, fraud prevention, the trust company that custodies your account, or similar vendors.|
|Protected Characteristics||Marital status or familial status||Service providers such as the trust company that custodies your assets.|
|Commercial Information/ Purchase Details||Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Service providers, such as companies who provide fraud prevention services and services that you request like storage or shipping.|
|Internet Usage Information||Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.||Service providers such as analytics and/or advertising platforms, fraud prevention, and other similar vendors.|
|Geolocation Data||Only when you approve such requests:
Precise physical location or movements and travel patterns.
|Service providers, including for e-signature collection, fraud prevention, and other similar services.|
|Sensory Data||Audio recordings of customer service calls.||Service providers who help us improve our customer interactions.|
|Inferences from PI Collected||Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Service providers such as our CRM/CDP systems, advertising platforms, and other similar vendors.|
We Collect PI directly from the Consumer (e.g., when you complete an order, create an account, or request information from us), indirectly from the Consumer (e.g., through user activity on our website), from other individuals (e.g., when friends or family place a gift order or book a trip or class), and through customer service call recordings.
- Providing our services, including maintaining and servicing your accounts, verifying your information, billing and processing payments, marketing, analytics services, and similar functions and services;
- Detecting security incidents and protecting against malicious, deceptive, or illegal activity;
- Troubleshooting our services to identify and repair issues;
- Internal research and development;
- Quality and safety assurance, and improving, upgrading, and enhancing our products and services; and
- Processing and managing interactions and transactions for our products and services.
In addition, we may Collect, use, and disclose your PI as required or permitted by applicable law, when requested or compelled by law enforcement or legal process, for required tax reporting, or in connection with contractual obligations. We do not treat deidentified data or aggregate consumer information as PI, and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information.
Subject to the CCPA’s restrictions and obligations, our service providers and business partners also may use your PI for some or all of the above-listed business purposes (including to facilitate interest-based advertising and other advertising and marketing).
CCPA PRIVACY RIGHTS
Under the CCPA, California Consumers have certain rights which they may exercise independently or through an Authorized Agent. CCPA rights requests are subject to an identification and verification process. We will not fulfill a CCPA request unless we have been provided sufficient information for us to reasonably verify that the requestor is the Consumer about whom we Collected PI.
Some PI we maintain about Consumers (e.g., clickstream data) is not sufficiently associated with enough PI about the Consumer for us to be able to verify that it is a particular Consumer’s PI. Accordingly, we will not include such information in response to Consumer requests. If we cannot comply with a request, we will explain the reasons in our response. We will use PI provided in your request only to verify your identity or authority to make the request and to track and document request responses, unless you also provided the PI to us for another purpose.
Your California Consumer privacy rights are described below. To make a request, you may email us at email@example.com. In making a request, you will need to verify that you are the authorized user of the subject email address/account and that you are a current resident of the State of California. Please follow the instructions on our website and promptly respond to any follow-up inquires so that we may confirm your identity. If you request that we provide you with specific pieces of information about you, we will apply heightened verification standards. An Authorized Agent may submit a request on behalf of a Consumer if the Consumer has provided the Authorized Agent with power of attorney in accordance with California law; alternatively, we will (1) require the Authorized Agent to present verifiable written authorization from the Consumer that the Authorized Agent has the Consumer’s permission to submit the request; and (2) independently verify the Consumer’s own identity with us.
We may Collect, use, and disclose your PI as required or permitted by applicable law. Please note we are not obligated to comply with Consumer requests to the extent that doing so would infringe on our, or any other person’s or party’s rights, or conflict with applicable law.
You have the right to request that we disclose your PI that we have Collected and are maintaining for the 12-month period prior to your request date. Consumer requests of this nature may be made no more than two times in a 12-month period.
- The categories of PI we have Collected about you.
- The categories of sources from which we Collected your PI.
- The business or commercial purposes for Collecting or Selling your PI.
- The categories of third parties with whom we have shared your PI.
- The specific pieces of PI we have Collected about you.
- A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
- A list of the categories of PI Sold about you in the prior 12 months, or that no Sale occurred. If we Sold your PI, we would also list the categories of third parties to which we Sold PI, by categories of PI Sold for each Third Party.
You have the right to make or obtain a portable copy, no more than twice in a 12-month period, of your PI that we have Collected in the period that is 12 months prior to the request date and are maintaining. Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
“Do Not Sell” Rights
We do not sell California Consumer PI, including PI of minors under the age of 16, as “sell” is defined under the CCPA.
Except to the extent we have a basis for retention under CCPA, you may request that we delete your PI that we have Collected directly from you and are maintaining. Our retention rights include, without limitation, to complete transactions and services you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights.
CALIFORNIA’S “SHINE THE LIGHT” LAW
California law permits customers in California to request certain details about how their personal information is shared with third parties and, in some cases, affiliates if that personal information is shared for those third parties’ and affiliates’ own direct marketing purposes. Californian customers may request such information by contacting us at firstname.lastname@example.org.
To make a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident, and provide your current California address to which we will send our response. Your inquiry must specify “California Privacy Rights Request” in the subject line of the email or the first line of the letter and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year.
As these rights and your CCPA rights exist under different legal regimes, you must exercise your rights under each law separately.
Although our online service(s) are intended for an audience over the age of majority, any California residents under the age of eighteen (18) who have registered to use our online services, and who posted content or information on the online service, can request removal by contacting us at email@example.com detailing where the content or information is posted and attesting that you posted it. We will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it, so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that we do not control.
For more information regarding your California privacy rights, please visit https://oag.ca.gov/privacy/ccpa or email us at firstname.lastname@example.org.