Last Updated on 31st October, 2023
- www.axtria.com, mobile applications, platforms, and other online solutions, software applications, media, solutions, features, websites, webpages and subdomains, content, and/or functionality (the “Site”) that are owned, provided, and operated by Axtria Inc. and its group companies (together, “Axtria”, also referred as “we”, “us” or “our”), or
- Other services, products, or similar processes, including your communications and general interactions with Axtria (our “Services”).
We take data privacy and security seriously and believe in transparency.
This Policy describes our current practices regarding how we collect, use, protect, and disclose the personal data that we collect from individuals who use, access or interact with our Sites or Services (such individuals are collectively referred as “you”, or “your”). Such individuals may include representatives of our customers, prospective clients, vendors, partners, Site visitors, and/or employees.
This Policy also describes the choices available to you so that you have more control regarding the use and disclosure of your personal data, and how to update and correct your personal data.
This Policy does not apply to any third-party websites that are accessed from our Sites and is subject to periodic revision.
PLEASE READ THIS POLICY CAREFULLY TO UNDERSTAND HOW WE TREAT YOUR INFORMATION. IF YOU DO NOT AGREE WITH THE TERMS OF THIS POLICY, YOU SHOULD NOT ACCESS OR USE OUR SITES, SERVICES, OR OTHERWISE INTERACT WITH US. BY USING OR ACCESSING OUR SITES, REGISTERING OR SUBMITTING YOUR INFORMATION THROUGH OUR SERVICES, OR INTERACTING WITH AXTRIA, YOU CONSENT TO THIS POLICY AND TO OUR COLLECTION AND SHARING OF YOUR INFORMATION IN ACCORDANCE WITH THE TERMS OF THIS POLICY.
For people who are located in the European Economic Area (“EEA”), Switzerland or the United Kingdom (“UK”), please review Annex 1 (GDPR Privacy Notice). For California residents, please review Annex 2 (U.S. State-Specific Privacy Notices).
2. PERSONAL DATA WE MAY COLLECT
2.1 What is Personal Data: Personal data is any information that personally identifies an individual or from which an individual could be identified. The information we collect depends upon things such as the nature of our relationship, the method you communicate with us, and the purpose of your interaction with us. This may include a name, mailing address, telephone number, email address and other categories described below.
2.2 What information is out of the scope of this Policy: Our use of Aggregated Data as defined below is not subject to this Policy.
2.3 Information that we may collect. The information we collect depends upon things such as the nature of our relationship, the method you communicate with us, and the purpose of your interaction with us. We may collect the following information
Contact Information: Such as your name, mailing address, email address, telephone number, professional title, and business name.
Account Information: Such as your username, email address, and/or password to login to your online account with us.
Communications Data: Such as information you provide through our online web forms, when you contact us with questions, request support or marketing materials, or otherwise choose to provide when you correspond with us online.
Comments and User-Generated Content: Such as any comments or content uploaded to the Sites or Services (such as text, images, audio, and video, along with the metadata associated with the information you upload or submit). Some areas of the Sites may allow you to comment. Please be careful about including any personal data in any comments or other communications you make. Any comments you make are reviewed before appearing online, and once posted, are publicly available.
User-Generated Content: Such as any content uploaded to the Sites or Services (such as text, images, audio, and video, along with the metadata associated with the information you upload or submit).
Device Information: Such as information that is automatically assigned to your devices used to access our Sites and/or Services including your IP address, unique device identifier, device type, browser type, location information, and other information about your browser.
Usage Data: Such as information about how you use the Sites and/or Services, and interact with us, including information you provide when you use any interactive features of the Sites or Services, the areas within our Sites and/or Services that you viewed and your activities there, IP address, domain name, a date/time stamp, operating system, language, clickstream data and similar device and usage information.
Marketing Data: Such as your preferences for receiving communications about our activities, publications, and details about how you engage with our communications.
Other information that you voluntarily share with us to facilitate your use of our Sites and/or Services which is not specifically listed here. We will use such information in accordance with this Policy, as otherwise disclosed at the time of collection, in accordance with our agreement, or to the extent necessary for performing our Services.
Social Media Information: We have pages on social media sites like Instagram®, Facebook®, Medium®, Twitter®, YouTube®, and LinkedIn® or other social channels. When we interact through our social media pages, we collect personal data that you elect to provide to us, such as your contact details (collectively, “Social Information”).
We do not intentionally collect any sensitive personal information through our Sites and/or Services. Sensitive personal information means the various categories of personal data identified by applicable data privacy laws as requiring special treatment. These categories can include data relating to ethnic origin or race, marital status, political opinions or affiliations, ideological views or activities, trade union membership, religious beliefs, physical or mental health, genetic or biometric information, sexual orientation, information on social security measures, or administrative or criminal proceedings or records. We therefore suggest that you do not provide sensitive personal information of this type to us.
3. HOW WE MAY USE YOUR PERSONAL DATA
Axtria may use personal data we collect about you for any of the following reasons mentioned below:
Fulfilling your Transaction Requests: If we receive any requests related to, for example, a product or service, a call-back specific marketing material, we will use your personal data to fulfil your request and complete the transaction. In connection with a transaction, we may also contact you as part of our customer satisfaction surveys, to respond to your comments and inquiries, or for market research purposes subject to applicable laws.
Personalizing your Experience on our Sites and/or Services: Subject to the Annexes, we may use information we collect about you to provide you with a personalized experience on our Sites, such as providing you with content in which you may be interested and making navigation on our Sites easier.
Marketing: Subject to the Annexes, the information you provide to Axtria, as well as the information we have lawfully collected about you indirectly, may be used by Axtria for marketing purposes. We will offer you the opportunity to (i) opt-in (where required by applicable data privacy laws) to provide information to Axtria using your information in this way, or (ii) opt-out following your receipt of any marketing materials in accordance with applicable data privacy laws. You may at any time choose not to receive marketing materials from us by following the unsubscribe instructions included in each e-mail you may receive, or by contacting Axtria directly at email@example.com , or by visiting the Axtria Preferences Centre.
Some of our offerings may be co-branded, that is sponsored by both Axtria and third parties, such as Axtria Alliance Partners. If you sign up for these offerings, be aware that your information may also be collected by and shared with those third parties. We encourage you to familiarize yourself with their privacy policies to gain an understanding of the way they will handle information about you. If you would like to review, rectify, or request deletion of any personal data we have about you, you can submit a request by emailing Axtria’ s privacy office at firstname.lastname@example.org.
Aggregated or De-Identified Information: We may aggregate or de-identify personal data and use the aggregated information by excluding and removing data components (such as your name, email address, or linkable tracking ID) through obfuscation, or through other means so that the resulting dataset is no longer personally identifiable to you (such resulting dataset is known as “Aggregated Data”) to analyse the effectiveness of our Sites and/or Services, to improve and add features to our Sites and/or Services, to conduct research and for other similar purposes. In addition, from time to time, we may analyse the general behaviour and characteristics of users of our Services that do not identify a particular individual and share Aggregated Data like general user statistics with third parties, publish such Aggregated Data or make such Aggregated Data generally available. We may collect Aggregated Data through the Services, through cookies, and through other means described in this Policy. We will maintain and use Aggregated Data in anonymous or de-identified form, and we will not attempt to reidentify the information.
HR-Operations (including personnel management, employee benefits, and recruitment): In connection with a job application or inquiry, whether advertised on the Axtria Sites or otherwise, you may provide us with information about yourself, such as a resume. We may collect your personal data in connection with our HR operations, such as your employee orientation, benefit enrolment, performance review, and in compliance with applicable employment laws in your jurisdiction. We may use this information throughout Axtria to address your inquiry, consider you for employment opportunities, and HR operations’ purposes.
Legal Requirements: We may also use your personal data to protect the rights or property of Axtria, our business partners, suppliers, clients, or others when we have reasonable grounds to believe that such rights or property have been or could be affected. In addition, we reserve the right to use your personal data as may be required or otherwise permitted by law, or when we believe that disclosure is necessary to protect our rights, or the rights of others, or to comply with a judicial proceeding, court order, law enforcement, or legal process.
We may use your personal data for other purposes that are consistent with, related to and/or ancillary to the purposes and uses described in this Policy, for which your personal data was provided to us.
4. HOW WE MAY SHARE & DISCLOSE YOUR PERSONAL DATA
As a global organization with business processes, management structures and technical systems that cross borders, Axtria may share information about you within Axtria group companies, and with certain service providers or third parties such as: Axtria may transfer information about you to various countries in the world where we do business in connection with the purposes identified above and in accordance with this Policy. Our Policy and our internal policies and practices are designed to provide a globally consistent level of protection for personal data all over the world. Even in countries where laws provide for less protection for your information, Axtria will still handle and protect your information in the manner described in this Policy. Where permitted by applicable laws, including in cases that require your consent, we may share or disclose your personal data as follows:
Service Providers: We may share your personal data with service providers, suppliers, and other alliance partners located in various countries to manage or support its business operations, provide professional services, deliver customer services and solutions, and otherwise process information on Axtria’ s behalf. It is Axtria’ s practice to require such service providers, suppliers, and alliance partners to handle personal data and other confidential information in a manner consistent with Axtria’ s policies and applicable laws.
Acquisitions and Similar Transactions: Circumstances may arise where, whether for strategic or other business reasons, Axtria decides to sell, buy, merge, or otherwise reorganize businesses in some countries. Such a transaction may involve the disclosure of personal data to prospective or actual purchasers, or the receipt of such information from sellers. It is Axtria’ s practice to seek appropriate protection for information from the prospective or actual purchaser in these types of transactions.
Legal Process or Defending Legal Claims: We may also disclose personal data at the request of law enforcement or government agencies; in response to subpoenas, court orders, or other legal process; to establish, protect, or exercise our rights; to defend against a legal claim; to detect, investigate, prevent, or take action against illegal activities or potential threats to the rights, property, or safety of any other person; or as otherwise required by law.
Additionally, we may ask, from time to time, if you would like us to share your information with affiliated or unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your information in this context with your consent.
5. CCPA (CALIFORNIA CONSUMER PRIVACY ACT) NOTICE
The California Consumer Privacy Notice supplements this Policy in Annex 2 and applies solely to residents in the state of California.
6. GDPR COMPLIANCE
In the development of Axtria’ s privacy policies and standards, we respect and consider the major privacy and data protection principles and frameworks around the world and any amendments applied thereto from time-to-time, including, the EU General Data Protection Regulation (“EU GDPR”) and Data Protection Act 2018 of the United Kingdom (“UK GDPR”) (the EU GDPR and UK GDPR are collectively referred to as the “GDPR”).
For “personal data” originating from the EEA, Switzerland or the UK , Axtria uses a variety of lawful data transfer mechanisms for this purpose, including EU Standard Contractual Clauses. See Annex 1 for a notice to persons located in the EEA, Switzerland and the UK.
7. CROSS-BORDER DATA FLOW
We are a global company and the personal data we collect from you may be transferred to, accessed, or stored in jurisdictions that are located outside of your home jurisdiction including, without limitation, the United States and other jurisdictions in which we or our service providers operate. We will comply with applicable legal requirements when transferring your personal data to countries other than where you are located. While permissible data transfer mechanisms are defined by applicable laws, Axtria would only share your personal data under a strict ‘need to know’ basis and under applicable laws and appropriate contractual restrictions.
Our Sites and/or Services are housed on servers in the United States. If you are located outside of the United States, please be aware that information and data we collect will be processed and stored in the United States, a jurisdiction in which the data protection and privacy laws and principles, including your data subject rights, might be different from the laws and principles of the country/region where you reside or are a citizen.
8. INFORMATION SECURITY & DATA RETENTION
8.1 Information Security. Security is a high priority for Axtria. We endeavour to protect the personal data and other confidential information and we have implemented reasonable and appropriate administrative, technical, and physical safeguards designed to prevent unauthorized access, use or disclosure. While our security measures seek to protect the personal data in our possession, no Internet or email transmission is ever fully secure or error free and we cannot warrant the security of any information you transmit to or from the Sites or Services.
The safety and security of your personal data also depends on you. Therefore, you should take special care in deciding what information you send to us via the, Sites, our Services, or through email. Where you use a password for access to restricted parts of the Sites or Services, you are responsible for keeping your password confidential. Do not share your password with anyone. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.
8.2 Data Retention. How long we retain personal data will depend on several factors, such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, our purpose for processing the information, and any legal requirements.
9. OPT-OUT, DATA RIGHTS & PREFERENCES
Registration is not required to gain access to Axtria’ s Sites. However, if you choose to receive certain services, specific material, and information or other interact with our Services, Axtria may collect personal data from you as described in this Policy.
Communication Preferences: You can manage, make, or change your choices about receiving certain types of communications from us at any time by using the links at the bottom of any email or via the Axtria Preference Centre. Once we receive your instruction, we will promptly take action. You may not be able to opt-out of certain communications pertaining to customer support, operating our Services, or communications required for legal or security purposes.
Online Tracking Signals: We do not currently recognize browser settings or signals of tracking preferences, which may include “Do Not Track” instructions. “Do Not Track” is a web browser setting that seeks to disable the tracking of individual users’ browsing activities. We adhere to the standards set out in this Policy and do not currently respond to “Do Not Track” signals on the Services or on third-party websites or online services where we may collect information.
10. COOKIES, WEB BEACONS & TRACKING TECHNOLOGIES
A cookie is a string of information that a website saves on a visitor’s computer (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” or “permanent” cookie). “Session” cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. “Persistent” or “permanent” cookies remain stored on your hard drive until they expire or are deleted by you.
When Axtria collects cookies or makes use of a browser’s local storage capabilities, they help us identify visitors, their usage of the Sites, and their website preferences.
We may also use web beacons in the marketing e-mails we send. These non-intrusive tags help us know when you view our e-mails. We use this data to understand what kinds of content are of interest to you. You may be able to disable such tracking by setting your e-mail client to display messages as text only or by turning off image display.
Please note that the website is constantly being updated and the list in Section 11 will change over time. If you have any additional questions about the use of a particular cookie, please do not hesitate to email email@example.com.
Information on deleting or controlling cookies is available at www.allaboutcookies.org . By refusing to accept cookies from us, you may not be able to use some of the features and functionality available on our website.
11. ONLINE MARKETING
Axtria uses Google tools like Google Analytics and Google AdWords to understand our site visitors better and deliver relevant ads to you. If you prefer to opt out of Google Analytics, Google provides this browser add-on: https://tools.google.com/dlpage/gaoptout. To make changes to how Google delivers ads to you, you can adjust your advertising settings here: https://adssettings.google.com.
12. CHILDREN’S PRIVACY
Axtria does not knowingly solicit or collect data from children as defined by local laws, and does not target its Sites or Services to children under the age of 13. We encourage parents and guardians to take an active role in their children’s online and mobile activities and interests and ask that minors should not submit any personal data.
If a parent or guardian becomes aware that his or her child has provided us with information without his or her consent, he or she should contact us at firstname.lastname@example.org . We will delete such information from our files within a reasonable time.
13. EXTERNAL LINKS
We may provide social media features that enable you to share information with your social networks and to interact with Axtria and its group companies on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on these Third-Party Sites with which you interact to make sure you understand the information that may be collected, used, and shared by those sites.
14. NOTIFICATION OF CHANGES
We reserve the right to change this Policy at any time. If we do, we will post an updated version of the Policy on this page with the date such modifications were made indicated at the top of the page. We may inform you through another type of communication if required by applicable laws. By continuing to use our Sites and/or Services or providing us with personal data after we have posted an updated Policy, or notified you by other means, you consent to the revised Policy.
15. INQUIRIES & CONTACT
We value your opinion, if you have any comments or question about this Policy, Axtria’ s handling of your personal data, or a possible breach of your privacy you can send an email to the Axtria Global Privacy and Data Protection Office at email@example.com.
You may also mail us at:
Attn. Data Protection Officer
300 Connell Drive, 5th Floor
Berkeley Heights 07922
Axtria India Pvt. Ltd.
Attn. Data Protection Officer
Building 14, Tower B (11th & 17th Floor)
DLF Cyber City, SEZ, DLF Phase III,
Gurgaon – 122022, Haryana, India
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
Annex 1 – GDPR Notice
Last Updated on 31st October, 2023
This GDPR Notice (“GDPR Notice”) applies only if you use our Sites or Services from a country that is a Member State of the European Union or European Economic Area (collectively, “EU”), the United Kingdom (“UK”), or Switzerland and supplements our Policy above. For the purposes of this Annex 1, the term “Personal Data” has the meaning ascribed to it under the GDPR.
The data controller for our Services is [Axtria India Pvt. Ltd and Axtria Inc]. For our contact information, see Section 15 (INQUIRIES & CONTACT) of our Policy.
Categories of Personal Data and the Purposes of the Processing
Our Policy describes the categories of Personal Data that we collect, use, share, or otherwise process and the purposes for that processing in the course of operating our business. Personal Data gathered through cookies and similar tracking technologies is used for the purposes described in our Policy.
Lawful Basis for The Processing
We may process your Personal Data subject to any of the purposes and uses set out in this Policy based on one or more of the following legal grounds:
Performance of a Contract: As necessary to perform the Services you have requested or to comply with your instructions or other contractual obligations between you and us.
Legal Obligations: As necessary to comply with our legal obligations as well as to keep records of our compliance processes (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement).
Legitimate Interest: Because of our legitimate interests, or those of a third-party recipient of your Personal Data, to make the processing necessary, provided those interests are not overridden by your interests or fundamental rights and freedoms, such as to ensure that we provide. As set forth below, you have the right to object to our processing of your Personal Data on the basis of our legitimate interests and we must stop such processing unless we have a compelling interest in the continued processing that overrides yours.
Vital Interest: As necessary to protect your vital interests;
Public Interest: As necessary in the public interest;
Consent: Because you have expressly given us your consent to process your Personal Data in a particular manner.
We collect consent from you before placing 1st party or 3rd party targeting or advertising cookies, or sending you promotional materials or other marketing information via email.
Recipients of your Personal Data
We use various service providers to manage our Services such as event registration or managing e-mail communications. Our service providers change from time to time. We use commercial reasonable efforts to enter into contracts with our service providers to restrict what they can do with your Personal Data. If you would like specific information about our service providers who have received your Personal Data, please contact us at firstname.lastname@example.org and we will provide that information to you. We may also disclose your Personal Data to other categories of data recipients as described in Section 4 of our Policy.
International Data Transfers
When we transfer your Personal Data to other countries, we will use, share and safeguard that Personal Data as described in this Policy. We may transfer the Personal Data we collect to countries outside of the EEA which do not provide the same level of data protection as the country in which you reside and are not recognized by the European Commission as providing an adequate level of data protection. We only transfer Personal Data to these countries when it is necessary for our Services, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your Personal Data, such as European Commission approved standard contractual clauses.
Retention Period for Personal Data
How long we retain personal data varies according to the type of information in question and the purpose for which it is used. We delete personal data within a reasonable period after we no longer need to use it for the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose). This does not affect your right to request that we delete your Personal Data before the end of its retention period. We may archive Personal Data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures. If you want to learn more about our specific retention periods for your Personal Data, please contact us using the methods provided in Section 16 of our Policy.
Your Rights Regarding Personal Data
If you are located in the EU, UK, or Switzerland, you have the following rights under the GDPR:
Right of Access. To the extent required by law, you have the right to receive confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data and the following information: the purposes of the processing; the categories of Personal Data concerned; and the recipients or categories of recipient to whom the Personal Data have been or will be disclosed. We will provide a copy of your Personal Data in compliance with applicable laws.
Right of Rectification. Our goal is to keep your Personal Data accurate, current, and complete. Please contact us if you believe your information is not accurate or if it changes.
Right to Erasure. In some cases, you have a legal right to request that we delete your Personal Data when (1) it is no longer necessary for the purposes for which it was collected, (2) consent has been withdrawn in certain instances, (3) you have objected to the processing in certain instances, (4) the Personal Data has been unlawfully processed, (5) the Personal Data have to be erased for compliance with a legal obligation; and (6) the Personal Data were collected in relation to the offer of information society services. However, the right is not absolute. When we delete Personal Data, it will be removed from our active servers and databases as well as the Platform; but, it may remain in our archives when it is not practical or possible to delete it. We may also retain your Personal Data as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.
Right to Restrict Processing. You have the right to restrict the processing of your Personal Data when (1) the accuracy of the Personal Data is contested, for a period enabling the controller to verify the accuracy of the Personal Data; (2) the processing is unlawful and you oppose erasure and request a restriction instead; (3) we no longer need the Personal Data, but you need us to keep it for the establishment, exercise, or defense of legal claims; or (4) you have objected to us processing the Personal Data, pending resolution of the objection.
Right to Portability: You have right to request that we made available, in a portable form, your Personal Data in our possession so that you can transfer to a third party.
Right to Object. In certain circumstances, you have the right to object to the processing of your Personal Data where the processing is necessary for performance of a task carried out in the public interest, for our Legitimate Interests, or for the Legitimate Interests of others. You also have the right to object where Personal Data is processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.
Right to Withdraw Consent. If you have provided your consent to the collection, processing, and transfer of your Personal Data, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent, in whole or in part, we will no longer process your information for the purpose(s) to which you originally consented and have since withdrawn unless there are compelling legitimate grounds for further processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of Personal Data for the provision of our Services.
If you would like to exercise any of these rights, please contacting us using the methods provided in Sections 9 and 16 of our Policy.
You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority. A list of Supervisory Authorities is available in the table below (PLEASE NOTE: these third party links are provided below for your convenience, and we may not actively monitor the content of these links):
Annex 2 – U.S. State-specific Privacy Notice
Last Updated on 31st October, 2023
We reserve the right to amend this U.S. Privacy Notice annually or as required. When we make changes to this notice, we will post the updated version on our website and update the Effective Date for the applicable section.
NOTICE TO CALIFORNIA RESIDENTS
A. Personal Information Collected
(i) Data Category Table
Name, postal address, unique personal identifier, insurance policy number, IP address, email address, Social Security number, driver’s license number, passport number, or other similar identifiers.
Personal Information as defined in Cal. Civ. Code § 1798.80(e)
Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
*Some Personal Information included in this category may overlap with other categories.
Characteristics of protected classifications under state or federal law (i.e., age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status.
** Most Personal Information in this categories are collected when you choose to provide it to us (or through our service providers), or as required under our HR-related business purposes.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Facial biometric data, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns.
Internet or other similar activity
Browsing history, search history, information on a Consumer's interaction with a website, application, or advertisement, which may include your username, password and other identifiers set to access your network or any password-protected sites, applications, and other services, IP addresses, log files, login information, and software and hardware inventories, browsing history, search history, and information regarding a Consumer’s interaction with an Internet Web site, application, or advertisement.
Physical location or movements.
Audio, electronic, visual, thermal, olfactory, or similar information
Professional or employment related information
Occupation, current or past employment history or performance evaluations
Non-public education information
Education records directly related to a student maintained by an educational agency/institution, such as, grades, transcripts, class lists, student identification codes, student financial information, or student disciplinary records.
Inferences drawn from other PI
Inferences drawn from any of the information identified in this list to create a profile about a Consumer reflecting the Consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Sensitive Personal Information**
*** We only collect Sensitive Personal Information for legitimate business purposes appropriate for the use and disclosure of Sensitive Personal Information as contemplated in the California Privacy Laws, and not otherwise use it to infer characteristics about you.
Personal Information does not include:
- Publicly available information from government records or lawfully obtained, truthful information that is a matter of public concern; or
- De-identified, anonymized, or aggregated information that cannot be attributed back to an individual (“Aggregated Data”).
- Information excluded from the scope of California Privacy Laws including, but not limited to:
- An activity involving the collection, maintenance, disclosure, sale, communication, or use of any Personal Information bearing on a Consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living by a consumer reporting agency, a furnisher of information who provides information for use in a consumer report, and by a user of a consumer report provided that the agency, furnisher, or user is subject to regulation under the Fair Credit Reporting Act (“FCRA”).
- Medical information governed by the Confidentiality of Medical Information Act or protected health information as governed by the U.S. Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
(ii) Categories of Sources. We collect Personal Information directly and indirectly from the following categories of sources:
- Directly from you, and/or your devices.
- Indirectly from your activities on your devices, our Sites, and/or your interactions with our Business Operations.
- From our clients and business partners, such as commercial clients, corporate policyholders, insurers, reinsurers, brokers, network partners, employers, benefit plan sponsors, benefit plan administrators, health care providers, and service providers.
- From other third parties, such as social media sites, advertising networks, analytics partners, and other third parties that we interface with.
- From government authorities.
- From publicly available sources.
- From background checks and screening tools such as industry fraud prevention and detection databases and credit agencies.
(iii) Purposes for Which We Use Your Personal Information
- Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
- Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes.
- Debugging to identify and repair errors that impair existing intended functionality.
- Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us.
- Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf.
- Providing advertising and marketing services to you, except for cross-context behavioral advertising.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
- Other purposes as expressly authorized by the implementing regulations of the California Privacy Laws.
(iv) Categories of Personal Information We Disclosed for a Business Purpose
In the preceding 12 months, we have disclosed the following categories of Personal Information for a business purpose:
- All categories of Personal Information that we identified as set forth in the Data Category Table
(v) Categories of Personal Information Shared to Third Parties
We do not “sell” Personal Information for monetary consideration, the disclosures of information about how an individual interacts with a website, and other identifiers described under the category of “Internet and Other Similar Activity” in the Data Category Table above, may constitute a “sharing” of Personal Information for cross-context behavioral advertising as broadly defined under the California Privacy Laws. To the extent such exchanges occur, a California Consumer may exercise his or her rights under the Right to Opt-Out described in Section (B)(iii) of this Notice to California Residents.
(vi) Data Retention
B. Your California Privacy Rights
This section describes Consumers’ rights under the California Privacy Laws and explains how to exercise those rights, subject to certain exceptions:
(i) Right to Know. With respect to the Personal Information we have collected about you, you have the right to request from us:
- The categories of Personal Information we have collected about you during the past 12 months;
- The categories of sources from which the Personal Information is collected;
- The business or commercial purpose(s) for which the Personal Information was collected, sold, or shared;
- The categories of third parties with whom we disclose that Personal Information for a business purpose; and
- The specific pieces of Personal Information we collected about you in a format easily understandable to the average Consumer (also called a “Data Portability Request”).
In addition, to the extent we sell or share Personal Information, a Consumer shall have the right to request the business to identify, during the past 12 months:
- The categories of Personal Information that we sold or shared, and the categories of third party recipients; and
- The categories of Personal Information disclosed for a business purpose and the categories of recipients
(ii) Right to Deletion. Subject to several exceptions, you have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions and as permitted under the California Privacy Laws.
(iii) Right to Opt-out of “Sale” and Certain “Sharing” Practices. A California Consumer has the right to opt-out of the “sale” and “sharing” of your Personal Information with third parties, as those terms are defined under the California Privacy Laws. “Sell” in this case does not mean providing data in exchange for money – we don’t do that. “Selling” or “sharing” instead means the disclosure or release of Personal Information, including technical device data that does not identify you directly but can be attributed back to identify you, when a third party might use that data for its own purposes, such as for personalized advertising or cross-context behavioral advertising, whether or not for monetary or other valuable consideration. We do not have actual knowledge that we sell Personal Information of minors under 16 years of age. While this Consumer right is not applicable to how we collect or use your Personal Information, we provide this information as this is a core part of your rights as a California Consumer.
(iv) Right to Correct. Subject to certain restrictions, you have the right to request that we correct inaccurate Personal Information that we maintain about you. Our goal is to keep your Personal Information accurate, current, and complete. If you believe your Personal Information is not accurate (other than the one listed on your account, which you may modify at any time), you may submit a request by using the “How to Exercise Your California Privacy Rights” section of this Notice to California Residents.
(v) Right to Limit Use and Disclosure of Sensitive Personal Information. In certain circumstances, a California Consumer has the right to limit the use and disclosure of Sensitive Personal Information. Our use of your Sensitive Personal Information is reasonably necessary to perform services or provide goods reasonably expected by an average Consumer and not for those purposes for which you may exercise a right to limit the use or disclosure under the California Privacy Laws. While this Consumer right is not applicable to how we collect or use your Sensitive Personal Information, we provide this information as this is a core part of your rights as a California Consumer.
(vi) Right to Non-Discrimination. We will not discriminate against you for exercising any of your rights under the California Privacy Laws. Unless permitted by the California Privacy Laws, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
(vii) Other California Privacy Rights. California's “Shine the Light” law (Civil Code Section § 1798.83) permits California Consumers who are users of our Sites to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not disclose your Personal Information to third parties for their direct marketing purposes.
C. How to Exercise Your California Privacy Rights
(i) Methods to Submit California Consumer Requests
If you are a California Consumer and would like to exercise your rights under the California Privacy Laws described above, you may do so via any of the methods described below:
- Sending an email to email@example.com
(ii) Authorized Agent. You may designate an authorized agent to make a request on your behalf. Authorized agents will be required to provide proof of their authorization. Individuals operating as an authorized agent on behalf of a California Consumer must provide a written authorization document, signed by the California Consumer, containing the California Consumer’s name, address, telephone number, and valid email address, and expressly authorizing the individual to act on behalf of the California Consumer. We may also require that you directly verify your identity and the authority of your authorized agent. We reserve the right to reject authorized agents who have not fulfilled the above requirements or automated requests under the California Privacy Laws where we have reason to believe the security of the requestor’s Personal Information may be at risk.
(iii) Verification Procedures. We are required by California Privacy Laws to verify the identity of individuals who submit a Consumer request. The verifiable Consumer request must provide sufficient information that allows us to reasonably verify your identity and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. The information we may need in order to verify your identity differs depending upon the request made and our relationship with you and might include (as applicable) your name, the email address you regularly use to interact with us, your telephone number, your date of birth, etc. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. We can only respond to your request or provide you with relevant information if we are able to verify your identity or authority to make the request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.
(iv) Response Timing: Upon receiving a Request to Know, Request to Delete, or Request to Correct, we will confirm receipt of the request within 10 business days and respond to the request within 45 calendar days from the date we receive your request. If necessary, we may take an additional 45 calendar days to respond to your request. If this extension is needed, we will notify you of the extension and explain the reasons that responding to your request will take more than 45 days. We are only required to respond to Requests to Know and Data Portability Rights twice in a 12-month period.