Browsie App privacy

Browsie - Privacy Policy

[Last Modified: March 10, 2024]

This privacy policy (“Privacy Policy” or “Policy”) governs the data processing practices of FireArc Technologies Ltd. (“Company”, “we”, “us”, or “our”) “) when you use our mobile safari extension available for download on App Store (“Extensions”) and the services and provided through the Extension (collectively the Extension and the services will be defined herein after as the “Services”).

This Privacy Policy constitutes an integral part of our Terms of Use (“Terms”), and it governs the data collection, process and transfer in respect with our Services, all in accordance with the relevant data protection and privacy laws and regulations, including, if relevant to the user’s jurisdiction, the EU General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) and any other applicable privacy laws and regulations. Definitions used herein but not defined herein shall have the meaning ascribed to them in our Terms.

If you are a California or Colorado resident, we recommend you to review our CCPA Privacy Notice.

This Privacy Policy does not cover your interaction with third-party content available in through the Services, this Privacy Policy may be different from third parties’ privacy practices and we shall not be liable or responsible for the acts of those third parties.

1. POLICY AMENDMENTS:

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of the Privacy Policy will always be posted on the website and the update date will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective within 30 days upon the display of the modified Privacy Policy. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

2. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:

FireArc Technologies Ltd. is incorporated under the laws of the State of Israel, is the Data Controller of (as such term is defined under the GDPR or equivalent privacy legislation).

For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact our privacy team as follows:

Data Protection Officer: Eran Heres, [email protected]

FireArc Technologies Ltd.,

10 ABA EVEN Blvd., Building C, Herzliya, 4672528, Israel

Tel: +972-73-2300100

3. DATA SETS WE COLLECT AND FOR WHAT PURPOSE:

You can find here information regarding the data sets we collect, purposes for which we process your data as well as our lawful basis for processing, and how the data is technically processed. In general, we may collect two types of information from you, depending on your interaction with us:

Non-Personal Data

During your interaction with our Services, we may collect aggregated, non-personal non-identifiable information, which may be made available or gathered via your access to and use of the Services (“Non-Personal Data “). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data being collected may include your aggregated usage information and technical information transmitted by your device, such as: the type of browser or device you use, operating system type and version, language preference, time and date stamp, country location, etc.

Personal Data

We may also collect from you, during your access or interaction with the Services, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data” or “Personal Information”). The types of Personal Data that we collect as well as the purpose for processing such data are specified in the table below.

We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person’s health or data concerning a person’s sex life or sexual orientation (“Special Categories of Personal Data”).

The table below details the processing of Personal Data we collect, the purpose, lawful basis, and processing operations:

DATA SETS

PURPOSE AND OPERATIONS

LAWFUL BASIS UNDER THE GDPR

Contact Information:

If you voluntarily contact us for support or other inquiries, you may be required to provide us with certain information such as your name, email address, etc.

We process such data to provide you with the support you requested or to respond to your inquiry.

The correspondence with you may be processed and stored by us in order to improve our customer service and in the event, we believe it is required to continue to store it, for example, in the event of any claims or in order to provide you with any further assistance (if applicable).

We process such information based on our legitimate interest. Unless you are contacting us for support, in which providing support is part of our contractual obligations to you.

Online Identifiers:

When you install the Extension and use or interact with our Services, we collect your Internet Protocol (“IP”) address or similar unique online identifiers generated, Apple advertising ID, tags (“Online Identifiers”).

We use the unique identifier we assigned to you during the installation to validate you are a person and to know how many individuals install our App.

In addition, we process such data to provide you our Services and to enable the operation of the Services and for security and fraud prevention purposes (i.e., to prevent or to be able to address any errors or technical issues in our Services).

We use the Online Identifiers, advertising ID, for tracking and provide you with personalized ads.

Where we collect such data for operation and security, we process your data based on our legitimate interest.

Where we use the Online Identifiers for personalized ads and tracking it will be based on your consent provided through the App’s organic permissions. You can typically reset these numbers through the settings of your device’s operating system (but we do not control this).

Browsing Data:

When you install the Extension we may further collect information related to your use of our Services. Such information includes your browsing data, pages viewed, access time and date, the features and content you interact with, social media related information, your purchase and transaction history, etc. such information may include other personal information that you provide as part your browsing activity such as name, address etc.

The Browsing Data is used to operate and improve the Services correct any error in the Extension.

We also use data about the ads you interact with to help advertisers understand the performance of their ad campaigns and provide them with reports.

Where we process the Browsing Data subject to our contractual obligations with you, to enable the operation of the Extension and to improve our Services. Other purposes, such as operational and security, are based on our legitimate interest.

Where we collect such data for analytic and advertising purposes, we process the data based on your consent provided through the onboarding permissions.

Location:

Based on the IP address or other information we may obtain such as zip code, we can approximately know your location.

We use this information for language preference and contextual advertisement ads based on your general location.

Our legitimate interest.

Account Information:

To become a premium user you will need to create an account by providing us with your email address.

You represent and warrant that you will not provide us with inaccurate, misleading or false information.

We will use this data in order to create you an account, provide you with account management, support and to provide the Services as well as to send you needed information related to our Services and which related to our business engagement (e.g., send you a welcome message, notify you regarding any updates to our Services, send applicable invoices, etc.) and additional occasional communications and updates related to the Services, as well as promotional and marketing emails (“Direct Marketing”).

We may also use the information to authenticate you.

We process such data for the purpose of performing our contract with you, to provide the Services and to designate your account.

Transaction Information:

When you decide to make a purchase on our Extension

The payment is processed by Apple Pay . We do not keep any payment information; we just know you made the payment.

We will use third party payment processors, any transactions that are processed by these third party payment processors will be governed by their policies.

We process such data for the purpose of performing our contract with you and will enable you to use our Services.

Marketing Activities:

We may show you advertisements on our Service. For this we process your Online Identifiers, and our third party advertisers will use the tracking technology to personalize the ads.

We process your personal in order to provide you with the applicable ads.

We process such data subject to your consent.

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in the “International Data Transfer” Section below, is based on the same lawful basis as stipulated in the table above.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.

We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined.

4. HOW WE COLLECT YOUR INFORMATION:

Depending on the nature of your interaction with the Services, we may collect information as follows:

Automatically – we may collect directly or indirectly (i.e., by getting access permissions to certain process and information stored in your mobile device) gather information automatically, such as Non-Personal Information as well as Online Identifiers.
Provided by you voluntarily – we will collect Personal Data if you choose to register or if you contact us for support, make a purchase or any information you uploaded to the Extension by you.

5. COOKIES AND SIMILAR TECHNOLOGIES:

We use “cookies” and similar tracking technologies such as software developer kits (“SDK“) on our Extension and Services. A cookie is a small text file that a website places and stores on your device while you are viewing a website. Cookies are very helpful and can be used for various purposes. These purposes include: (i) allowing you to navigate between pages efficiently; (ii) enabling automatic activation of certain features; (iii) remembering your preferences; and (iv) making the interaction between you and our services quicker and easier. The SDKs create the opportunity Extension enhance with more functionality

The specific SDK we currently use on our website, are detailed in the table below:

COOKIE NAME	PURPOSE	EXPIRY
Google Analytic	Performance Cookies (Analytics)	1 Year
Mixpanel
Hotjar

6. DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:

We share your data with third parties, including the advertisers or service providers that help us provide our Services. You can find here information about the categories of such third-party recipients.

CATEGORY OF RECIPIENT	DATA THAT WILL BE SHARED	PURPOSE OF SHARING
Within the Company group	All types of data	We may share information about you with other members within the Company group as part of internal engagements and the related entities (applications, extensions, website, etc.) where we believe, for example, your inquiry is applicable to such entity or where required to meet our legal and regulatory obligations around the group or to offer relevant services and products that may interest you.
Advertisers	Advertising ID	We share this data with our advertising partners, so they will be able to place ads that best suit such user.
Service providers	All types of Personal Data	We employ other companies and individuals to perform functions on our behalf. Examples include: sending communications, processing payments, assessing credit and compliance risks, analyzing data, providing marketing and sales assistance (including advertising and event management), identifying errors and crashes, conducting customer relationship management, and providing training. These third-party service providers have access to Personal Data needed to perform their functions, but they are prohibited from using your Personal Data for any purposes other than providing us with requested services.
Compelled disclosure	Subject to your request	We may share Personal Data, in the event you request us to do so. In such event, the provisions of your Personal Data will be subject to such third parties’ policies and practices only.
Enforcement Of Our Rights and Security Detections.	All types of Personal Data	We may disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required.
Any Acquirer of Our Business	All types of Personal Data	We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.

When we share information with third parties, we ensure they only have access to such information that is strictly necessary for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).

7. USER RIGHTS AND OPT-OUT OPTIONS:

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

For additional rights under various jurisdictions, please refer to Section ‎12 “JURISDICTION-SPECIFIC NOTICES” herein below. For detailed information on your rights and how to exercise your rights, please see the Data Subject Request Form (“DSR”) available HERE or send it to: [email protected].

Further, you may execute certain rights without the need to fill out the DSR Form, such as: You can correct or delete the Contact Information or Account information at any time, through the account settings, You can you can opt-out from receiving our emails by clicking “unsubscribe” link.

To opt out from cross contextual ads you can further use these links: the Network Advertising Initiative’s (“NAI”) website: NAI consumer opt-out and the Digital Advertising Alliance’s (“DAA”) website: DAA opt-out page. Or the European Interactive Digital Advertising Alliance (“EDAA”) website: Your Online Choices page.

8. DATA RETENTION:

We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out.

Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.

9. SECURITY MEASURES:

We work hard to protect the Personal Data we process from unauthorized access, alteration, disclosure, or destruction. We have implemented physical, technical, and administrative security measures for the Services that comply with applicable laws and industry, such as encryption using SSL, we minimize the amount of data that we store on our servers, restricting access to Personal Data to our employees, contractors, and agents, etc. Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.

Please contact us at [email protected] if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

10. INTERNATIONAL DATA TRANSFER:

Our data servers in which we host and store the information are located in the Israel. The Company’s HQ are based in Israel in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM, Salesforce, and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area (“EEA“) is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well-recognized certification schemes.

11. ELIGIBILITY AND CHILDREN PRIVACY:

The Services are not intended for use by children (the phrase “child” shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 13), and we do not knowingly process children’s information. We will discard any information we receive from a user that is considered a “child” immediately upon discovering that such a user shared information with us. Please contact us at: [email protected] if you have reason to believe that a child has shared any information with us.

12. JURISDICTION SPECIFIC NOTICES:

ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) effective November 2020, and as amended by the CPRA, effective January 1, 2023.

Please see the CCPA Privacy Notice which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

ADDITIONAL NOTICE TO COLORADO RESIDENTS

Under the Colorado Privacy Act (“CPA”) if you are a resident of Colorado, acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context), your rights with respect to your personal data are described below.

“Personal Data” as defined in the CPA means: “information that is linked or reasonably linkable to an identified or identifiable individual” and does not include any of the following: publicly available information, de-identified or aggregated consumer, and information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

Sensitive Data includes (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. We do not process or collect any sensitive data.

Section 3 “Data Sets we Collect and for What Purposes” of the Privacy Policy, we describe our collection and processing of personal data, the categories of personal data that are collected or processed, and the purposes. Additionally, in Section 6 “Data Sharing – Categories of Recipients we Share Personal Data With” details the categories of third-parties the controller shares for business purposes.

YOUR RIGHTS UNDER CPA:

Herein below, we will detail how consumers can exercise their rights, and appeal such decision, or if Carambola sells the personal data, or sells the personal data for advertising and how to opt-out.

Right to Access/ Right to Know	You have the right to confirm whether and know the Personal Data we collected on you	You can exercise your right by reviewing this Privacy Policy, in case you would like to receive the Personal Data please fill in this form to receive a copy of your data
Right to Correction	You have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.	You can exercise this right directly through your account or by filling in this form
Right to Deletion	You have the right to delete the Personal Data, this right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) Complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you; (2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) Debug products to identify and repair errors that impair existing intended functionality; (4) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) Comply with the law or legal obligation; (6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (7) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) Make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action.	If you would like to delete your Personal Data please fill in this form You do not need to create an account with us to submit a request to know or delete.
Right to Portability	You have the right to obtain the personal data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.	If you would like to receive the Personal Data please fill in this form to receive a copy of your data we will select a format to provide your Personal Data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
Right to opt out from selling Personal Data	You have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer. You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc.	We do not sell your personal information, so we do not offer an opt out. We may “share” personal information with third parties for personalized advertising purposes. You may indicate your choice to opt-out of the sharing of your personal data with third parties for personalized advertising on third party sites as detailed in Section 7 “Users Rights and Opt Out Options“. To opt out from the use of cookies on our website, please click the “do not sell or share my personal information” in the footer of the website which will enable you to customize the use of cookies on our website.
Right to opt out from Targeted Advertising
Right to opt out from Profiling		We do not profile you, thus we do not need to provide an opt-out.
Right to Appeal	If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. If we deny the appeal, you may contact the Colorado Attorney General using this link: https://coag.gov/office-sections/consumer-protection/ or (720) 508-6000.	Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions.
Duty not to violet the existing laws against discrimination or non-discrimination	Such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices.	We do not discriminate our users.

HOW TO SUBMIT A REQUEST UNDER CPA?

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. If the DSR is submitted by someone other than the consumer about whom information is being requested, proof of authorization (such as power of attorney or probate documents) will be required.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at: [email protected] and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

ADDITIONAL NOTICE TO VIRGINIA RESIDENTS

Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.

“Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. “Personal data” does not include de-identified data or publicly available information. Personal Data does not include de-identified data or publicly available data, and information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

The VCDPA requires Carambola discloses the Categories of data processing and the purpose of each category, as detailed

in Section 3 “Data Sets we Collect and for What Purposes” of the Privacy Policy, the categories of data shared and the third parties with whom it is shared, as detailed in Section 6 “Data Sharing – Categories of Recipients we Share Personal Data With”. Disclosure of sale of data or targeted advertising are detailed in Section 7 “Users Rights and Opt Out Options“ above, and in the DSR Form. Further, the table above under Section B “Additional Notice to Colorado Residents” details the rights you have under VCDPA and how you may exercise your rights.

HOW TO SUBMIT A REQUEST UNDER VCDPA?

We shall respond to your request within 45 days of receipt. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at: [email protected] and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.

ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.

“Personal data” means any information that is linked or reasonably linkable to an identified or identifiable individual. It does not include de-identified data or publicly available information. If further does not include information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

The categories of personal data processed, purpose of processing, are detailed in Section 3 “Data Sets we Collect and for What Purposes”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section 6 “Data Sharing – Categories of Recipients we Share Personal Data With”. Disclosure of sale of data or targeted advertising are detailed in Section 7 “Users Rights and Opt Out Options“ above, and in the DSR Form.

Instructions on how to exercise your rights are detailed in the table above under Section B “Additional Notice to Colorado Residents” details the rights you have under CDPA and how you may exercise your rights.

HOW TO SUBMIT A REQUEST UNDER CDPA?

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 days response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

ADDITIONAL NOTICE TO UTAH RESIDENTS (effective January 2024)

Under the Utah Consumer Privacy Act (the “UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your personal data are described below. “Personal Data” refers that is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data.

Further, the table above under Section B “Additional Notice to Colorado Residents” details the rights you have under CDPA and how you may exercise your rights.

NOTICE TO NEVADA RESIDENTS

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to [email protected]