What personal information do we collect?
- We collect personal information directly from users of our content distribution and messaging services including “QP Messenger”, and “QP Network”, each provided via our website at qp.me and through our mobile applications available for download and all other websites, software, and services related thereto (collectively, the “Service”). The types of personal information that we collect are: name, email address, age, phone number, credit card information. Users may also provide additional information by choosing to fill out free-form fields on our Service, if any, and we may also collect and generate information from your access and use of the Service such as performance data of the Service (the “Usage Data”) (collectively, the “personal information”).
- We collect contacts information from users of our applications, if they opt in to allow us access to this data. We use this information to see who they may know on QP, and do not store or share it in any way. This information is constantly synced in the background, even when the applications are closed or not in use.
Is personal information shared or disclosed?
- Personal information provided to us is never sold or rented to other organizations.
- We also use certain third party service providers who may have access to the information we collect for the purpose of providing the Service.
- We may also disclose or share personal information for fraud prevention, and other permitted disclosures under applicable law.
How do we protect personal information?
- We have implemented safeguards to protect personal information under our control, and regularly review our practices to ensure they align with reasonable practices appropriate to the level of sensitivity of the information, in order to safeguard personal information against loss or theft, unauthorized access, alteration or disclosure.
What are the risks?
- Although we take steps to safeguard the personal information under our control, “perfect security” does not exist online or elsewhere. In particular, we cannot guarantee the security of information posted or transmitted using our Service or via email. It is possible that third parties may unlawfully intercept or access such information.
What are your choices?
- You may request access to and review of your personal information in our possession, subject to certain limitations.
- You may also request that we correct or delete your personal information in our possession. We will make best efforts to comply with such requests, subject to certain limitations.
What else should you know?
- We may use processing or storage services provided by third party service providers who may be outside Canada. This means that your information may be transferred to, or stored in, another country and accessible to foreign courts, law enforcement and national security authorities.
- You can contact us with questions, complaints or to access your personal information.
Our Service may contain links to other applications or Internet resources which are provided solely for your convenience and information. When you click on one of those links you are contacting another Internet resource. Quantum Pigeon and our corporate affilaites have no responsibility or liability for, or control over, those other Internet resources or their collection, use and disclosure of your personal information. We encourage you to read the privacy policies of those other Internet resources to learn how they collect and use your personal information.
- If you reside in the European Union (“EU”), the General Data Protection Regulation (“GDPR”) applies to you, so please also review the provisions provided in Annex 1. In the event there is a conflict between the provisions in the body of this Policy and Annex 1, if GDPR applies to you, then the provisions in Annex 1 will take precedence.
- If you reside in the United States and are under age 13 or are a parent or guardian of user under age 13, our disclaimer regarding the Children’s Online Privacy Protection Act (“COPPA”) applies to you, so please also review the provisions provided in Annex 2. In the event there is a conflict between the provisions in the body of this Policy and Annex 2, if COPPA applies to you, then the provisions in Annex 2 will take precedence.
- If you reside in California, the California Consumer Privacy Act (“CCPA”) applies to you so please also review the provisions provided in Annex 3. In the event there is a conflict between the provisions in the body of this Policy and Annex 3, if CCPA applies to you, then the provisions in Annex 3 will take precedence.
If you do not consent to the processing of your personal information in accordance with this Policy, please do not access or continue to use any aspect of the Service or otherwise provide any personal information to us.
For the purposes of this Policy, “personal information” means any identifiable information about an individual, including but not limited to an individual’s name, home address, telephone number, email address, except any other information otherwise exempted by the applicable laws of Canada and other jurisdictions. For example, in Canada, personal information does not include any business contact information that is processed solely to communicate with that person about his or her employment or profession.
The types of information we receive and collect depends on how the our Service is used. We require certain information to deliver our Service and without this we will not be able to provide its Services. For example, a user must provide a mobile phone number to create an account to use our Service.
Our Service has optional features which, if used, requires us to collect additional information to provide such features. You will be notified of such collection, as appropriate. If you choose not to provide the information needed to use a feature, you will be unable to use the feature. For example, sharing location with contacts will not be possible unless we are permitted to collect your location data from a your device. Permissions can be managed through your settings menu on both Android and iOS devices.
As such, when you use our Service we may collect the following personal information from you:
- Contact information such as name, email address, mailing address, and phone number;
- Unique identifiers such as username, profile photo, account number, and password;
- Transaction and payment information;
- Device and connection information such as your hardware model and operating system; and
- Usage Data and cookies.
Your personal information may be collected when:
- You register for an account with us;
- You connect with us through social media;
- You use the features of our Service, including making purchases or sending messages; and
- We collect data from third parties or publicly available sources.
We only collect personal information that we need. We encourage you to not provide us with any personal information beyond what is necessary and as requested by us.
- Collection from Third Parties
- We do not knowingly collect your personal information from a third party unless you consent or we are otherwise exempted, required or permitted by applicable laws to do so.
- If we collect your personal information from a third party, we will only process that information for the specific purpose for which it was provided to us in accordance with this Policy and the policy under which that information was collected.
Links to Other Sites
To the extent that our Service contains links to other sites, the owners of those sites are responsible for the privacy practices or content of those other sites. We do not endorse and will not be responsible for the privacy practices on third party applications.
- Information about Minors
This site is intended solely for users who are 13 years of age or older.
We do not knowingly collect personal information about anyone under the age of 13. No such minor, nor any parent or guardian as it relates to such minor, should submit such minor’s personal information to us through the Service or otherwise for any reason and under any circumstances. By using our Service, you are representing that you are at least 13 years old. Notwithstanding tha above, We comply with the requirements of the COPPA, the FTC’s Rule interpreting COPPA:
- COPPA and its accompanying FTC regulation protects the privacy of American children aged 13 and under, who are using the Internet; and
- the GDPR sets the age at which an EU child can give their own consent in order to process their personal information at 16 years of age.
If you reside in the U.S. and are under age 13 or a parent or guardian of a Service user under age 13, additional provisions regarding the protection of personal information of children aged 13 and under can be found in Annex 2.
Purpose for Which Personal Information is Processed
We may process your personal information for the following purposes (the “Purposes”):
- To verify and authenticate your identity;
- To ensure that the Service is optimized for your use and benefit;
- To analyze user experience and improve the Service;
- To operate, maintain and provide to you the Service and all features and functionality thereof;
- To communicate with you to provide you services, contacts, materials and/or recommendations for your needs as identified by you through phone, email, or the Service;
- To carry out our obligations arising from any contracts entered into between you and us;
- To comply with internal policies and procedures and other legal, accounting, or security requirements; and
- To share your personal information with our employees, contractors, consultants and other third party service providers such as application hosting providers, payment processors or customer service agencies (“Third Party Processors”) who require this information to assist us with establishing, maintaining and managing our relationship with you and optimizing and providing the Service for your use and benefit. Please note that we may change or add Third Party Processors at any time, in our sole discretion, either in Canada or elsewhere. We encourage you to reference this Policy from time-to-time, to obtain updated information. Given the nature of cloud services, personal information may be stored outside Canada, anywhere in the world, and may be accessible to foreign courts, law enforcement and national security authorities in the jurisdiction(s) where it is transferred or stored.
We will only process your personal information for the Purposes for which we intend to process such information. Otherwise, we will not process your personal information without your consent.
Disclosure of Your Personal Information
We may disclose your personal information for the Purposes as described in this Policy in the following ways:
- To our employees and contractors;
- To our business partners;
- To our service providers including application hosting providers, payment processors and customer service agencies; and
- To law enforcement, government or regulatory bodies, or other lawful authorities, as strictly required by law.
Your personal information that we collect may be processed outside of Canada but only in relation to the Purposes. As a result, your personal information may be accessible to law enforcement and regulatory authorities in accordance with other jurisdictions’ applicable laws.
Legal Basis for Processing Your Personal Information
We will process your personal information only with your knowledge and consent, except where exempted, required or permitted by applicable laws. The form of consent may vary depending on the circumstances and the type of information being requested. Your consent may be expressed with clear options to say “yes” or “no”, such as by being asked to check a box to indicate your consent, or implied, such as when you provide us with your address through a form or email seeking information and we use those means to respond to your request. Your consent can also be provided by your authorized representative. Taking into account the sensitivity of your personal information, purposes of collection, and your reasonable expectations, we will obtain the form of consent that is appropriate to the personal information being processed. By using our Service or otherwise by choosing to provide us with your personal information, you acknowledge and consent to the processing of your personal information in accordance with this Policy and as may be further identified when the personal information is collected. When we process your personal information for a new purpose, we will document that new purpose and ask for your consent again.
If you do not consent to the processing of your personal information in accordance with this Policy, please do not access or continue to use any aspect of the Service or otherwise provide any personal information to us.
You may refuse to provide consent or may notify us at any time that you wish to withdraw or change your consent to the processing of your personal information without penalty, subject to legal or contractual restrictions and reasonable notice by (i) changing your privacy preferences through the Service, (ii) deleting your account with the Service and stopping use of the Service, (iii) opting out of the use of your personal information by contacting our Privacy Officer (see Section 10 below). However, if you withdraw or change your consent, we may not be able to provide you with the Service.
Other Legal Bases
Aside from consent, we may also process your personal information under other legal bases, as permitted by the applicable laws.
Security of Personal Information
The security of your personal information is important to us. We protect personal information using physical, technological and organizational safeguards. We regularly review our practices to ensure they align with reasonable industry practices appropriate to the level of sensitivity to safeguard personal information against loss or theft, unauthorized access, alteration or disclosure.
However, no method of transmission over the Internet, or method of electronic storage, is completely secure; as such, despite our safeguards and protocols, we cannot fully guarantee the security of your personal information and you should always exercise caution when disclosing personal information over the Internet.
Messages. We offer end-to-end encryption for our Service. End-to-end encryption means that your messages are encrypted to protect against both Quantum Pigeon and third parties from reading them.
- Undelivered Messages. If a message cannot be delivered immediately (for example, if the recipient is offline), we keep up to 1000 message in encrypted form on our servers for up to 6 months as we try to deliver it. If a message is still undelivered after 6 months, we will delete the messages.
- Media Forwarding. When a user attaches media within a message, we store that media temporarily in encrypted form on our servers to aid in more efficient delivery of additional forwards.
Requests for Access to and Correction of Personal Information
Applicable privacy laws allow, to varying degrees, individuals the right to access or request the correction of errors or omissions in his or her personal information that is in our custody or under our control. You may request access to and review of your personal information in our possession. However, access may be declined where permitted or required by applicable law.
You may request that we change or delete your personal information in our possession. We reserve the right not to change any personal information if we do not agree that it is inaccurate or outdated, but will append any alternative text the individual concerned believes appropriate.
If access cannot be provided, we will notify the individual making the request within 30 days, in writing, of the reasons for the refusal.
We are committed to compliance with Canada’s Anti-Spam Legislation (“CASL”). Any electronic communication we send to outside parties is protected by a range of business procedures, processes and policies to ensure that such communication is done in compliance with CASL. In our electronic communications with outside parties, we comply with the rules established by CASL and enforced by various Canadian authorities including the Canadian Radio-television and Telecommunications Commission. CASL regulates, and our policies generally apply to, each commercial electronic message (a “CEM”) that we send. A CEM is an electronic message sent to an electronic address that, among its purposes, encourages participation in a commercial activity.
In addition to adopting and updating this Policy, we undertake various transparency initiatives to ensure we comply with CASL, which include:
- Consent— we do not send you CEMs without your consent. This consent typically must be “express” (expressly acknowledged by you), but in certain circumstances can be “implied” or specifically exempt from consent requirements. We modified or adopted our sign-up, registration and consent forms in order to ensure that your consent is meaningful (i.e. informed and freely given) as per CASL. When we collect your electronic contact information, you will know the exact purposes behind the collection.
Content— we adopted processes to ensure that our CEMs contain the following requirements prescribed under CASL, which will usually be in the footer of the CEM. We will:
- Identify ourselves as the party sending the CEM, and whether we are sending the message on our own behalf or on behalf of someone else;
- Provide you with our contact information; and
- Set out a clear, working unsubscribe mechanism or preference centre that is easy to use, automatic, and at no cost to you (other than your own cost of connecting to the Internet).
- Clarity— we ensured that each aspect of a CEM, including its header, content, or any links or URLs in the CEM) conveys the appropriate information, whether viewed individually or taken as a whole, so that you always know what you are clicking on.
If you receive a CEM from us but believe that you should not have or no longer wish to receive CEMs, we will aim to respect your preferences in a timely manner once you update them through our unsubscribe mechanism. CASL requires us to process unsubscribe requests within 10 business days. If you have any questions or concerns about our unsubscribe options, you may contact us at the address indicated in Section 10 below.
Retention of Your Personal Information
We generally keep personal information for only as long as it is needed to accomplish the purposes for which it was collected, or as needed for authorized or legitimate purposes. More specifically, we retain personal information as long as necessary for the fulfillment of the identified purposes for its collection or as otherwise necessary to comply with applicable laws or protect our interests. When personal information is no longer necessary or relevant for the identified purposes, or is required to be retained by applicable laws, we will take steps to have it deleted, destroyed, erased, aggregated or made anonymous. We use reasonable industry practices to ensure we have adequate controls, schedules and practices for information and records retention and destruction which apply to personal information.
Updates or Changes to this Policy
This Policy was last updated on February 23, 2021. We will occasionally update this Policy and revise the “last updated” date appearing in this paragraph.
If we make any material changes we will either (a) notify you by email (sent to the email address listed in your account), or (b) provide a notice on the Service or otherwise through the Service before the change becomes effective. Any change to this Policy will apply to existing information, as well as information collected onwards from the date that this Policy is posted or on the date as specified in the notification. We encourage you to periodically review this page for the latest information on our privacy practices to ensure you are aware of any changes. Your continued use of the Service signifies your acceptance of any changes to this Policy.
Contact Information for Privacy Officer
You can direct any questions or concerns regarding our compliance with this Policy and our processing of your personal information to our Privacy Officer by emailing email@example.com.
If you are not satisfied with our Privacy Officer’s response to your question or concern, you may be able to file a complaint under applicable privacy laws. Our Privacy Officer will provide you with the contact information to do so if requested. We strive to offer an accessible and simple complaint procedure. We will promptly investigate all complaints received, and if a complaint is justified, we will take the necessary steps to resolve the issue in question.
Annex 1 – General Data Protection Regulation
The Company is headquartered in Canada. We provide the foregoing disclosure to European Union (“EU”) data subjects.
The Company’s processing of the personal information shall always be in compliance with GDPR and in accordance with the country-specific data protection regulations applicable to the Company.
By means of this Policy, our Company would like to inform you of the nature, scope, and purpose of the personal information we collect, use and process, as defined herein. Specifically, if you are an EU data subject using our Service, you are hereby informed, by means of this section of our Policy, of the rights to which you are entitled, and the recourse you may seek if you have any questions regarding the collection, use, and processing of personal information by the Company.
Your Privacy Rights under the GDPR. The GDPR includes the following rights for you, as an EU data subject, if you provide personal information to the Company in connection with accessing the Service:
- The right to be informed about how we store, use, or share your data;
- The right to access your data;
- The right to rectify your data;
- The right to have us erase your data;
- The right to prevent us from processing your data;
- The right to request copies of your data from us in a commonly-used and machine-readable format, free of charge, for the purposes of transfer to a third party, where technically feasible;
- The right to object to use or sharing of your data; and
- The right not to be subject to automated decision-making, including profiling.
Legitimate Business Interest under the GDPR. Our use of your personal information is based on the legitimate business grounds that:
- The use is necessary for compliance with a legal obligation;
- The use is necessary in order to protect your vital interests or those of another person or entity;
- We have a legitimate interest in using your information – for example, to provide and update our Services, to improve our Services so that we can offer you an even better user experience, to safeguard our Services, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our services, and to personalize your experience; and/or
- You have given us your consent.
Data Retention/Erasure. We will retain your personal information for as long as needed to provide the applicable Services, or for a minimum period of four (4) years. If, at any time after agreeing to this Policy, you: (1) change your mind about receiving information from us; (2) wish to revoke permission for us to retain and use your personal information; (3) wish to object to the processing of your personal information; or (4) wish for us to erase a copy of your data, please make a request to the Company at firstname.lastname@example.org. If you request erasure of your data, we may retain some of your personal information only for legitimate business interests, such as fraud detection, prevention, and enhancing the safety of our Services; and to comply with our legal obligations, specifically our tax, legal reporting, and auditing obligations.
Data Controller. The Company is the “data controller,” as defined under the GDPR, or the legal entity which determines the purposes and means of the processing of personal information of the customers of the Company and users of the Service. The Company is responsible for collecting your consent, managing consent-revoking, enabling right to access, etc. If you wish to revoke consent for us to store, use, or share your personal information, you may contact us at email@example.com.
Data Processor. The Company is the “data processor,” as defined under the GDPR, or the legal entity which processes your personal information. The Company has not retained any third-party service provider to process your personal information. Any processing of personal information shall be done solely by the Company. The Company maintains records of any processing activities it performs, and is able to show how the Company complies with the data protection principles under the GDPR. It has effective policies and procedures in place. If you have questions regarding the processing of your Personal Data, you may contact us at firstname.lastname@example.org.
Data Protection Officer. The Company is not formally required to designate a Data Protection Officer (“DPO”) because it is not: (1) a public authority; (2) an organization that carries out regular and systematic monitoring of individuals on a large scale; or (3) an organization that carries out large scale processing of special categories of data, such as health information or information about criminal convictions. Nonetheless, the Company voluntarily elects to appoint David Miller, as the DPO for this Company. David is responsible for data protection compliance and can answer any questions you may have about your personal information. They may be reached at email@example.com.
Breach. The Company has reasonable internal policies and procedures in place to effectively detect, report, and investigate a data breach. The GDPR defines a personal information breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information.” Pursuant to the GDPR, the Company will notify you of a personal information breach where the personal information breaches are likely to present a risk to data subjects to data protection authorities (“DPAs”) without undue delay, and within 72 hours if feasible, after becoming aware of the breach; and communicate high-risk breaches to affected data subjects without undue delay. In the unfortunate event of breach, the Company shall provide you with: (i) contact details of the DPO or other contact person for the Company, (ii) a description of the nature of the breach, (iii) likely consequences of the breach, (iv) measures the Company has taken or proposes to take to address the breach, and (v) advice on steps data subjects can take to protect themselves.
Note: Data Protection Impact Assessment (DPIA). The Company is not required to undergo a DPIA because the Company’s data processing is not likely to result in a high risk to data subjects, such as in cases where: (1) new technology is being deployed; (2) profiling operations may significantly affect individuals; or (3) processing is on a large scale and involves special categories of data. If you have any questions regarding DPIA compliance by the Company, please contact the Company’s Data Protection Officer, David Miller, at firstname.lastname@example.org.
Complaints. Without prejudice to any other administrative or judicial remedy, every EU data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement of the data subject considers that the processing of personal information relating to him or her infringes this Regulation.
Annex 2 – Children’s Online Privacy Protection Act
For U.S.-based users, we recognize the need to provide further explanation regarding the privacy protections we afford to personal information we may collect from you about your child/children under the age of 13 (“child” or “children”) via our Service. When you sign up your child/children for our Services, we may ask you to include personal information that identifies your child/children.
Second, while we do not knowingly collect a child’s personal information from the child in connection with our Services, to the extent that a user is a child and submits his or her personal information to us via our Services, we take additional steps to protect the child’s privacy, including:
- By way of this Policy, notifying parents about our information practices with regard to children, including the types of personal information we may collect from children, the uses to which we may put that information, and whether and with whom we may share that information;
- In accordance with applicable law, obtaining consent from parents for the collection of personal information from their children, or for sending information about our products and services directly to their children;
- Limiting even inadvertent collection of personal information from children to no more than is reasonably necessary to engage in our services; and
- Giving parents access or the ability to request access to personal information we have collected from their children and the ability to request that the personal information be changed or deleted.
Accordingly, the foregoing PARENTAL NOTICE REGARDING THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT explains our information collection, disclosure, and parental consent practices with respect to information provided by children, and uses terms that are defined throughout this Policy. This policy is in accordance with COPPA. Under COPPA we must provide you with direct notice before collecting personal information from your child. Effective July 1, 2013, the Federal Trade Commission (“FTC”) updated COPPA to reflect changes in technology, and now considers a photograph, video, or audio file containing a child’s image or voice to be a child’s personal information . For more information about COPPA, please visit www.coppa.org. Here, we outline our practices in the United States regarding collection of children’s personal information . For more information about COPPA and general tips about protecting children’s online privacy, please visit OnGuard Online.
Retention of Information. In any instance that we collect personal information from a child, we will retain that information only so long as reasonably necessary to fulfill the provision of our services, or as required by law. In the event we discover we have collected information from a child in a manner inconsistent with COPPA’s requirements, we will either delete the information or immediately seek the parent’s consent for that collection.
Registration. As an adult registering a child with the Company for provision of services, your child/children will have the opportunity to participate in our services. If you do not provide your child/children’s personal information during the registration process, your child will not be able to register to receive our Services.
Again, while we intend for adults to register a child/children for our services, it is entirely possible that a child/children may visit our Services and self-register for an account and/or for our Services without consent from parents or guardians. During the registration process, we may ask the child to provide the same information provided by adult Services users for notification and security purposes, including an email address, the child’s first name and gender, the child’s member or account username, and password. We also may ask for birth dates from children to validate their ages. We strongly advise both adults and children never to provide any personal information in their usernames.
Please note that website visitors who are children can choose whether to share their information with us, but certain access to our Services cannot function without it. As a result, children may not be able to access certain parts of our Services if required information has not been provided. We will not require a child to provide more information than is reasonably necessary in order to engage in our Services.
Consistent with the requirements of COPPA, if we determine that a particular Service user is age 13 or under, we will ask for a parent or guardian email address before we collect any personal information from the child. If you believe your child is participating in an activity on our Service that collects personal information , and you or another parent/guardian have NOT received an email providing notice or seeking your consent, please feel free to contact us at email@example.com. We will not use parent emails provided for parental consent purposes to market to the parent, unless the parent has expressly opted in to email marketing or has separately participated in an activity that allows for such email contact.
Email Contact with a Child. To the extent a child visits the Service and emails the Company from his or her personal email address, the Company will delete this information immediately after responding to the question or request. In connection with certain activities or services, we may collect a child’s online contact information, such as an email address, in order to communicate with the child more than once. In such instances, we will retain the child’s online contact information to honor the request and for no other purpose such as marketing. Whenever we collect a child’s online contact information for ongoing communications, we will simultaneously require a parent or guardian email address in order to notify the parent about the collection and use of the child’s information, as well as to provide the parent an opportunity to prevent further contact with the child.
At any time, you may refuse to permit 1) your child’s participation in the Services, 2) further use of your information or your child/children’s information, or 3) further contact with your child/children, and request that we delete your information or your child/children’s information. To exercise any of your rights, please email us at firstname.lastname@example.org.
In conclusion, your privacy and your child/children’s privacy are important to us. We only share or disclose personal information collected from a child/children in a limited number of instances, including the following:
- We may share information with our service providers if necessary for them to perform a business, professional, or technology support function for us. We may disclose personal information if permitted or required by law, for example, in response to a court order or a subpoena.
- To the extent permitted by applicable law, we also may disclose personal information collected from children (i) in response to a law enforcement or public agency’s (including schools or children services) request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using our sites or applications; (iii) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability.
Annex 3 – California Consumer Privacy Act
California “Shine the Light” Law
Under California Civil Code Section 1798.83, California customers are entitled to request information relating to whether a business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. This code section applies to businesses with 20 or more full or part-time employees.
You may request and obtain from us once a year, free of charge, certain information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to email@example.com.
California Consumer Privacy Act
If you are a California resident, the processing of certain personal data about you may be subject to CCPA and other applicable California state privacy laws. As of January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal data (known as “personal information”, as described under the CCPA).
RIGHT TO KNOW REQUEST – Under the CCPA, you may have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:
- Categories of and specific pieces of personal information we have collected about you.
- Categories of sources from which we collect personal information.
- Purposes for collecting, using, or selling personal information.
- Categories of third parties with which we share personal information.
- Categories of personal information disclosed about you for a business purpose.
- If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.
RIGHT TO DELETE REQUEST – You may also have a right to request that we delete personal information, subject to certain exceptions.
If you are a California resident and would like to make a verifiable request for information about the personal information we have collected about you or a request for deletion of such personal information, please submit your request in writing to firstname.lastname@example.org.