Effective Date: 24 April 2020
We do. Under the CCPA we are a “Business” and pursuant to the GDPR, Wealthbox is what is known as the “Controller” of the PII that you provide to us. We collect information from you on the Service, and we are responsible for protection of your information.
A. Requested Information.
On various pages on the Website, we may request specific PII about you in order to register you for an account to use our Services, add you to our email list, facilitate your payments for Services, or fulfill your requests for information. You may choose not to provide your PII, but then you might not be able to take advantage of some of the features of our Website and Services. We only collect basic personal data about you that does not include any special types of information (e.g., health-related) as defined in the GDPR. The types of personal information we may collect and save include:
B. Aggregate Information. We may also collect anonymous, non-identifying and aggregate information such as the type of browser you are using, device type, the operating system you are using, and the domain name of your Internet service provider.
C. Location Information. When the Services you request require location-based information, the Website or Services may need to use GPS or other location-based services to identify your physical location. With your consent, the Website or Services may access your device’s calendar, contacts, call history, camera roll, or other device-stored information, in order to facilitate and provide the Services.
We need to collect your personal information so that we can respond to your requests for information and demonstrations or to be added to our emailing lists, and to process your requests for access to and payment for our Services. We also collect aggregate information to help us better design the Website. We collect log information for monitoring purposes to help us to diagnose problems with our servers, administer the Website, calculate usage levels, and otherwise provide services to you.
A. We use the personal information you provide for the purposes for which you have submitted it including:
B. We may use anonymous information that we collect to improve the design and content of our Website, and to enable us to personalize your Internet experience. We also may use this information in the aggregate to analyze how our Website is used, analyze industry trends, as well as to offer you programs or services.
In general, we will not share your personal information except: (a) for the purposes for which you provided it; (b) with your consent, or as you direct; (c) as may be required by law or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another); (d) with other Users, including administrators, of your corporate account, if applicable; or (e) on a confidential basis with persons or organizations with whom we contract to carry out internal site operations, which may include for example, analytical services, or as necessary to render the Services. With your knowledge and consent, we may share your personal information with our business partners, such as our marketing partners and event co-hosts. We may also share aggregate information with others, including affiliated and non-affiliated organizations. Finally, we may transfer your personal information to our successor-in-interest in the event of an acquisition, sale, merger or bankruptcy.
You may elect to share certain personal information with individuals, with the public, or, at your direction, with other entities with whom you have a service account via your use of the Website, Apps, or Services. In this case, you will control such sharing via settings that we provide. For example, the Website or Apps may make it possible for you to publicly share information via social media such as Facebook or Twitter. Be aware that when you choose to share information with friends, public officials, or with the public at large, you may be disclosing sensitive information, or information from which sensitive information can be inferred. Always use caution when sharing information through the Website or Apps. You understand and agree that Wealthbox is not responsible for any consequences of your sharing of information through and beyond the Website or Apps.
After registering for an account on the Website, you may log-in to the account and edit your personal information in your profile. For instructions on how you can further access your personal information that we have collected, or how to correct errors in such information, please send an e-mail to email@example.com. We will also promptly stop using your information and remove it from our servers and database at any time upon your e-mail request. To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access, making corrections or removing your information.
A. After receiving your personal information, we will store it on our Website systems for future use. We have physical, electronic, and managerial procedures in place to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect. Unfortunately, no data transmission over the Internet or data storage solution can ever be completely secure. As a result, although we take industry-standard steps to protect your information (e.g., strong encryption), we cannot ensure or warrant the security of any information you transmit to or receive from us or that we store on our or our service providers’ systems.
B. If you are visiting the Website from outside of the USA, you understand that your connection will be through and to servers located in the USA, and the information you provide will be securely stored in our web servers and internal systems located within the USA.
C. We store your personal information until you request us to remove it from our servers. We store our logs and other technical records indefinitely.
A. To enhance your online experience with us, our web pages may presently or in the future use “cookies.” Cookies are text files that our web server may place on your hard disk to store your preferences. We may use session, persistent, first-party and third-party cookies. Cookies, by themselves, do not tell us your e-mail address or other PII unless you choose to provide this information to us. Once you choose to provide PII, however, this information may be linked to the data stored in the cookie.
C. We or our service providers may also use “pixel tags,” “web beacons,” “clear GIFs” embedded links, and other commonly used information-gathering tools in connection with some Website pages and HTML-formatted email messages for such purposes as compiling aggregate statistics about Website usage and response rates. A pixel tag is an electronic image (often a single pixel), that is ordinarily not visible to website visitors, and may be associated with cookies on visitors’ hard drives. Pixel tags allow us and our service providers to count users who have visited certain pages of the Website, to deliver customized services, and to help determine the effectiveness of our Website and Services. When used in HTML-formatted email messages, pixel tags can inform the sender of the email whether and when the email has been opened.
D. As you use the Internet, you leave a trail of electronic information at each website you visit. This information, which is sometimes referred to as “clickstream data”, can be collected and stored by a website’s server. Clickstream data can reveal the type of computer and browsing software you use and the address of the website from which you linked to the Website. We may use clickstream data as a form of non-personally identifiable information to determine how much time visitors spend on each page of our Website, how visitors navigate through the Website, and how we may tailor our web pages to better meet the needs of visitors. We will only use this information to improve our Website.
Our Terms and Conditions document identifies certain third party websites to which we may provide links that you may click on our Website. Please check the privacy policies of these other websites to learn how they collect, use, store and share information that you may submit to them or that they collect.
If you currently reside in the EEA, the GDPR applies to your PII and you are a Data Subject. The GDPR requires that we, as a Controller, have a legal basis to process your PII.
A. We process your PII under one or more of the following legal bases:
B. Under the GDPR, as a Data Subject you have certain rights. They are:
We do not knowingly collect any information from any minors, and we comply with all applicable privacy laws including the GDPR, the CCPA, USA Children’s Online Privacy Protection Act (“COPPA”) and associated Federal Trade Commission (“FTC”) rules for collecting personal information from minors. Please see the FTC’s website (www.ftc.gov) for more information. If you have concerns about this Website or its Services, wish to find out if your child has accessed our Services, or wish to remove your child’s personal information from our servers, please contact us at firstname.lastname@example.org. Our Website will not knowingly accept personal information from anyone under 13 years old in violation of applicable laws, without consent of a parent or guardian. In the event that we discover that a child under the age of 13 has provided PII to us, we will make efforts to delete the child’s information in accordance with the COPPA. If you believe that your child under 13 has gained access to our Website without your permission, please contact us at email@example.com.
The CCPA applies to our practices with respect to Personal Information of California residents.
Under the CCPA, Consumers have certain rights regarding their Personal Information.
A. California Consumers have the right to request that we disclose personal information we have collected about them in the previous 12 months including, but not limited to, the categories of information collected by us, the source(s) of such information by category, and the purpose for collecting such information. This right may not be exercised more than twice in a 12 month period.
In the previous 12 months, we have collected the following categories of personal information about Consumers:
B. As a California Consumer, you also have the right to request that we tell you which of your Personal Information we have disclosed for a business purpose, or sold, in the previous 12 months, if any. In the past 12 months, we have disclosed Personal Information falling under the following categories of personal information: Identifiers; CCRLPI; Internet/Network Activity; Professional and employment information; and CRM Data.
C. You also have the right to request the deletion of Personal Information that we have collected from you at any time. However, we may not be required to comply such request under several circumstances including, but not limited to, when the data is necessary for the underlying transaction, to comply with applicable law, to detect security incidents, to debug glitches, and for our internal purposes.
D. In the event that you exercise one of your rights under the CCPA, you will not be discriminated by Wealthbox in any way, whether it is through the denial of goods/services, providing you a different level of goods/services, or charging (or suggesting that we will charge) you different prices for the goods/services unless such change in price is reasonably related to the value you receive from your personal information.
E. How do you exercise your rights under the CCPA?
Because we offer the Services exclusively online, you may submit requests to exercise your rights under the CCPA by emailing us at firstname.lastname@example.org, please include “Request for Privacy Information” in the subject line. You can also submit requests by calling us toll-free at 1-800-316-8967.
We will acknowledge receipt of your request within 10 days of receiving it, and use best efforts to respond within 45 days of receipt of your request, but in no event will our response come more than 90 days after your request. If we are unable to provide our response within the first 45 days following your request, we shall notify you as soon as we become aware of the possible delay and provide an explanation of why additional time is needed to respond.
Before we respond to any CCPA based requests relating to your personal information, we may take steps to reasonably verify the identity of the person making the request to make sure it’s you, or your authorized agent (in either case, the “Requestor”). We do this to this avoid disclosing your information to third parties and bad actors, not to inconvenience you in any way. For purposes of verifying identity, we will ask the Requestor to confirm at least two pieces of information that we have in our files. If an agent is acting on behalf of the Consumer, we will also need to verify the agent’s identity and their authority to act on the Consumer’s behalf. As the sensitivity of the information being requested increases, we will ask the Requestor to provide more information to verify their identity and/or authority to make the request. If the identity of the Requestor cannot be reasonably verified, either as the Consumer or their agent, then in order to protect that Consumer, we may not disclose or delete the personal information that is the subject of the request.
Copyright © Starburst Labs, Inc. All rights reserved. The Website is the property of Starburst Labs, and is protected by United States and international copyright, trademark, and other applicable laws. This includes the content, appearance, and design of the Website, as well as the trademarks, product names, graphics, logos, service names, slogans, colors, and designs.