Effective date: January 1, 2020. Last reviewed on: July 1, 2020
This notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. Where noted in this notice, the CCPA (as defined below) temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some of its requirements.
Application of CCPA.
This notice pertains to your personal information. Personal information is defined in the California Consumer Privacy Act of 2018 (“CCPA”), and we use that definition within this notice. We will also reference some other terms from the same law, such as "consumer," "business," “service provider,” “business purpose,” or “commercial purpose,” and those also have the definitions set out in that law. When we talk about a “sale,” or “selling,” personal information, we are using the definitions of “sale,” and “sell” as defined in the CCPA. This means that we don’t sell, rent, or otherwise disclose your personal information in exchange for money or something else of value.
CardFlight’s relationship with you under California law
Information we collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
We obtain the categories of personal information listed above from the following categories of sources:
Directly from you.
For example, from forms you complete or products and services you purchase or from communications with you such as when you contact CardFlight (whether in person, by mail, by phone, online, via electronic communication or by any other means).
Indirectly from you.
For example, from observing your actions in connection with your use of the Services.
From other third parties.
From our resellers. We may receive information about you from our independent resellers.
Third party service providers. For example, when you choose to make an electronic payment through a merchant or reseller, we may receive personal information about you from third parties such as payment services providers, for the purposes of that payment.
From other third parties. We may collect information from third parties such as consumer data resellers.
From public sources.
For example, we may collect information from public records.
Sharing of personal information.
We may disclose your personal information to a third party for a business purpose. We use third party service providers to fulfill our obligations under our agreement with you and for our own business purposes. When we do use service providers, we have entered into a written contract that includes terms substantially similar to this notice. We may also sell your personal information to third parties, subject to your right to opt-out of those sales (see “Personal Information Sales Opt-Out” below).
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
We disclose your personal information for a business purpose to the following categories of third parties:Service providers.Resellers.
Sales of Personal Information
In the preceding twelve (12) months, we have sold the following categories of personal information:
We sell your personal information to the following categories of third parties: Resellers
Your access and deletion rights.
Subject to certain exceptions, you may request that certain personal information be deleted, retrieved, or its use restricted by emailing email@example.com so that you may comply with your obligations under the CCPA with respect to responding to requests from consumers. We will provide reasonable and timely assistance to assist you in complying with your obligations with respect to consumer access and deletion requests under the CCPA. If additional assistance requires going above and beyond what Support can provide, further assistance may be at your expense.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
We do not provide these deletion rights for B2B personal information.
Personal Information Sales Opt-Out and Opt-In Rights
If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). Our Services are not intended for minors. We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a verifiable consumer request to us by emailing firstname.lastname@example.org.
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time.
Data retention and deletion of personal information.
If our agreement with you terminates, we will automatically delete any stored personal information thirty days after the termination effective date, except as otherwise required by applicable law. If we must retain any personal information after termination of our agreement with you, we will ensure we maintain the same security protections on such personal information and will ensure that such personal information is processed only as necessary for the purpose specified in this notice and no other purpose.
We will implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information we process. In the event that we become aware of a security breach that involves User Information, we will make reasonable efforts to identify and, to the extent any security incident is caused by our violation of the requirements of this notice, remediate the cause of the security incident. We will provide reasonable assistance to you in the event that you are required by law to notify a regulatory authority or any individuals of a security incident.
Material changes in our practices or in the law.
We may modify this notice where required, such as due to a material change in our business practices with respect to your personal information or due to a material change in the CCPA. If this happens, we will post the updated notice on the Site or through the Services and update the notice’s effective date.
Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.