8. Supplemental U.S. State-Specific Notices – Notice of Collection
This supplemental notice sets forth the disclosures and rights applicable to residents of California, Colorado, Virginia, Connecticut, Nevada and Utah and other state privacy laws. Such consumer privacy notices and rights shall also apply to other state residents to the extent other state consumer privacy laws are implemented following the last effective update to this Privacy Policy.
DataGrail collects, uses and/or discloses Personal Data as follows:
Personal Data Collected, Used and/or Disclosed in Preceding 12 Months
|
Category of Personal Data Collected
|
Categories of Source of Collection
|
Purpose of Use
|
Categories to Whom DataGrail Discloses Personal Data
|
Purpose of Disclosure
|
|
User;
Third Party
|
Performing Services;
Data Security;
Opt-In Newsletters; Marketing Communications;
|
Service Provider
|
Performing Services;
Auditing;
Data Security;
Customer Support;
Marketing
|
|
User;
Third Party
|
Performing Services;
Data Security;
Opt-In Newsletters; Marketing Communications
|
Service Provider
|
Performing Services; Auditing;
Data Security;
Customer Support;
Marketing
|
|
User;
Third Party
|
Performing Services;
Data Security;
|
Service Provider
|
Data Security;
Marketing
|
|
User;
Third Party
|
Performing Services;
Data Security
|
Service Provider
|
Performing Services;
Data Security;
Marketing
|
|
Device
|
Analytics;
Auditing;
Data Security;
Marketing
|
Service Provider
|
Performing Services;
Data Security;
Marketing
|
|
Device
|
Debugging;
Analytics
|
Service Provider
|
Performing Services;
Data Security;
Analytics
|
|
Device
|
Performing Services;
Data Security
|
N/A
|
N/A
|
|
User
*token only
|
Performing Services
|
Service Provider
|
Performing Services
|
|
Third Party
|
Marketing Communications
|
N/A
|
N/A
|
|
User
|
Sales and Marketing
|
Service Provider
|
Sales and Marketing
|
|
Device
|
Marketing;
Analytics;
|
Service Provider
|
Marketing;
Analytics
|
|
N/A
|
N/A
|
N/A
|
N/A
|
|
User
|
Sales & Marketing
|
N/A
|
N/A
|
|
Device
|
Sales & Marketing
|
N/A
|
N/A
|
Professional/Employment-Related
|
N/A
|
N/A
|
N/A
|
N/A
|
DataGrail does not retain a consumer’s Personal Data for longer than is reasonably necessary for each disclosed purpose.
Other Potential Disclosures: Personal Data may also be disclosed to serve our legitimate business interests as follows: (a) as required by law, such as to comply with a subpoena, or similar legal process, (b) as part of a merger, acquisition, bankruptcy or other transaction in which a third party assumes control of all or part of the business, (c) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies as required by law; (d) enforce our agreements with you, and/or (e) investigate and defend ourselves against any third-party claims or allegations.
A. Sale of Personal Data; Sharing of Personal Data; Right to Opt-Out
DataGrail does not and will not sell your Personal Data in the traditional sense. However, DataGrail’s use of personalized advertising related tracking technologies may be considered a “sale” / “sharing” under California (CCPA), Colorado (CPA) and other applicable U.S. consumer privacy laws. Visitors to our U.S. Site can opt-out of having data transmitted to these ad-tech providers by clicking the “My Privacy Choices” link at the bottom of our Site to access available opt-out mechanisms.
You can also submit a request to opt-out through the DataGrail’s Opt-Out Form or by emailing us at [email protected] with the subject line “Do Not Sell or Share.”
Finally, if your browser supports it, you can turn on the Global Privacy Control to automatically opt-out of the “sale” or “sharing” of your personal information.
B. Collection of Sensitive Information
DataGrail does not collect Sensitive Information as defined by applicable laws.
C. Consumer Rights. Consumers may visit DataGrail’s Trust Center or contact DataGrail directly to exercise the following consumer rights:
Request DataGrail Disclose At No Charge (“Right to Know”):
-
Specific pieces of personal information it has collected about you;
-
categories of Personal Data collected, used, and/or disclosed about you;
-
categories of sources from which Personal Data is collected;
-
business and/or commercial purposes for collecting and disclosing your Personal Data;
-
categories of third parties with whom your Personal Data has been disclosed/shared; and
Right to Know Requests can be submitted to DataGrail through the DataGrail’s Privacy Request Form or by email at [email protected].
Request DataGrail to Delete At No Charge (“Right to Delete”):
Deletion Requests can be submitted to DataGrail through the DataGrail’s Privacy Request Form, or by email at [email protected].
D. Request DataGrail Correct At No Charge (“Right to Correct”):
Requests that DataGrail correct any inaccurate Personal Data collected by DataGrail can be submitted by through the DataGrail’s Privacy Request Form, or by mail to [email protected]
E. Verified Request Process
DataGrail will verify all consumer requests prior to taking any action in response to such request. For consumers that maintain an account with DataGrail, it may verify the identity of the consumer making the request by either matching information with the account information on file or through existing account authentication credentials.
Under applicable state law, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. Authorized agents must demonstrate they have written authorization from you to make requests on your behalf. DataGrail may additionally require the consumer to confirm their identity and verify the authorized agent’s permission before complying with any request.
F. Consumer Request Limitations
Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the applicable state laws, including, but not limited to:
-
DataGrail is obligated to disclose/delete only upon a verifiable Consumer request from the consumer or an authorized agent acting on behalf of Consumer.
-
Consumers may only make a personal information request twice in a 12-month period.
-
Deletion is not required if it is necessary for DataGrail to maintain the Personal Data to fulfill applicable permissible purposes enumerated pursuant to applicable state consumer privacy laws.
DataGrail will confirm and respond to all requests within the timeframe required under applicable state law. In responding to any request to disclose/delete, DataGrail shall maintain a record of the requests as required under applicable state law.
G. Non-Discrimination Policy
You have the right not to receive discriminatory treatment for exercising any rights conferred by the CCPA and VCDPA. DataGrail shall not discriminate against a consumer for exercising any statutory consumer privacy rights, including, but not limited to, (a) denying goods or services, (b) charging different prices or rates (including discounts/penalties) that is not directly related to the value provided to DataGrail for the Personal Data, (c) suggesting Consumer will receive a different rate/price or different level of quality of goods/services, or (d) providing a different level of quality of goods/ services.
Employees, applicants and independent contractors have the right not to be retaliated against for the exercise of their CCPA rights.
H. Your Virginia Privacy Rights under VCDPA
If DataGrail is unable to process requests relating to your Personal Data and denies your request, Virginia residents have the right to appeal by emailing DataGrail at [email protected]. DataGrail will respond to your appeal request within 60 days of receiving the request to appeal.
I. Your California Privacy Rights under California Civil Code Section 1798.83 & Business and Professions Code Section 22581
California law permits Consumers to request and obtain from DataGrail once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.
In addition, a business subject to California Business and Professions Code Section 22581 must allow California residents under age 18 who are registered users of online Sites, services or applications to request and obtain removal of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
J. Accessibility of this Policy.
-
You can download and print a copy of this Notice here
K. Contact Us
If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: DataGrail, Inc., Attention: Privacy Department, 225 Bush Street, Suite 360, San Francisco CA 94104 or by email at: [email protected].