[Last Updated: May 30, 2024]
Fattal Hotels Ltd., together with its subsidiaries and affiliated companies and the hotels in the Fattal group (collectively “Fattal”, “Company”, “we” or “us”) is devoted to making sure that your privacy rights are respected, and personal data is collected and used in accordance with the current and applicable privacy and data protection law.
This privacy policy (“Privacy Policy”) explains what data we collect when you (“you”) access, use or interact with any of our websites and digital assets, including https://www.fattal-hotels.com (“Site”) and when you sign up for and use any of our services, including booking a reservation to one of our hotels (“Services“). This Privacy Policy provides details regarding how such data may be used or shared with others, how we safeguard it and how you may exercise your rights related to your Personal Data (as defined below), as required under applicable data protection laws.
This Privacy Policy is an integral part of any other agreement between us and you, including the Terms of Use available here, as incorporated here by reference (“Terms”). Any term not defined herein shall have the meaning ascribed to such term under the Terms or where applicable under the relevant privacy regulation, especially the EU General Data Protection Regulation known as the “GDPR”.
The Privacy Policy applies to our Customers and Visitors (collectively “you”), as further detailed herein:
• “Customer” shall mean an individual, business, or other legal entity purchasing the Fattal Services through the Website or through other means. Any and all Customers must be over 18 years old.
• “Visitor” shall mean any individual browsing the Site, including anyone who uses the Site to join any of our legacy plans or newsletter lists.
Additional Notice to California Residents: In the event you are a California resident – please review our CCPA Notice to learn more about our privacy practices with respect to the California Consumer Privacy Act.
Additional Notice to Specific US States Residents: In the event you are a resident of certain US States, some jurisdiction specific privacy laws may apply to you, as further elaborate under Section 12 below. Please review this section to learn more about our privacy practices and your rights under the privacy and data protection legislation which applies in these specific states.
1. CHANGES TO THE PRIVACY POLICY
We reserve the right to change this Privacy Policy from time to time and in accordance with applicable law. The most recent version of the Privacy Policy will always be posted on the website and the update date will be reflected in the “Last Modified” heading. Any amendments to the Privacy Policy will become effective upon the display of the modified Privacy Policy, unless required otherwise under applicable law.
We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.
2. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION
Under the GDPR, Fattal Hotels Ltd. is the “Data Controller” (as such term is defined under the GDPR) of your Personal Data.
If you have any question, inquiry, request or concern related to this Privacy Policy and our privacy practices or the processing of your Personal Data by us as a Data Controller, you may contact our privacy team as follows:
● By Email – info@fattal.co.il
● By Mail –
o Fattal Hotels Ltd.
o registration number 510678816.
o Address: 94 Yigal Alon St., Tel-Aviv, Israel,
o Email: info@fattal.co.il
o Phone: +972-3-5110016/7
Representative for data subjects in the EU and UK Contact Information:
Contact details of our EU Data Protection Representative (“DPR”) for EU data subjects:
• Sunflower Management GmbH & Co KG
• Address: Landsberger Allee 117A 10407 Berlin.
• Phone Number: +49 (0) 30 – 688 3220
• Email Address: info@leonardo-hotels.com
3. DATA SETS WE COLLECT AND FOR WHAT PURPOSE
You will find below information regarding the types of data we collect, the purposes for which we process your data as well as our lawful basis for processing (where the GDPR applies to your data).
We collect two types of data, depending on your interaction with us:
“Non-Personal Data” meaning aggregated, non-identifiable information, which may be made available or gathered via your access to and interactions with the Services. We are not aware of the identity or other identifiers of the individual from which the Non-Personal Data is collected. The Non-Personal Data being collected may include aggregated usage information, such as views of certain Site pages and actions on the Site, or statistical analysis regarding the use of the Services), as well as technical information transmitted by your device, such as the type of browser or device, type of operation system, device settings and technical software data, etc.
“Personal Data” or “Personal Information” meaning, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual.
For avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.
The tables below detail the processing of Personal Data we collect, the purpose, lawful basis, and processing operations:
VISITORS PERSONAL DATA | ||
LAWFUL BASIS (WHERE THE GDPR APPLIES) |
PURPOSE AND OPERATIONS | DATA SETS |
We process such Contact Details data subject to our legitimate interest in order to respond to your inquiry, and further, as part of our internal record keeping. | We process such Contact Communications data solely for the purpose of contacting you, responding to your inquiries and provide you with the support or information you have requested. The correspondence with you may be processed and stored by us in order to improve our customer service, as well as in the event we reasonably determine it is needed for future assistance or to handle any dispute you might have with us. |
Contact Communications: In the event you contact us for learning more about our Services or with any other inquiry, either through the online forms available on the Site, approaching our call center, by sending us an email or by other means of communications we make available, you will be requested to provide us with your name, email address, phone number, the name of the company on behalf of which you are contacting us, country, and any other information you choose to share with us. (collectively “Contact Communications”) |
We process your member data for fulfilling our contract with you. After termination of your membership, we will keep a record of your data as part of our legitimate interests.
|
We will use this data to provide you, as a member of our special plans, with special offers, discounts, commercial proposals, information regarding our activity, etc. We will collect and retain your data in our systems, use the data for delivering you any such news and proposals, and keep a record of your membership with us. We will use your billing information in relevant cases for charging you the relevant subscription fees.
|
Joining our Legacy Plan If you are interested in becoming a member of any of our legacy plans, such as the “Leonardo Advantage Club” you will be required to provide your full name, ID number, select a preferred month for a discount, email address, date of birth, and phone number, password, and payment details, etc.If any of our plans will require any payment or subscription, we will also collect, retain and process your billing data, in a secure manner under common standards. |
Where we collect Online Identifiers or Site Usage Data for operation and security, we process your data based on our legitimate interest. | We process Online Identifiers and Site Usage Data through our or third-party services and tracking technologies for analytic, marketing and advertising purposes. For example, we process this data to understand how Visitors use our Site, personalize the Services for you and your preferences as well as to measure effectiveness of our features and content. In addition, Site Usage Data helps us to better understand our business, analyze our operations, maintain, improve, design, and develop the Services, conduct statistical analysis, etc. Further, Site Usage Data is used sometimes for operation, Site functionality, security and fraud prevention and debugging purposes, and to resolve technical problems. |
Usage Data and Online Identifiers: When you access our Site or use of our digital assets and Services, we may collect certain online identifiers such as IP address, Device ID, cookie ID and other similar identifiers. We may further collect information related to your use and interaction with our Site such as directing campaign and URLs, pages viewed, access time and date, duration, clickstream, WiFi network, DNS name, screen resolution, device type and model, etc.Where we collect Online Identifies or Site Usage Data for analytic and advertising purposes, we process such data based on your consent which we will obtain through our cookie notice and consent management tool. You may withdraw consent or change your preferences at any time by using the cookie settings tool available on our Site. |
We process such Recruitment Data subject to our legitimate interest. If we process sensitive data to ensure diversity, we will do so upon your explicit consent, which you may withdraw at any time by contacting us. Further, if we reject your application, we will delete the Recruitment Data, unless we have requested your consent to keep you information for a future opportunity or if we are required by law. |
We process Recruitment Data as part of our recruitment and screening efforts to decide whether you can suit a position in Fattal. Further, we may process such data in order to comply with corporate governance and legal and regulatory requirements (including the retention of such information). | Recruitment Data: In the event you are interested in joining our team or apply for a position posted on our Site (through our Careers page), you will be requested to provide us your contact details (such as name, email address, phone number, etc.) and CV. In addition, we may collect further information from public and online sources, referees, and former employers (collectively “Recruitment Data”). |
We process such information subject to our legitimate interest. Direct Marketing is further based on our legitimate interest, you may opt-out at any time through the “unsubscribe” link within the email or by contacting us directly. Please note that if you opt-out swe will not send you our marketing material |
We process such data in order to register you as a recipient of our newsletter, updates and news about Fattal and the Services. We may further process your data to send you needed information related to our webinar as well as additional occasional communications and updates related to our Services, promotional and marketing emails (i.e., Direct Marketing, as defined above). |
Newsletter Registration: In the event you register for our newsletter and other marketing materials you will be requested to provide us with your email address, and any other information you choose to share with us. |
CUSTOMERS PERSONAL DATA | ||
We process such Purchase Information for the fulfillment of the contract between us. After we complete processing your order and after you check out from the hotel, we will keep your booking information as part of our legitimated interests. Some of the data will be retained by us under our legal obligations, such as bookkeeping, tax and custom laws, etc.
|
We will use your information to contact you with respect to your reservation and stay with us, to offer you with deals and other services and asking for your opinion regarding your experience as our customer. Also, we may provide you with the option to revise or cancel your booking.
|
Booking and data regarding your stay with us When placing an order online via the Site, you will need to provide us with information such as full name, email address, number of people in your party and their basic details, hotel name, relevant dates, airport, phone number, ID number, and payment details. The payment is processed through the use of third-party systems, acting under common security standards (PCI-DSS). In addition, during your stay in one of our hotels, we will collect data regarding your stay, your family members, purchases you made during your stay, security video footage, requests, and any other information collected during your stay.Please note that in the event you purchase through our call center, we will process your Purchase Information as well, during the call which is likely to be recorded.We will use and process Purchase Information in order to enable you to purchase our Services and stay in one of our hotels. |
Direct Marketing is based on our legitimate interest, you may opt-out at any time through the “unsubscribe” link within the email or by contacting us directly. Please note that if you opt-out we will not send you our marketing materials however we will continue to send you Services related communications such as communications related to transactions, etc. | We may send you such promotional content, per applicable law, through email or SMS. | Direct Marketing Communications When you subscribe as a Customer, we may use your provided contact information, such as email, phone number, etc., to contact you with occasional communications and updates related to the Services, as well as promotional and marketing emails, offers, materials and other marketing content, through mail, SMS, etc. (“Direct Marketing”). |
We may retain records of your interaction with us even after completing addressing your inquiry as part of our internal record keeping, per our legitimate interest. | Under the GDPR, we process Personal Data for the fulfillment of the contract between us. | Customer Communications: In the event you contact us regarding your reservation and staying with us, support and technical issues, billing or any other matter pertaining to the Services you have purchased, we may collect certain information to address your inquiry and request, such as relevant reservation data, details about your staying, and any other information you choose to share with us.We process such data to respond to your inquiries and provide you with the support or information you have requested. We may do so through the use of our customer management systems, such as CRMs and ERPs, including through the use of third-party SaaS providers used for storage and management of such inquiries. The correspondence with you may be processed and stored by us in order to improve our customer service, as well as in the event we reasonably determine it is needed for future assistance or to handle any dispute you might have with us. |
Where we collect Online Identifiers or Site Usage Data for operation and security, we process your data based on our legitimate interest. | Under the GDPR, where we collect Online Identifies or Site Usage Data for analytic and advertising purposes, we process such data based on your consent which we will obtain through our cookie notice and consent management tool. You may withdraw consent or change your preferences at any time by using the cookie settings tool available on our Site | Usage Data and Online Identifiers: When you use the website, make a reservation or otherwise interact with any of our websites or digital assets as a Customer, we may collect certain online identifiers such as IP address, Device ID, cookie ID and other similar identifiers. We may further collect information related to your use and interaction with our Site such as directing campaign and URLs, pages viewed, access time and date, duration, clickstream, WiFi network, DNS name, screen resolution, device type and model, etc.We process Online Identifiers and Site Usage Data through our or third-party services and tracking technologies for analytic, marketing and advertising purposes. For example, we process this data to understand how Visitors use our Site, personalize the Services for you, offer you upgrades and additional services, keep your preferences as well as to measure effectiveness of our features and content. In addition, Site Usage Data helps us to better understand our business, analyze our operations, maintain, improve, design, and develop the Service, conduct statistical analysis, etc. Further, Site Usage Data is used sometimes for operation, Site functionality, security and fraud prevention and debugging purposes, and to resolve technical problems. |
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ, and we are only responsible for the Personal Data we collect and process as the controller of the Personal Data. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction.
The transfer of Personal Data to third-party countries, as further detailed in the “Data Transfer” Section below, is based on the same lawful basis as stipulated in the table above.
4. HOW WE COLLECT INFORMATION
Depending on the nature of your interaction with the Site and Services, we may collect information as follows:
• Automatically – we may use cookies (as elaborated in the section below) or similar tracking technologies (such as pixels, tags, agent, etc.) to gather some information automatically when interacting with the Site or any of our digital assets and Services.
• Provided by you or about you voluntarily – we will collect information if and when you choose to provide us with the information, such as through online registration, contact us communications, etc. all as detailed in this Privacy Policy.
• Provided to us by third parties – as part of our digital marketing efforts as described hereunder.
5. COOKIES POLICY
When you access or use the Site or the Dashboard, we use “cookies” or similar tracking technologies, which store certain information on your device (i.e., locally stored). The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies are used by us for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and advertising. You can find more information about our use of cookies here: www.allaboutcookies.org.
You can always review the list of Cookies on our Site and control your cookies preferences by the designated cookies tool available on our Site.
Also note that, most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our Site and Services, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. Please refer to the support page of your browser to learn more about how you can adjust your privacy and security settings. Please note that once you choose to opt out or disable cookies, some features of the Services may not operate properly, and your online experience may be limited. In addition, even if you do opt-out, you may still receive some content and advertising, however, it will not be targeted content or advertising.
Where we use third-party advertising cookies, such third-party may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, as well as additional data sets, including to combine such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaign you interacted with. These third parties collect and use this information under their own privacy policies and are responsible for their practices.
6. SHARING INFORMATION WITH THIRD PARTIES
We share your Personal Data with third parties, including our affiliated companies and subsidiaries, as well as service providers that help us provide our Services. You can find in the table below information about the categories of such third-party recipients.
PURPOSE OF SHARING | DATA THAT WILL BE SHARED | CATEGORY OF RECIPIENT |
We share Personal Data with our trusted agents (such as legal counsels) and service providers (including, but not limited to, our Cloud Service Provider, Analytics Service Provider, CRM provider, etc.) so that they can perform the requested services on our behalf. Thus, we share your data with third party entities, for the purpose of storing such information on our behalf, or for other processing needs. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services | All types of Personal Data | Service Providers |
We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy. | All types of Personal Data | Any acquirer of our business |
Fattal operates through various subsidiaries with whom it shares reservation data. In addition, we are associated with Leonardo Hotels chain and as part of that we may share your reservation data with any of the Companies in the Leonardo Group. | All types of Personal Data |
Affiliated companies, including all the companies in the Fattal group and Leonardo hotels group
|
We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose. | Subject to law enforcement authority request | Legal and law enforcement . |
For avoidance of doubt, we may transfer and disclose or otherwise use Non-Personal Information or information which is linked to anonymous random identifiers or information that is aggregated in a non-identifiable way, at its own discretion.
7. DATA RETENTION
We retain the Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable regulation, or until an individual expresses a preference to opt-out.
Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.
8. DATA SECURITY
We work hard to protect the Personal Data we process as part of our Services from unauthorized access, alteration, disclosure, or destruction. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards, such as encryption, access restrictions and permissions, etc.
Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access. Therefore, without derogating from our obligations under applicable law, you remain fully responsible for the security of the data processed through the Services.
9. CROSS BORDER DATA TRANSFER
Any information you provide us with may be transferred to and processed in countries other than the country from which you accessed the Site. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law.
When Personal Data that is collected within the European Economic Area (“EEA“) is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission or relevant applicable law (e.g., UK’s), we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well-recognized certification schemes.
10. YOUR RIGHTS
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.
The table below details some of the principal rights that may apply to (subject to your jurisdiction and additional conditions), how you can exercise them and appeal a decision we take in this regard:
Right to Be Informed | You have the right to be provided with information regarding our Personal Data collection and privacy practices. All is detailed under this Privacy Policy. If you have any additional questions, please contact us as instructed below. |
Right to Know, Access Rights | You have the right to confirm whether we collect Personal Data about you and to know which Personal Data we specifically hold about you, and receive a copy of such or access it. |
Right to Correction/ Rectification | You have the right to request the updating of Personal Data that is not correct, taking into account the nature of the processing and the purposes. |
Right to Be Forgotten, Right to Deletion | You have the right to request the erasure of certain Personal Data if specific conditions are satisfied. This right is not absolute. We may reject your request under certain circumstances, including where we must retain the data in order to comply with legal obligations or defend against legal claims, other legitimate interests such as record keeping with regards to our engagements, completing transactions, providing a good or service that you requested, taking actions reasonably anticipated within the context of our ongoing business relationship with you, fulfilling the terms of a written warranty, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, or prosecuting those responsible for such activities; debugging products to identify and repair errors that impair existing intended functionality; exercising free speech, ensuring the right of another consumer to exercise their free speech rights, or exercising another right provided for by law; and engaging in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent. You do not need to create an account with us to submit a deletion request. |
Right to Restriction of Processing | You may be entitled to limit the purposes for which we process your Personal Data if one of the following conditions are satisfied: where the accuracy of the Personal Data is contested by you, for a period enabling us to verify the accuracy of the Personal Data; where the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead; where we no longer need the Personal Data for the purposes of the processing, but we are required by you to retain it for the establishment, exercise or defense of legal claims; where you objected to processing (as detailed below) pending the verification whether our legitimate grounds override your request. |
Right to Data Portability | You have the right to get a copy of your Personal Data in a portable format and, to the extent technically feasible, readily usable format that allows you to transmit the Personal Data to another entity without hindrance. We will select the format in which we provide your copy. |
Right to Withdraw Consent or Opt-Out (Object) Under the GDPR, and Specifically in the US the Right to Opt-Out From: (i) Selling Personal Data; (ii) Targeted Advertising; and (iii) Profiling & Automated Decision Making |
When the lawful basis for processing your Personal Data is your consent, you may withdraw such consent at any time. For example, you may unsubscribe at any time from our mailing list. You further have the right to object to the processing of Personal Data, in the event the basis for processing is our legitimate interests. However, we will be permitted to continue the processing if our legitimate interests override your rights, or when processing is necessary to establish, exercise, or defend a legal claim or right. You have the right to opt-out from direct marketing, if applicable, by unsubscribing through the email received. We do not profile you in a manner that has a significant effect on you or other individuals, therefore there isn’t an opt-out option. We do not “sell” or “share” information as most people would commonly understand that term. We do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment; however, we do share Personal Data for analytic and marketing purposes, including targeted advertising, when we promote our Site or Services. In most cases we obtain Personal Data collected automatically from our Site and your actions therein through our use of cookies, and do not combine it with your actions on other websites, however, our third-party partners might do so, when providing analytic or advertising services to us. You have the right to opt-out of the “selling” or “sharing” of your Personal Data for “cross-contextual behavioral advertising”, or “targeted advertising”, often referred to as “interest-based advertising” as well. You can exercise these rights by using the cookies setting tool available on our Site. You are able to install privacy-controls in the browser’s settings to automatically signal the opt-out preference to all websites you visit (such as the “Global Privacy Control”). In any event, please keep in mind that opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID and, accordingly, you will need to opt-out on each browser and device you use. Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again. |
If we decline to take action on your request, we will inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable.
Under the GDPR you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK. Such a right also exists under other US state laws, as further detailed below.Right To Appeal or Lodge ComplaintDenying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate against our Visitors or Customers, but we reserve the right to deny a good or service, provide a different level or quality of service, or charge different prices, all subject to applicable laws.
Non-Discrimination
You may exercise any or all of your above rights in relation to your Personal Data by contacting us by mail: info@fattal.co.il.
Certain rights can be easily executed independently by you without approaching us, for example: (i) You can opt-out from receiving our marketing emails by clicking “unsubscribe” link; (iii) You can use the cookie settings tool on our Site to change your preferences.
11. PROTECTING CHILDREN
Our Site as well as the Services are not intended for users under the age of eighteen (18). Therefore, we do not intend and does not knowingly collect directly Personal Data from children, unless such data is being provided voluntarily by the Customer, acting as their presumed legal guardian. Please contact us at: info@fattal.co.il if you have reason to believe that a child has unlawfully shared any information with us.
12. NOTICE TO SPECIFIC US STATES RESIDENTS
General Applicability and Jurisdictions
This section applies to residents of specific US States under applicable specific state laws, including residents of: Connecticut under the Connecticut Data Privacy Act, S.B. 6 (Connecticut 2022); Utah, under the Utah Consumer Privacy Act, Utah Code Ann. § 13-61-101 et seq; Virginia under the Virginia Consumer Data Protection Act, Va. Code Ann. § 59.1-575 et seq. (SB 1392); Colorado under the Colorado Privacy Act (SB 21-190), and starting of July 1, 2024, residents of Texas under the Texas Data Privacy and Security Act (2023); and Oregon under the Consumer Privacy Act (2023), All as amended or superseded from time to time and including any implementing regulations and amendments thereto (“US Privacy Laws”). Any term not defined herein under this section 12 shall the meaning ascribed to such term in the Privacy Policy above or applicable US Privacy Laws.
California residents, please refer to our CCPA Notice.
The specific disclosure hereunder supplements our general Privacy Policy as detailed above and provides additional details to the extent we deem as a “Business” or “Controller” under applicable US Privacy Laws, for example where we process Visitor’s information regarding their use of the Site or any Customer details pertaining to the Services purchased from us.
The Personal Information We Process
Section 3 of this Privacy Policy “Data Sets We Collect and For What Purpose”, we describe our collection and processing of Personal Data, the categories of Personal Data that are collecting and processing, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent.
Please note that in addition to the applicability exclusions detailed above, for the purposes of the disclosure hereunder, personal information does not include Publicly available information from government records and Deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.
Sharing of your Personal Data with Third Parties
Under section 6 to the above Privacy Policy, “Sharing Information with Third Parties”, you will find details regarding the categories of third parties we share Personal Data with for business purposes.
We do not sell your personal information for profit. However, we do engage in targeted advertising on the Site or any of our other digital assets and Services. Some of those marketing activities, when conducted through the use of third parties, may be considered a “sale” or “Share” under certain US Privacy Laws. In this context, As is common practice among companies that operate online, we permit third party advertising networks, social media companies and other third-party businesses to collect information directly from your browser or device through cookies or similar tracking technology when you visit or interact with the Site, for example, for collection of Usage Data. These third parties use this personal information to deliver targeted advertising (also known as “cross-context behavioral advertising”) and personalized content to you on our websites, on other sites and services you may use, and across other devices you may use, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research. To learn more about that, please read Section 5 regarding Cookies. Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit or opt-out of the sale of personal information or the processing of personal information for purposes of targeted advertising, through the use of the Cookie Toolbar on the Site’s footer or as described above.
We do not knowingly sell or share personal information of individuals less than 16 years of age or use or share such information for targeted advertising purposes.
Exercising Your Privacy Rights
Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the rights details under section 10 above, “Your Rights”.
Authorized Agents – In certain circumstances, and subject to applicable US Privacy Laws, you may permit an authorized agent to submit requests on your behalf. The authorized agent must provide a letter signed by you confirming the agent has permission to submit a request on your behalf or must provide sufficient evidence to show that the authorized agent has been lawfully vested with power of attorney. For security purposes, we may need to verify your identity and confirm directly with you that you have provided the authorized agent permission to submit the request, and it may take additional time to fulfill agent-submitted requests. We may deny a request in the event we are not able to verify the authorized agent’s authority to act on your behalf. Please note that for privacy and security reasons, we will direct future communications to the individual on whose behalf the request was made.
We will respond to a verifiable request within the timeframes set by applicable US Privacy Laws. We reserve the right to extend the response time by an additional period as permitted by applicable US Privacy Laws. If we determine that the request warrants a fee, we will tell you why we made such decision and provide you with a cost estimate before completing your request.
Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request, by contacting us as instructed in our response.
We will update this Privacy Policy at least every 12 months.