U.S. State Data Privacy Laws Notice

Overview

The California Consumer Privacy Act of 2018 (“CCPA”) became effective on January 1, 2020, and created a variety of privacy rights for California consumers. Since that time California has amended the CCPA, and additional states have passed laws extending similar privacy rights to their consumers. We use this notice to make disclosures required by these state laws, in addition to information we provide on the DER Security Corp Privacy Policy.

This notice includes the following parts:

  • Transparency:We are transparent about how your personal information is collected, used, disclosed, shared, and sold.
  • Control:We put you in control of your personal information, including accessing, correcting, and deleting your personal information.
  • Benefits to You:We use your personal information to benefit you and to make your experiences better.

Transparency

What Personal Information We Collect and Use

You have the right to know what kinds of personal information DER Security Corp (“DERSec”) collects, how we obtain and use that information, and our business purposes for that collection.

In the bulleted list below, we outline the categories of personal information we collect, the sources of the personal information, our purposes of processing, and the categories of recipients with whom we provide the personal information.

Please see the personal data we collect and the U.S. State Data Privacy sections on our privacy statement for more information. Please see the retention of personal data section of our privacy statement for information on personal data retention criteria.

Categories of Personal Data

  • Name and contact data
    • Sources of personal data: Interactions with users and partners with whom we offer co-branded services
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide our products; respond to customer questions; help, secure, and troubleshoot; and marketing
    • Recipients: Service providers and user-directed entities
  • Credentials
    • Sources of personal data: Interactions with users and organizations that represent users
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide our products; authentication and account access; and help, secure and troubleshoot
    • Recipients: Service providers and user-directed entities
  • Demographic data
    • Sources of personal data: Interactions with users and purchases from data brokers
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide and personalize our products; product development; help, secure, and troubleshoot; and marketing
    • Recipients: Service providers and user-directed entities
  • Payment data
    • Sources of personal data: Interactions with users and financial institutions
    • Purposes of Processing (Collection and Disclosure to Third Parties): Transact commerce; process transactions; fulfill orders; help, secure, and troubleshoot; and detect and prevent fraud
    • Recipients: Service providers and user-directed entities
  • Subscription and licensing data
    • Sources of personal data: Interactions with users and organizations that represent users; third-party storefronts and platforms on which our products are purchased
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide, personalize, and activate our products; customer support; help, secure, and troubleshoot; marketing; and accounting
    • Recipients: Service providers and user-directed entities
  • Interactions
    • Sources of personal data: Interactions with users including data DERSec generates through those interactions
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide and personalize our products; product improvement; product development; marketing; and help, secure and troubleshoot
    • Recipients: Service providers and user-directed entities
  • Content
    • Sources of personal data: Interactions with users and organizations that represent users
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide our products; safety; and help, secure, and troubleshoot
    • Recipients: Service providers and user-directed entities
  • Video or recordings
    • Sources of personal data: Interactions with users and publicly available sources
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide our products; product improvement; product development; marketing; help, secure, and troubleshoot; and safety
    • Recipients: Service providers and user-directed entities
  • Feedback and ratings
    • Sources of personal data: Interactions with users
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide our products; product improvement; product development; customer support; and help, secure, and troubleshoot
    • Recipients: Service providers and user-directed entities

Subject to your privacy settings, your consent, and depending on the products you use and your choices, we may collect, process, or disclose certain personal information that qualifies as “sensitive data” under applicable U.S. state data privacy laws. Sensitive data is a subset of personal information. In the list below, we outline the categories of sensitive data we collect, the sources of the sensitive data, our purposes of processing, and the categories of third party recipients to whom we disclose the sensitive data.

Categories of Sensitive Data

  • Account log-in, financial account, debit or credit card number, and the means to access the account (security or access code, password, credentials, etc.)
    • Sources of sensitive data: Interactions with users and organizations that represent users
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide the product and fulfill requested financial transactions
    • Recipients: Service providers and payment processing providers
  • Precise geo-location information
    • Sources of sensitive data: Users’ interactions with the products
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide the service requested; product improvement; some attributes may be disclosed to third parties to provide the service
    • Recipients: Users and service providers
  • Racial or ethnic origin, religious or philosophical beliefs, or union membership
    • Sources of sensitive data: Communications with users
    • Purposes of Processing (Collection and Disclosure to Third Parties): Conduct research studies to better understand how our products are used and perceived and for the purposes of improving the product experiences
    • Recipients: Service providers
  • Contents of your mail, email, or text messages (where DERSec is not the intended recipient of the communication)
    • Sources of sensitive data: Users’ interactions with the products
    • Purposes of Processing (Collection and Disclosure to Third Parties): Provide our products; improve the product experience; safety; and help, secure, and troubleshoot
    • Recipients: Service providers

How We Share Your Personal Information

You have the right to know if your personal information is provided to third parties. We may provide personal information to have our Service Providers, as defined under applicable U.S. state data privacy laws, perform services specified by written contract. These services may include providing our products and services, customer service, preventing fraud, processing payments, fulfilling orders or transactions, and other services depending on your interaction with us. We may also share your information when you tell us to do so, such as with third-party services or other individuals. In addition, we may disclose personal information for other notified purposes, as permitted by U.S. state data privacy laws.

We make this information available to consumers in the U.S. State Data Privacy sections in our privacy statement.

“Sharing” and personalized ads. We may “share” your personal information with third parties for personalized advertising purposes, as defined under California and other applicable U.S. state laws. “Personalized advertising” in this context means advertisements we believe will be more interesting and useful to you based on your data, including your searches, site visits, and topics you often explore and personal information collected by DERSec. Third parties may use the data we’ve shared with them to show you personalized ads.

In the list below, we outline the categories of data we share for personalized advertising purposes, the types of recipients of the personal data, and our purposes of processing.

Categories of Personal Data

  • Name and contact data
    • Recipients: Third parties that perform online advertising services for DERSec or that use DERSec’s advertising technologies
    • Purposes of Processing: To deliver personalized advertising based on your interests
  • Demographic data
    • Recipients: Third parties that perform online advertising services for DERSec or that use DERSec’s advertising technologies
    • Purposes of Processing: To deliver personalized advertising based on your interests
  • Subscription and licensing data
    • Recipients: Third parties that perform online advertising services for DERSec or that use DERSec’s advertising technologies
    • Purposes of Processing: To deliver personalized advertising based on your interests
  • Interactions
    • Recipients: Third parties that perform online advertising services for DERSec or that use DERSec’s advertising technologies
    • Purposes of Processing: To deliver personalized advertising based on your interests

We Do Not Sell Your Personal Information

You have the right to know whether your personal information is being sold. Your personal information is “sold” when it is provided with a third party for monetary or other valuable consideration for a purpose that is not a “business purpose” as set forth in the CCPA or other U.S. state data privacy laws. Please note a “sale” does not include when we disclose your personal information at your direction, or when otherwise permitted under law.

We Do Not Engage in “Profiling”

You have the right to know whether your personal information is used for “profiling,” utilizing automated decision-making in furtherance of decisions that produce legal or similarly significant effects.  DERSec does not engage in this type of profiling.

Control

Right to Know, Right to Correct, Right to Receive, Right to Delete

You have the right to:

  • Knowwhat specific pieces of personal information DERSec has collected and retained about you, and how we may provide your data to certain third parties, if any.
  • Correctinaccurate personal information DERSec may have retained.
  • Receivea copy of your personal information.
  • Deleteyour personal information.

It is important to note that a valid login is required to access or delete personal information associated with a DERSec account. This safeguard is in place to protect the security of consumers and their data.

If you have made a request to DERSec to know, correct, receive, or delete your personal information and believe your request was denied by DERSec, you can exercise your right to appeal the results of your request by contacting support@dersec.io.

Right to Limit Use of Sensitive Personal Information

Subject to your privacy settings, your consent, and depending on the products you use and your choices, we may collect, process, or disclose certain personal information that qualifies as “sensitive data” under applicable U.S. state data privacy laws. Sensitive data is a subset of personal information.

You have the right to limit the use or disclosure of your sensitive data to the following types of activities, in accordance with applicable U.S. state data privacy laws:

  • Perform the services or provide the goods you reasonably expect
  • Help ensure the security and integrity of our services, systems, and data, to combat malicious deceptive, fraudulent or illegal acts, and to protect the physical safety of individuals, to the extent the processing is reasonably necessary and proportionate
  • For short-term transient use (including non-personalized advertising), so long as the personal data is not disclosed to a third party, is not used for profiling, and is not used to alter an individual’s experience outside the current interaction with DERSec
  • Perform services on behalf of DERSec, such as maintaining accounts, providing customer service, processing, or fulfilling orders/transactions, verifying customer information, processing payments, providing financing, providing analytics, providing storage, and similar services
  • Undertake activities to verify or maintain the quality or safety of, or improve, upgrade, or enhance a service or device owned or controlled by DERSec.
  • Collect or process sensitive data where the collection or processing is not for inferring characteristics about the individual
  • Any other activities in accordance with any future regulations that are issued pursuant to U.S. state data privacy laws

We do not use or disclose your sensitive data for purposes other than those listed above, without your consent, or as permitted or required under applicable laws. So, we do not offer an ability to limit the use of sensitive data.

Right to Opt-out of “Sale” or “Sharing”

DERSec does not sell your personal information, so we do not offer an opt out. DERSec may “share” personal information with third parties for personalized advertising purposes. You may indicate your choice to opt-out of the sharing of your personal data with third parties for personalized advertising on third party sites by emailing support@dersec.io.

Right to Opt-Out of “Profiling”

DERSec does not engage in “profiling” that utilizes your personal information for automated decision-making that produces legal or similarly significant effects.  So, we do not offer an opt-out for this type of profiling.

Benefits to You

Financial Incentives

The CCPA and other U.S. state data privacy laws allow businesses to offer consumers financial incentives for sharing personal information. For example, a business can offer a rewards program or provide a premium service to consumers as compensation for their personal information. Where DERSec offers these programs, your participation is optional. If you choose to participate, your participation will be subject to any applicable terms, and you may withdraw at any time.

Non-Discrimination

U.S. state privacy laws prohibit businesses from discriminating against you for exercising your rights under the law. Such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. The CCPA permits businesses to provide differing levels or quality or different prices where the business can demonstrate that the difference is reasonably related to the value to the business of the consumer’s personal information.

We determine whether someone is a California consumer by IP address.

Certain data may not be provided or may be retained according to the DERSec Privacy Policy, for example, to comply with applicable laws.

This California privacy requests report is updated annually.

As noted above, we do not sell personal information, and do not use or disclose your sensitive data for purposes other than those listed above, without your consent, or as permitted or required under applicable laws. Therefore, we do not offer consumers a way to opt-out of the sale of their personal information or limit the use of their sensitive data.