What information do we collect and for what purpose?
The following chart shows the categories of personal information that we have collected during the past twelve (12) months, the sources of such information, and the business or commercial purposes for which we may use such information. For all categories of personal information collected, we may disclose data to our service providers and other third parties to help us accomplish the business purposes described below.
|Categories of Personal Information||Sources of Personal Information||Business and Commercial Purposes|
|Personal identifiers (e.g. name, address, e-mail address, phone number(s))||
|Commercial information (e.g. services purchased, obtained, or inquired about)||
|Internet or Network Activity (e.g. IP address, browser and operating system, referral URL, pages viewed, date/ time of visit)||
|Inferences drawn from any of these personal information categories (e.g. interest based on analytics)||
Keeping your information safe
We care about the security of your information and use commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information collected through our Service. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce agreements to which you and we are a party.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our employees, customers, or others.
Your specific rights in respect of your personal information if you are located in CaliforniaIf you are located in California, per the CCPA you have the following rights in respect of your personal data that we hold:
- Right of access. You may request access to the personal information that we have collected and maintained about you (along with information regarding its use and disclosure) over the past twelve (12) months upon appropriate verification of identity. You may only make such requests twice (2) per every (12) months.
- Right to deletion. You have the right to request that we delete personal information collected and maintained about you, subject to certain exceptions. Once your request is verified and we have determined that we are required to delete that information in accordance with applicable law, we will delete your personal information accordingly. Your request to delete your personal information may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the CCPA. Please note that a record of your deletion request may be kept pursuant to our legal obligations.
Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfil such request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information, or a person authorized to act on your behalf (e.g. previous transactions of person to whom the request relates).
We will only use the personal information that you have provided in a verifiable request in order to verify your request. As stated above, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. Please note that we may charge a reasonable processing fee or refuse to act on a request if the request is excessive, repetitive, or manifestly unfounded.
If you wish to exercise one of these rights, please contact us at email@example.com and write in the subject line: “CCPA PRIVACY REQUEST – [INSERT NAME]”.
Pursuant to Section 1798.83 of the California Civil Code “Shine the Light” law on data privacy (a separate law from the CCPA), residents of California have the right to obtain certain information about the types of personal information that companies with whom they have established a business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those parties.
If you wish to exercise one of these rights, please contact us at firstname.lastname@example.org and write in the subject line: “SECTION 1798.83 PRIVACY REQUEST – [INSERT NAME]”.
Your specific rights in respect of your personal information if you are located in the EU, UK, or Switzerland
For the purposes of EU data protection laws, SweepLift is a data controller (i.e., the company who is responsible for, and controls the processing of, your personal data). If you are located in the EU, UK, or Switzerland, per the GDPR and UK GDPR you have the following rights in respect of your personal data that we hold:
- Right of access. The right to obtain access to your personal data;
- Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete;
- Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed;
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data;
- Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another;
- Right to object. You have a right to object to processing based on legitimate interests and direct marketing.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa .eu/justice/data-protection/bodies/authorities/index_en.htm .
If you wish to exercise one of these rights, please contact us at email@example.com and write in the subject line: “GDPR PRIVACY REQUEST – [INSERT NAME]”.
Your specific rights in respect of your personal information if you are an international user outside of the United Kingdom, European Union, and Switzerland
If you are receiving Services from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, be advised that through your continued use, which is governed by the law of the United States and this policy, you will be transferring your personal information into the United States and you consent to that transfer. Your information may be stored and processed in any country where we have facilities or in which we engage third party service providers. By using our Services, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country. While this information is outside of your country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
While you do not have the same extensive rights of data access and deletion as users from the EU, UK, and Switzerland, you may still make a privacy request and we will do our best to comply with your request, provided it is no more egregious than the rights given in the GDPR.