1. PERSONAL INFORMATION CATEGORIES AND SOURCES OF INFORMATION
- Business email
- Publicly available information
- First-hand research
- Submissions from Edinburgh Bright Futures’s customers or freemium product users
- Third-party data vendors
- Directly and indirectly from activity on Edinburgh Bright Futures’s website
- Directly and indirectly from our customers or their representatives
- Directly from vendors and other contractual counterparties
- Through communication with prospective customers and other businesses and their representatives
2. DISCLOSURE OR SALE OF PERSONAL INFORMATION AND THE RIGHT TO OPT-OUT
We sell personal information collected for our database to our customers. This database may contain information about consumers’ business personas including name, employer, job title, email address, phone number, office address, social media or professional profile link, and work or educational history. This information is sold to Edinburgh Bright Futures’s customers for the purpose of business-to-business sales and marketing and recruiting and is provided subject to license agreements that limit its use to those purposes.
A consumer has the right to opt out of the sale of that consumer’s personal information, and sharing for cross-contextual behavioral advertising, by Edinburgh Bright Futures by submitting a request to remove the consumer’s profile or delete the consumer’s data at email@example.com. In order to submit a request, a consumer or an authorized agent will be required to demonstrate that such person has control of an email inbox associated with the profile in question. If such person cannot, then we may be contacted regarding other means of verifying such person’s identity or the authorization of a third party to exercise a consumer’s rights on that consumer’s behalf.
For avoidance of doubt, the personal information disclosed and/or sold by Edinburgh Bright Futures within the identified categories is limited to business contact information related to a consumer’s profile as an employee of its employer. No sensitive personal information (i.e. Social Security number, passport number, medical or financial information) is collected, shared, disclosed, or sold by Edinburgh Bright Futures.
We do not sell the personal information of minors under 16 years of age.
To opt out of any other processing to the extent opt-out is permitted by the State Privacy Laws, please email firstname.lastname@example.org, or standard mail to the address found below.
3. RIGHTS AND CHOICES
The CCPA and VCDPA provides consumers with specific rights regarding their personal information. This section describes a consumer’s rights and explains how to exercise those rights.
ACCESS TO SPECIFIC INFORMATION AND DATA PORTABILITY RIGHTS
A consumer has the right to request that we disclose certain information to that consumer about Edinburgh Bright Futures’s collection and use of that consumer’s personal information over the past 12 months. Once we receive and confirm a consumer’s verifiable consumer request, we will disclose:
- The categories of personal information we collected about that consumer.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about that consumer (also called a data portability request).
DELETION AND REQUEST RIGHTS
A consumer has the right to request that Edinburgh Bright Futures delete any of its personal information that we have collected and retained, subject to certain exceptions. Once we receive and confirm a consumer’s verifiable consumer request, we will delete (and direct our service providers and/or customers to delete) that consumer’s personal information from our records, unless an exception applies.
We may deny a consumer’s deletion request if retaining the information is necessary for us or our service providers or customers to:
- Complete the transaction for which we collected the personal information, provide a good or service that a consumer requested, take actions reasonably anticipated within the context of our ongoing business relationship with that consumer, or otherwise perform our contract with that consumer.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if a consumer previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on a consumer’s relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which a consumer provided it.
EXERCISING ACCESS, DATA PORTABILITY, AND DELETION RIGHTS
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either mail to the address below or contact us at email@example.com.
Only a consumer or a person registered with the California Secretary of State that a consumer authorizes to act on a consumer’s behalf, may make a verifiable consumer request related to a consumer’s personal information. A consumer may also make a verifiable consumer request on behalf of that consumer’s minor child.
A consumer may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows Edinburgh Bright Futures to reasonably verify a consumer is the person about whom we collected personal information or an authorized representative.
- Describe a consumer’s request with sufficient detail that allows Edinburgh Bright Futures to properly understand, evaluate, and respond to it.
We cannot respond to a consumer’s request or provide a consumer with personal information if we cannot verify the consumer’s identity or authority to make the request and confirm the personal information relates to that consumer. Making a verifiable consumer request does not require a consumer to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
RESPONSE TIMING AND FORMAT
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform the consumer of the reason and extension period in writing. We will deliver our written response by mail or electronically. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide a consumer’s personal information that is readily useable and should allow a consumer to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to a consumer’s verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell the consumer why we made that decision and provide the consumer with a cost estimate before completing that consumer’s request.
We will not discriminate against a consumer for exercising any rights under the State Privacy Laws.
CHANGES TO OUR PRIVACY STATEMENT
We reserve the right to amend this privacy statement at our discretion and at any time. When we make changes to this privacy statement, we will provide notification by email or through a notice on our website homepage.