DataGrail has updated its Privacy Policy to reflect changes in how our sales team collects and processes information with respect to managing its marketing and sales outreach efforts. Consent to such collection shall be obtained as further disclosed in the DataGrail Privacy Policy.
California Consumer Privacy Rights Notice
Effective: January 1, 2021
This California Consumer Privacy Rights Notice (“Notice”) sets forth DataGrail, Inc.’s disclosure obligations under California law, including the California Consumer Privacy Act of 2018 (“CCPA”) and the California Civil Code section 1798.83. This Notice provides the additional details regarding the information defined as ‘personal information’ under applicable California law and related to a California resident or household (“Consumers” and “You”) further referred to as “Personal Information.”
1. Personal Information Collected and Disclosed
DataGrail collects, uses and/or discloses Personal Information as follows:
Personal Information Collected, Used and/or Disclosed for Business Purpose in Preceding 12 Months | |||||
CCPA Category | Collected? | Source of Collection | Business Purpose | Disclosed or Shared for Business Purpose? | Purpose of Disclosure |
Category A Identifiers & B Personal Information
· Name/Alias |
YES |
YOU |
· Performing Services |
Yes; |
Performing Services; |
YES | YOU | · Performing Services
· Data Security |
Yes;
Service Provider |
Performing Services; Auditing; Customer Support; Marketing |
|
· Address | YES | YOU | · Performing Services
· Data Security
|
Yes;
Service Provider |
Data Security; Marketing |
· Cell or Telephone # | YES | YOU | · Performing Services
· Data Security
|
Yes;
Service Provider |
Performing Services; Data Security; Marketing |
· Unique/Online ID (cookies) | YES | YOU/DEVICE | · Analytics
· Auditing |
Yes; Service Provider |
Performing Services; Data Security (abuse prevention) ; Marketing |
· IP Address | YES | DEVICE | · Debugging · Analytics |
Yes;
Service Provider |
Performing Services; Customer Support;
Data Security; |
· Account Name | YES | YOU | · Performing Services · Data Security |
N/A | N/A |
· Social Security # | NO | N/A | N/A | N/A | N/A |
· Driver’s License# | NO | N/A | N/A | N/A | N/A |
· Passport # | NO | N/A | N/A | N/A | N/A |
· Credit or Debit Card # /ACH | YES*
*Token only |
YOU | · Payment Processing | Yes;
Service Provider |
Payment Processing*
Token only |
· Other: Medical/Financial/Health | NO | N/A | N/A | N/A | |
Category C: Protected Characteristics | NO | N/A | N/A | N/A | N/A |
Category D: Commercial Information
· Personal Property Records |
NO | N/A | N/A | N/A | N/A |
· Products/Services Purchased-Obtained-Considered | NO | N/A | N/A | N/A | N/A |
· Purchasing history/tendencies | NO | N/A | N/A | N/A | N/A |
Category E: Biometric Information | Yes*
Audio/visual with consent only |
You | · Sales and Marketing | Yes; Service Provider |
· Sales and Marketing |
Category F: Internet/Network Activity
· Browsing/search history |
YES | Device | · Marketing; · Analytics; |
Yes;
Service Provider |
· Marketing; · Analytics |
Category G: Geolocation data | NO | N/A | N/A
|
N/A | N/A |
Category H: · Audio |
Yes* with consent |
You | · Sales & Marketing | Yes, Service Provider |
· Sales & Marketing |
· Electronic | NO | N/A | N/A | N/A | N/A |
· Visual | Yes*
with consent |
Device | · Sales & Marketing | Yes,
Service Provider |
· Sales & Marketing |
· Thermal | NO | N/A | N/A | N/A | N/A |
· Olfactory | NO | N/A | N/A | N/A | N/A |
· Other Similar | NO | N/A | N/A | N/A | N/A |
Category L: Professional/Employment-Related | NO | N/A | N/A | N/A | N/A |
Category J: Educational Information | NO | N/A | N/A | N/A | N/A |
Category K: Inferences from Data Collected · Preferences |
NO | N/A | N/A | N/A | N/A |
· Characteristics | NO | N/A | N/A | N/A | N/A |
· Psychological Trends | NO | N/A | N/A | N/A | N/A |
· Predispositions | NO | N/A | N/A | N/A | N/A |
· Behavior | NO | N/A | N/A | N/A | N/A |
· Attitudes | NO | N/A | N/A | N/A | N/A |
· Intelligence/Abilities/Aptitudes | NO | N/A | N/A | N/A | N/A |
Other Potential Third Party Disclosures: Personal Information may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) as part of a merger, acquisition, bankruptcy or other transaction in which a third party assumes control of all or part of the business, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies as required by law; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations.
2. Sale of Personal Information
DataGrail does not sell and will not sell your Personal Information —we are not data brokers, and we don’t put your personal data on the open market. However, under the CCPA regulations, some sharing of personal information necessary to provide you with personalized ads may be considered a “sale,” even if no money is exchanged. We aren’t changing how we share your data, but we want to make sure you have choices under the new definition of “sale.”
When you opt out via this link, DataGrail will stop sharing your information with some of its advertising partners. As a result, you may no longer receive personalized offers from DataGrail on some sites or services. We will use the data gathered here only to process your request and for record-keeping as required by the CCPA.
3. Your Consumer Rights Under CCPA – Right to Know About Personal Information Collected, Disclosed, or Sold
California Consumers may contact DataGrail to exercise the following California Privacy Rights:
A. Request DataGrail Disclose at No Charge
-
-
- Specific pieces of personal information it has collected about you;
- categories of Personal Information collected, used, and/or disclosed about you;
- categories of sources from which Personal Information is collected;
- business and/or commercial purposes for collecting and disclosing your Personal Information;
- categories of third parties with whom your Personal Information has been disclosed/shared; and
-
Right to Know Requests can be submitted to DataGrail by email at privacy@datagrai.io or through this webform
B. Request DataGrail Delete At No Charge:
Except as exempted pursuant to CCPA 1798.105, to request DataGrail delete Personal Information.
Deletion Requests can be submitted to DataGrail be email at privacy@datagrai.io, through this webform
C. Verified Request Process
DataGrail will verify all consumer requests prior to taking any action in response to such request. For consumers that maintain an account with DataGrail, it may verify the identity of the consumer making the request by either matching with the account information on file or through existing account authentication credentials. For non-account holders, DataGrail shall verify to a reasonably high degree of certainty, including matching at least three pieces of consumer personal information with that maintained by DataGrail and/or if necessary, by a signed statement by consumer under penalty of perjury that the requestor is the consumer for which personal information is sought.
Under the CCPA, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. Authorized agents must demonstrate they have written authorization from you to make requests on your behalf. DataGrail may additionally require the consumer to confirm their identity and verify the authorized agent’s permission before complying with any request.
D. Consumer Request Limitations
Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the CCPA, including, but not limited to:
-
-
- DataGrail is obligated to disclose/delete only upon a verifiable Consumer request from the consumer or an authorized agent acting on behalf of Consumer.
- Consumers may only make a personal information request twice in a 12-month period.
- Deletion is not required because it is necessary for DataGrail to maintain the Personal Information to fulfill the purposes enumerated in CCPA Section 1798.105
-
DataGrail will confirm and respond to all requests within the timeframe required under the CCPA. In responding to any request to disclose/delete, Company shall maintain a record of the requests as required under the CCPA.
4. Non-Discrimination Policy
You have the right not to receive discriminatory treatment for exercising any rights conferred by the CCPA. DataGrail shall not discriminate against a consumer for exercising any rights under the CCPA, including, but not limited to, (a) denying goods or professional services, (b) charging different prices or rates (including discounts/penalties) that is not directly related to the value provided to DataGrail for the Personal Information, (c) suggesting Consumer will receive a different rate/price or different level of quality of goods/professional services
5. Your California Privacy Rights under California Civil Code Section 1798.83 & Business and Professions Code Section 22581
California law permits Consumers to request and obtain from once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.
In addition, a business subject to California Business and Professions Code Section 22581 must allow any California resident under age 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the data privacy law may not permit or require removal in certain circumstances.
6. Accessibility of this CCPA Policy
- You can download and print a copy of this Notice here
7. Contact Us
Additional detail regarding our collection, use and disclosure of Personal Information, as well as general opt-out rights and other privacy disclosures, is set forth in our general Privacy Policy.
If you have any questions regarding your Personal Information or about our privacy practices, please contact us at:
DataGrail, Inc.
Attention: Privacy Department
164 Townsend Street, Suite 12
San Francisco, CA 94107
This Notice was last updated: March 1, 2021