Credolab supplemental privacy statement for Californian consumers.
Credolab supplemental privacy statement for Californian consumers.
Effective Date: March 24, 2022
Credolab Inc. ("CredoLab", "we", "us" or "our") takes the protection and security of your personal data very seriously.
Please read this Statement if and when an organisation of your choice (our customer) has assigned to us your consent to access your personal data as a part of the services we provide to them.
Capitalised terms used but not defined herein, shall have the meanings ascribed to such terms in California Civil Code § 1798.100, et seq. (together with the regulations thereunder, the “CCPA”), as applicable.
This Statement reflects our good faith understanding of the law and our data practices as of the date posted (set forth above). Accordingly, we may from time-to-time update information in this Statement and other notices regarding our data practices and your rights, modify our methods for responding to your requests, and/or supplement our response to your requests, as we continue to develop our compliance program to reflect the evolution of the law and our understanding of how it relates to our data practices.
If you have any questions about how we use your personal data, please contact our Data Protection Officer by email at email@example.com.
We have offices in several locations, and our registered office address is at 625 E. Twiggs St., Ste. 1000 Tampa, Florida 33602. Our FEIN No. is 87-1093616.
This Statement addresses the following topics:
Your User’s Data may be collected directly from you in three ways:
We may collect the following categories of User’s Data about you:
This still may sound complex, so an example is often the easiest way to explain:
Due to how CredoLab process data, your Personal Information is pseudonymised, therefore it is not possible for CredoLab to identify you as an individual.
Therefore, to exercise any of your rights outlined below, you have to consult with the organisation you have been interacting with (our customer). You will be asked to provide your name, email address, country of residence, state, and request details. A confirmation email shall be sent to the email address you provide to begin the process to verify your identity. To protect your privacy and security the organisation you have been interacting with may require verification of your identity to a high degree of certainty based on information they already have about you. If you cannot meet that standard, we, together with the organisation you have been interacting with, will treat your request as a “categories request” as explained in the next section.
The organisation you have been interacting with (our customer) will be able to provide CredoLab with information to assist in exercising the rights listed below (“Rights”).
While California law also allows for California residents to opt-out of the sale of their PI, we do not sell PI of California Consumers as those terms are defined by the CCPA.
When you submit a request to know or delete your PI to the organisation you have been interacting with(our customer), that organisation is required to verify your request to ensure that the request is not fraudulent (“Verifiable Consumer Request”)”. Thus, upon receiving your request the organisation shall take measures to verify that the request is legitimate. These verification efforts may require additional information from you which may include information you have provided us in the past. For instance, if you have previously provided your name to them, they may ask you for other information (e.g., email address, phone number, or transaction history) so that they can match the new information you provide with the information they have. They may also use other verification methods as the circumstances dictate. If through reasonable efforts they are unable to verify your request to the appropriate degree of certainty, they will notify you. They shall use the PI provided in a Verifiable Consumer Request only to verify your identity or your authority to make the request and to track and document request responses, unless you also gave it to them for another purpose.
Note you can authorise an agent to exercise any of these California privacy rights on your behalf, subject to the agent request requirements of the CCPA. Note that the organisation you have been interacting with (our customer), shall take additional measures to verify the legal authority of your agent.
Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your CCPA rights. In addition, we need not honour any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.
Some PI we maintain about CaliforniaConsumers is not associated with PI about the Consumer for us to be able to verify that it is a particular Consumer’s PI when a Consumer request that requires verification pursuant to the CCPA’s verification standards is made to the organisation you have been interacting with (our customer). If we cannot comply fully with a request, we will explain the reasons in our response, unless we are prohibited from doing so by applicable law.
Together with the organisation you have been interacting with (our customer), we will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose and otherwise use and to respond to your California Consumer rights requests. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants afee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request. As permitted by the CCPA, we are also not required to search for PI not maintained in a searchable or reasonably accessible format that is used for certain internal purposes only, but we apply this exception we will respond to your request with a description of the categories of PI to which this exception applies.
In addition, as explained above, we will reject requests to the extent we and the organisation you have been interacting with (our customer) are not able to sufficiently verify your identity, or your agent’s authority. If we conclude we have a basis for not fully responding to your request, our response to you will explain the basis for the limitation, unless we are prohibited from doing so by applicable law.
California residents also have the right not to receive discriminatory treatment for the exercise of any of the privacy rights conferred by the California Consumer Privacy Act. As of the Effective Date of this CA Statement we did not offer any programs requiring you to limit any of your CCPA rights, or otherwise require you to limit your CCPA rights in connection with charging a different price or rate, or offering a different level or quality of good or service. If we do so, the CCPA requires certain program terms and notices for California Consumer and the material aspects of any such program, and the rights of California participants, will be explained and described in its program terms. Participating in any such programs will be entirely optional. We may add or change programs and/or their terms by posting notice on the program descriptions so check them regularly.