Application of U.S. Privacy Laws
This section has supplementary information on how we collect, use, disclose, and otherwise process personal information,, either online or offline, in accordance with applicable U.S. state privacy laws and regulations that are currently in effect (collectively, the “US Privacy Laws”). This U.S. Privacy Addendum may be periodically revised and updated as new state data protection laws go into effect.
Categories and sources of personal information, and purposes for collection under the CCPA:
The following is a list of categories of personal information we may have collected and disclosed for a business purpose to third parties (as defined by the CCPA).
Categories of Personal Information |
Sources of Personal Information |
Business Purpose for Collection |
Has the Personal Information been Disclosed to Third Parties? |
Identifiers such as your real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number or other similar identifiers. |
You, your devices, or your organisation, including other users of our Services from your organisation. |
- Performing Services
- Enabling Transactions
- Communicating
- Sending Messages
- Marketing
- Personalization
- Legal and Compliance Obligations
- Security
- Fraud and Incident Prevention
- Connecting Third Party Services
- Contracting Vendors
- Facilitating Payments
- Auditing Interactions
- Debugging
- Transient Use
- Improving Our Services
- Other Notified Purposes
- Internal Research
- Quality Assurance
|
Yes, this may be disclosed to our (1) Marketing or Analytics Providers, but only with your opt-in consent; or (2) our payment processors.
The purpose for such disclosure is to either to: (1) enable our Marketing or Analytics Providers to communicate with you about our Services; or (2) process payment. |
Categories of Personal Information in Cal. Civ. Code Section 1798.80(e), such as bank account number, credit card number, debit card number, insurance policy number. |
You, or your organisation. |
- Enabling Transactions
- Security
- Fraud and Incident Prevention
- Connecting Third Party Services
- Facilitating Payments
- Transient Use
- Other Notified Purposes
|
Yes, this may be disclosed to our payment processors.
The purpose for such disclosure is to enable them to process payment. |
Internet or other electronic network activity information, including browsing history, search history, interaction with an internet-based application, including non-precise geolocation data. |
You, your devices, your organisation, or our third party providers such as analytics providers, internet service providers. |
- Communicating
- Marketing
- Personalization
- Legal and Compliance Obligations
- Security
- Fraud and Incident Prevention
- Improving Our Services
- Other Notified Purposes
- Internal Research
- Quality Assurance
|
Yes, this may be disclosed to our Marketing or Analytics Providers, but only with your opt-in consent.
The purpose for such disclosure is to enable our Marketing or Analytics Providers to communicate with you about our services. |
Audio, electronic, visual, thermal, olfactory, or similar information, such as photographs, video recordings and voice recordings. |
You, only if you choose to provide us with this information. |
- Enabling Transactions
- Communicating
- Sending Messages
- Marketing
- Personalization
- Legal and Compliance Obligations
- Security
- Fraud and Incident Prevention
- Connecting Third Party Services
- Contracting Vendors
- Facilitating Payments
- Auditing Interactions
- Improving Our Services
- Other Notified Purposes
- Internal Research
- Quality Assurance
- Training and monitoring
|
No |
Professional or employment-related information, such as work history and prior employer. |
You, or your organisation. |
- Enabling Transactions
- Communicating
- Sending Messages
- Marketing
- Personalization
- Legal and Compliance Obligations
- Security
- Fraud and Incident Prevention
- Improving Our Services
- Other Notified Purposes
- Internal Research
- Quality Assurance
|
No |
Inferences drawn from any of the information listed above to create a profile about an individual to reflect the individual’s preferences, characteristics, behavior, attitudes. |
You, only if you choose to provide us with your information, or our third party providers such as our analytics providers. |
- Communicating
- Marketing
- Personalization
- Legal and Compliance Obligations
- Security
- Fraud and Incident Prevention
- Improving Our Services
- Other Notified Purposes
- Internal Research
- Quality Assurance
|
Yes, this may be disclosed to our Marketing Providers, but only with your opt-in consent.
The purpose for such disclosure is to enable our Marketing or Analytics Providers to communicate with you about our Services. |
Sensitive personal information meaning personal information that reveals social security, driver’s license, state identification card, passport number, or biometric information. |
You, or your organisation, including other users of our Services from your organisation. |
- Enabling Transactions
- Security
- Fraud and Incident Prevention
|
No |
Please refer to the section titled “Use of your Personal Data” in our General Privacy Notice (above) for additional information on our processing that may apply to you.
1. Categories of personal information sold in the preceding 12 months:
We do not sell any of the categories of personal information, and we have not sold any of your personal information in the past twelve (12) months.
2. Categories of personal information shared (as defined under the CCPA) in the preceding 12 months:
Identifiers, Inferences, Internet and Other Electronic Activity information, which is shared or disclosed, as set out in the table above.
3. Contact information for submitting requests:
Please refer to “How to Make a Privacy Rights Request” in our main General Privacy Notice by clicking here.
4. Erasure rights of individuals:
We take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it unless we are required by law to keep this information for a longer period.
When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
For Data Retention, click here
5. Your US Privacy Rights
Residents of states that currently have US Privacy Laws in effect, may have rights to know, access, correct, delete, limit/opt-out of certain type of processing, or as otherwise set out below:
California residents: Right of access, correct or delete personal information, right to opt out of “sale” and “sharing” of personal information for targeted advertising, limit the use and disclosure of sensitive personal information, and non-discrimination.
Colorado, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Virginia, Montana, Oregon, and Texas residents: Right of access, correct or delete your personal information, right to opt out of sale of personal information and targeted advertising, right to opt out of profiling, no discrimination, right to appeal.
Utah Residents: Right of access or delete personal information, right to opt out of sale of personal information and targeted advertising, no discrimination.
6. Nevada Privacy Notice:
This Nevada Privacy Notice supplements our U.S. Privacy Addendum and applies to Nevada residents only. We do not sell “covered information” for monetary consideration. However, Nevada Law (NRS 603A.300 et seq.) requires us to post the following:
- Nevada consumers may opt out of the sale of “covered information” for monetary consideration to a person for that person to license or sell such information. “Covered information” means any one or more of the following items of personally identifiable information about a consumer: first and last name, home or other physical address which includes the name of a street and the name of a city or town, email address, telephone number, social security number, an identifier that allows a specific person to be contacted either physically or online, or other information maintained in combination with an identifier that makes the information personally identifiable.
- If you are a Nevada resident who has purchased Services from us, you may submit a request to opt out of any potential future sales under Nevada Law by contacting us on our webform to submit such request. Please use “Nevada Do Not Sell” in the subject line. Note we will take reasonable steps to verify your identity and the authenticity of your request.
7. California Shine the Light Law – Direct Marketing Lists:
California Civil Code §1798.83 (“STL”) gives California residents with who have established a business relationship with us the right to ask us to provide them with a list of certain categories of personal information that we have disclosed to certain third parties for their direct marketing purposes (during the immediately preceding calendar year) and the identity of those third parties.
This would apply where we share your personal data with third parties so they can promote their own products—for their direct marketing purposes.
GBG do not disclose customers’ personal information to third parties for direct marketing purposes.
In any case, if you are a California resident and would like to contact us about your rights under STL, please contact us on our webform to submit such request. Please use “CA Shine the Light” in the subject field of your request. Note we may take reasonable steps to verify your identity and the authenticity of your request.