APPLICABILITY: The California Consumer Privacy Act of
2018
(“CCPA”),
the California Privacy Rights Act of 2020 effective January 1, 2023 (“CPRA”),
any other California privacy laws, and this CCPA Notice apply to visitors, users, and
independent
contractors,
and others who are California residents (“consumers” or
“you”).
Any terms defined in the CCPA and CPRA have the same meaning when used in this CCPA Notice.
This CCPA Notice applies to California residents’ Personal Information, which we collect
directly or
indirectly
while you are using our service or in order to provide our services, or employee and
business-to-business
Personal Information.
This CCPA Notice is an integral part of TopViral Privacy Policy, and thus, definitions used herein
shall have
the same meaning as defined in the Privacy Policy.
PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES:
(A) CATEGORIES of PERSONAL information WE COLLECT
We collect Personal Information which is defined under the CCPA as any information that
identifies, relates
to, describes, references, is capable of being associated with, or could reasonably be linked,
directly or
indirectly, with a particular consumer, household or device, all as detailed in the table below.
The
definition of Personal Information further includes Sensitive Personal Information
(“SPI”)
as detailed in the table below.
Personal Information does not include: Publicly available information that is lawfully made
available from
government records, that a consumer has otherwise made available to the public; de-identified or
aggregated
consumer information; information excluded from the CCPA’s or CPRA’s scope, such as: Health or
medical
information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA)
and the
California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal
information
covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA),
the
Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the
Driver’s
Privacy Protection Act of 1994.
TopViral have collected the following categories of Personal Information within the period of the
last
twelve (12) months:
| Category |
Examples |
Collected |
|
A. Identifiers.
|
A real name, alias, postal address, unique personal identifier, online
identifier, Internet
Protocol address, email address, account name, Social Security number, driver's
license number,
passport number, or other similar identifiers.
|
Yes.
Online identifiers, Internet protocol address, real name, email address, account
name.
|
|
B. Personal information categories listed in the California Customer Records
statute (Cal. Civ.
Code § 1798.80(e)).
|
A name, signature, Social Security number, physical characteristics or
description, address,
telephone number, passport number, driver's license or state identification card
number,
insurance policy number, education, employment, employment history, bank account
number, credit
card number, debit card number, or any other financial information, medical
information, or
health insurance information.
Some personal information included in this category may overlap with other
categories.
|
Yes.
Name, email address, address, telephone number.
|
|
C. Protected classification characteristics under California or federal law.
|
Age (40 years or older), race, color, ancestry, national origin, citizenship,
religion or creed,
marital status, medical condition, physical or mental disability, sex (including
gender, gender
identity, gender expression, pregnancy or childbirth and related medical
conditions), sexual
orientation, veteran or military status, genetic information (including familial
genetic
information).
|
No.
|
|
D. Commercial information.
|
Records of personal property, products or services purchased, obtained, or
considered, or other
purchasing or consuming histories or tendencies.
|
Yes.
Conversion related to our Partner’s products or services (where you were directed
to a Partner
Site from our website), associated with Unique Identifier.
|
|
E. Biometric information.
|
Genetic, physiological, behavioral, and biological characteristics, or activity
patterns used to
extract a template or other identifier or identifying information, such as,
fingerprints,
faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other
physical patterns,
and sleep, health, or exercise data.
|
No.
|
|
F. Internet or other similar network activity.
|
Browsing history, search history, information on a consumer's interaction with a
website,
application, or advertisement.
|
Yes.
User's interaction with our website and advertisements.
|
|
G. Geolocation data.
|
Physical location, approximate location derived from IP address or movements.
|
Yes.
Approximate location derived from IP address or provided by the user.
|
|
H. Sensory data.
|
Audio, electronic, visual, thermal, olfactory, or similar information.
|
No.
|
|
I. Professional or employment-related information.
|
Current or past job history or performance evaluations.
|
No.
|
|
J. Non-public education information (per the Family Educational Rights and
Privacy Act (20 U.S.C.
Section 1232g, 34 C.F.R. Part 99)).
|
Education records directly related to a student maintained by an educational
institution or party
acting on its behalf, such as grades, transcripts, class lists, student
schedules, student
identification codes, student financial information, or student disciplinary
records.
|
No.
|
|
K. Inferences drawn from other personal information.
|
Profile reflecting a person's preferences, characteristics, psychological trends,
predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
|
No.
|
|
L. Sensitive personal information.
|
Government-issued identifying numbers, financial account details, genetic data,
precise
geolocation, race or ethnicity, religious or philosophical beliefs, union
membership, mail,
email, text messages, biometric data, health data, and sexual orientation or sex
life.
|
Yes. health-related data derived from users' usage data which
might provide insights regarding users'
protentional medical situation
|
(B) CATEGORIES OF SOURCES OF PERSONAL INFORMATION
We collect Personal Information from the following sources:
- From activity on our website: For example, when we collect
your Usage Data
automatically from
analytic tools.
- Directly from you: For example, from forms you complete (such
as the Data
Subject Request), or
when you contact us.
- From third-parties: For example, when you interact with our
advertising
campaigns.
(C) USE OF PERSONAL INFORMATION
We may use the Personal Information collected (as detailed in the table above and our Privacy Policy), for
the following purposes:
- To fulfill or meet the reason you provided the Personal Information (support, respond to an
inquiry,
receive a quote from a Partner, etc.);
- Monitor and improve our Services;
- Provide our Services;
- Track traffic in order to calculate conversion and business transactions with our Partners;
- Analyzing our Services and your use of the Services and website for internal statistics and
to improve
our Services;
- Advertising and marketing campaigns;
- Respond to law enforcement, comply with our legal obligations and enforce our rights; or
- As otherwise as detailed in our Privacy Policy.
We will not collect additional categories of Personal Information or use the Personal Information
we
collected for materially different, unrelated, or incompatible purposes without providing you
notice.
(D) DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE
We may disclose your Personal Information to a contractor or service provider for a business
purpose. When we
disclose Personal Information for a business purpose, we enter a contract that describes the
purpose and
requires the recipient to both keep that Personal Information confidential and not use it for
any purpose
except performing the contract. We further restrict the contractor and service provider from
selling or
sharing your Personal Information. In the preceding twelve (12) months, we disclosed the
following
categories of Personal Information for a business purpose:
| Business Purpose (as defined under CCPA) |
Category (corresponding with the table above) |
Category of Recipient |
|
Helping to ensure security and integrity of our properties to the extent the use
of your
Personal Information is reasonably necessary and proportionate for these
purposes.
|
Category A
Category B
Category D
Category F
Category G
|
Affiliates, operational partner, security and fraud prevention providers,
operating systems.
|
|
Debugging to identify and repair errors that impair existing intended
functionality.
|
Category A
Category D
Category F
Category G
|
Analytic providers, operational partner, security and fraud prevention providers,
operating systems.
|
|
Performing services on our behalf or service provider, including maintaining or
servicing accounts,
providing customer service, processing or fulfilling orders and transactions,
verifying customer information,
processing payments, providing financing, providing advertising or marketing
services, providing analytic services,
or providing similar services on our behalf or service provider
|
Category A
Category B
Category D
Category F
Category G
|
Payment processors, subsidiaries, affiliated companies, operating systems, CRM,
ERP, customer support, cloud computing and storage vendors, etc.
|
|
Undertaking internal research for technological development and demonstration.
|
Category A
Category B
Category D
Category F
Category G
|
Developers, operating systems, cloud and hosting providers, SaaS platforms for
task management and development, customer support and optimization tools.
|
|
Undertaking activities to verify or maintain the quality or safety of a service
or device that is owned,
or controlled by us, and to improve, upgrade, or enhance the service or device
that is owned or controlled by us.
|
Category A
Category D
Category F
Category G
|
Developers, operating systems, cloud and hosting providers, SaaS platforms for
task management and development, customer support and optimization tools.
|
(E) SALE OR SHARE OF PERSONAL INFORMATION
We do not “sell” information as most people would commonly understand that term, we have not (in
the previous
12 months), do not, and will not, disclose your Personal Information in direct exchange for
money or some
other form of payment.
For retargeting and analytic purposes, when we promote our Services, we use third-party tools
that are able
to market and advertise our Services online (“Advertising Campaigns”), measure
those
Campaigns, identify individuals that are interested in our Services, etc. this is done by
placing cookies,
pixel or other tracking technology on our website and sharing with these vendors the online
identifiers and
online behavior information.
The CCPA defines “sharing” as “communicating orally, in writing, or by electronic or other means,
a
consumer’s personal information” to “a third party for cross-context behavioral advertising,
whether or not
for money or other valuable consideration”. In other words, we may share your Personal
Information with a
third party to help promote our Services, conduct our Advertising Campaigns, and understand your
use of our
website.
In the preceding twelve (12) months, we “sell” or “share” the following categories of Personal
Information
for a business purpose:
|
Category (corresponding with the table above)
|
Category Recipient
|
Purpose of Sale or Share
|
|
Category A
Category F
Category G
|
Marketing tools and vendors.
|
Share for targeted advertising.
|
(F) CHILDREN UNDER AGE 16
We do not knowingly collect information from children under the age of 16.
(G) DATA RETENTION
In general, we retain the Personal Information we collect for as long as it remains necessary
for the
purposes set forth above, all under the applicable regulation, or until you express your
preference to
opt-out, where applicable.
We determine the retention period of each category of Personal Information we collect, according
to the
criteria explained below:
-
For as long as it remains necessary in order to achieve the purpose for which the
Personal
Information was initially collected. For example, if you contacted us, we will retain
your contact
information at least until we will address your inquiry.
-
To comply with our legal and regulatory obligations. For example, if you request to
exercise your
rights, we need to retain certain information indicating we have fulfilled our legal
obligations.
-
To resolve a claim we might have or a dispute with you, including any legal proceeding
between us,
until such dispute will be resolved, and following, if we find it necessary, in
accordance with
applicable statutory limitation periods.
Please note that except as required by applicable law, we will not be obligated to retain your
Personal
Information for any particular period, and we may delete it for any reason and at any time,
without
providing you with prior notice if our intention to do so.
PART II: YOUR RIGHTS UNDER THE CCPA AND HOW YOU CAN
EXERCISE THEM
(H) YOUR RIGHTS UNDER THE CCPA
If you are a California resident, you may exercise certain rights related to your Personal
Information. You may exercise your rights free of charge except as otherwise permitted under applicable law. We
may limit our response to your request to exercise of these privacy rights as permitted under applicable law, by email here.
| California Privacy Right |
Details |
|
The Right to Know What Personal Information the Business Has Collected.
|
The right to know what Personal Information the business has collected about the
consumer,
including the categories of Personal Information, the categories of sources from
which the
Personal Information is collected, the business or commercial purpose for
collecting, selling,
or sharing Personal Information, the categories of third parties to whom the
business discloses
Personal Information, and the specific pieces of Personal Information the
business has collected
about the consumer.
|
|
Deletion Rights.
|
The right to request the business to delete Personal Information that it has
collected from the
consumer, subject to certain exceptions.
|
|
Correct Inaccurate Information
|
The right to request to correct inaccurate Personal Information that a business
maintains about a
consumer.
|
|
Opt-Out of Sharing Personal Information for Cross-Contextual Behavioral
Advertising
|
The right to opt-out of the “sharing” of your Personal Information for
“cross-contextual
behavioral advertising” (also referred to as “interest-based advertising” or
“targeted
advertising”.)
|
|
Opt-Out from Selling Personal Information
|
The right to opt-out of the sale of Personal Information by the business.
|
|
Limit The Use or Disclosure of Sensitive Personal Information
|
Under certain circumstances, If the business uses or discloses SPI, you have the
right to request
to limit the use or disclosure of SPI by the business.
|
|
Opt-Out of The Use of Automated Decision Making
|
In certain circumstances, you have the right to opt-out of the use of automated
decision making
in relation to your Personal Information.
|
|
Non-Discrimination
|
The right not to receive discriminatory treatment by the business for the
exercise of privacy
rights under the CCPA, including an employee’s, applicants, or independent
contractor’s right
not to be retaliated against for the exercise of their CCPA rights, denying a
consumer goods or
services, charging different prices or rates for goods or services, providing
you a different
level or quality of goods or services, etc. We may, however, charge different
prices or rates,
or provide a different level or quality of goods or services, if that difference
is reasonably
related to the value provided to us by your Personal Information.
|
|
Data Portability
|
The right to request a copy of your Personal Information, including specific
pieces of Personal
Information, including, where applicable, to obtain a copy of the Personal
Information you
provided to a business in a portable format.
|
To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.
(I) HOW CAN YOU EXERCISE THE RIGHTS?
You may exercise
your rights by email here. The
instructions for submitting, the general description of
the process, verification requirements, when applicable, including any information the consumer
or
employee must provide are all detailed in the DSR
Note, certain rights can be done by you independently without using the DSR. For example,
depending on your interaction with us:
-
you can opt-out from receiving emails from us by clicking the “unsubscribe” link within the
email; and
Further, opt-out rights can be executed without filling the form:
- through the cookie settings available on our website;
-
through device settings (opt-out from tracking AAID, ADID, please see the following for
information applicable to all devices: https://thenai.org/opt-out/mobile-opt-out/);
-
by using Self-Regulatory Program for Online Behavioral Advertising such as:
Digital Advertising Alliance’s (“DAA”): https://www.aboutads.info/choices
Network Advertising Initiative (“NAI”): https://www.networkadvertising.org/choices.
-
install privacy-controls in the browser's settings to automatically signal the opt-out
preference to all websites you visit (like the “Global Privacy Control”). We honor the
Global
Privacy Control, where applicable, subject to your jurisdiction, as a valid request to
opt-out
of the sharing of information linked to your browser.
(J) AUTHORIZED AGENTS
“Authorized Agents” may submit opt out requests on a consumer’s behalf. If you have chosen to use
an
authorized agent to submit requests, or if you are an authorized agent and you wish to submit a
request on
behalf of a consumer, please follow the procedure detailed below which required prior to
acceptance of any
requests by an authorized agent on behalf of a California consumer. Usually, we will accept
requests from
qualified third parties on behalf of other consumers, regardless of either the consumer or the
authorized
agent’s state of residence, provided that the third party successfully completes the following
qualification
procedures:
-
When a consumer uses an authorized agent to submit a request to know or delete Personal
Information,
a business may require that the consumer will:
-
Provide the authorized agent signed permission to do so or power of attorney.
-
Verify their own identity directly with the business.
-
Directly confirm with the business that they provided the authorized agent
permission to
submit the request.
-
A business may deny a request from an authorized agent that does not submit proof that
they have been
authorized by the consumer to act on their behalf.
(K) NOTICE OF FINANCIAL INCENTIVE
We may, at times, offer you various financial incentives such as promo codes, discounts and
special offers when you register to our
newsletter by providing us with contact information and identifiers such as your name and email
address. When you sign-up for our
newsletter, email list or other discounts and special offers, you opt-in to a financial
incentive. You may withdraw from a financial
incentive at any time by opting out through the unsubscribe link within the email. Generally, we
do not assign monetary or other value
to Personal Information, however, California law requires that we assign such value in the
context of financial incentives.
In such context, the value of the Personal Information is related to the estimated cost of
providing the associated financial
incentive(s) for which the information was collected. You can end program participation at any
time by contacting us at
info@topviral.co to unsubscribe or
cancel your participation in any special offer. We will not discriminate against you,
in any manner prohibited by applicable law, for exercising these rights.
CONTACT US
topviral.co.
info@topviral.co
UPDATES:
This privacy notice was last updated on December 03, 2023, as required under the CCPA,
we will update the CCPA Notice every 12 months. The last
revision date
will be reflected in the “Last Modified” heading at the top of this CCPA Notice.
PART III: OTHER CALIFORNIA RIGHTS AND OBLIGATIONS
Direct Marketing Requests:
California Civil Code Section 1798.83 permits California resident to request certain information
regarding
disclosure of Personal Information to third parties for their direct marketing purposes. To make
such a
request, please use send us an e-mail here.
Do Not Track Settings:
Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we
deal with the “Do Not Track” settings in your browser. As of the effective date listed above,
there is
no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we so
not
respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your
web
browser to indicate that you do not want certain information about your web page visits tracked
and
collected across websites. For more details, including how to turn on Do Not Track,
visit: www.donottrack.us
California’s “Shine the Light” law (Civil Code Section § 1798.83):
permits employees that are
California residents to request certain information regarding our disclosure of personal
information
to third parties for their direct marketing purposes. To make such a request, please send us an e-mail here.
