We collect, use, and are responsible for certain personal information about you. When we do so we are subject to various laws in the United States and we are responsible as “controller” of that personal information for the purposes of those laws.
1. Key Terms. “We” or “us” or “our” refers to Birdstone. David Lighty, is our data protection officer and can be reached by mail at Birdstone, 7825 Fay Ave, STE 200, La Jolla, California 92037 or by email at firstname.lastname@example.org.
2. Personal Information We Collect About You. We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
- Audio/video/visual information such as photographs, recorded calls, voicemails, and video.
- Customer records as defined under California Civil Code section 1798.80(e), such as digital and electronic signatures, telephone numbers, insurance policy numbers, credit and credit card numbers, financial and credit-related information, physical characteristics and descriptions (e.g., government identification), bank account numbers, and medical and health insurance information.
- Biometric information such as voice recordings of telephone conversations.
- Sensory data such as audio information from voicemail messages and/or recorded phone calls with consent.
- Personal identifiers such as real name, alias, postal address, IP address, email address, online identifier, social security number, driver’s license number, credit information, cookies, pixel tags, and similar identifiers.
- Inferences that can create a profile about you reflecting your service preferences, psychological trends, predispositions, purchasing tendencies, and behaviors.
- Internet and network activity such as interactions with our website, applications, and advertisements, your IP address, and the dates and times you access our website.
- Professional/employment such as job title, occupation, company or business name, and employment history information.
- Protected classes under California or federal law, such as gender, age, and veteran status.
This personal information is required to provide services to you. If you do not provide the personal information we ask for, it may delay or prevent us from providing services to you.
3. How Your Personal Information is Collected. We collect most of this personal information directly from you—in person, by telephone, text, or email and/or via our website. However, we may also collect information:
- From publicly accessible sources (e.g., property records);
- Directly from a third party (e.g., customer due diligence providers);
- From a third party with your consent (e.g., your bank);
- From cookies on our website; and
- Via our IT systems, including door entry systems and reception logs; automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV, and access control systems, communications systems, email, and instant messaging systems.
4. How and Why We Use Your Personal Information. Under data protection laws, we can only use your personal information if we have a proper reason for doing so, for example:
- To comply with our legal and regulatory obligations;
- For the performance of our engagement with you or to take steps at your request before entering into a contract;
- For our legitimate interests or those of a third party; or
- Where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We use the categories of personal information listed above for one or more of the following business purposes:
- Advertising and Marketing: To send advertisements and marketing material via physical and electronic mail relating to our services.
- Counting Ad Impressions and Website Interactions: To audit interactions with our website, count ad impressions to unique visitors, verify position and quality of ad impressions, and perform similar activities.
- Client Service: To provide client service, respond to your inquiries, provide training for quality assurance purposes, and perform similar activities.
- Defend Against Claims: To defend or respond to potential or actual claims or litigation.
- Fraud Prevention: To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to prosecute those responsible for that activity.
- Processing Transactions: To process or fulfill transactions, verify client information, process payments, and perform similar activities.
- Safety: To protect the safety, security, and legal rights of our clients and third-party service providers.
- Services: To process, complete, and maintain records on the services we provide.
- Other Purposes: To fulfill any other purpose for which you provide information to us or to which you consent.
5. Promotional Communications. We may use your personal information to send updates to you by email, text message, telephone, or mail about our services. We have a legitimate interest in processing your personal information for promotional purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal information with the utmost respect and never sell OR share it with other organizations for marketing purposes. You have the right to opt-out of receiving promotional communications at any time by:
- Contacting us at email@example.com; or
- Using the “unsubscribe” link in emails or “STOP” number in texts or emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
6. With Whom We Share Your Personal Information. We routinely share personal information with:
- Service providers we use to help deliver our services to you, such as payment service providers and mail carriers;
- Other third parties we use to help us run our business, such as marketing agencies or website hosts;
- Our insurers and brokers;
- Our banks.
We only allow our service providers to handle your personal information if we are satisfied that they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you. We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
7. Where Your Personal Information is Held. Information may be held at our offices and those of our third-party agencies, service providers, representatives, and agents as described above.
8. How Long Your Personal Information Will Be Kept. We will keep your personal information while we are providing services to you. Thereafter, we will keep your personal information for as long as is necessary:
- To respond to any questions, complaints, or claims made by you or on your behalf;
- To show that we treated you fairly; or
- To keep records required by law.
9. Your Rights Under the CCPA. When Birdstone is subject to the California Consumer Privacy Act of 2018 (CCPA), you have the right under the CCPA and certain other privacy and data protection laws, as applicable, to exercise free of charge:
|Disclosure of Personal Information We Collect About You||You have the right to know: |
– The categories of personal information we have collected about you;
– The categories of sources from which the personal information is collected;
– Our business or commercial purpose for collecting personal information;
– The categories of third parties with whom we share personal information, if any; and
– The specific pieces of personal information we have collected about you.
– Please note that we are not required to:
– Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
– Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
– Provide the personal information to you more than twice in a 12-month period.
|Personal Information Used for a Business Purpose||In connection with any personal information we may disclose to a third party for a business purpose, you have the right to know the categories of personal information that we disclosed about you for a business purpose. |
You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to opt out of the disclosure of your personal information. If you exercise your right to opt-out of the disclosure of your personal information, we will refrain from disclosing your personal information, unless you subsequently provide express authorization for the disclosure of your personal information.
|Right to Deletion||Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will: |
– Delete your personal information from our records; and
– Direct any service providers to delete your personal information from their records.
– Please note that we may not delete your personal information if it is necessary to:
– Complete the transaction for which the personal information was collected, provide a service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
– Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
– Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
– Comply with the California Electronic Communications Privacy Act;
– Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
– Comply with an existing legal obligation; or
– Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
|Protection Against Discrimination||You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things: |
– Deny services to you;
– Charge different prices or rates for services, including through the use of discounts or other benefits or imposing penalties;
– Provide a different level or quality of services to you; or
– Suggest that you will receive a different price or rate for services or a different level or quality of services.
Please note that we may charge a different price or rate or provide a different level or quality of services to you if that difference is reasonably related to the value provided to our business by your personal information.
10. Keeping Your Personal Information Secure. We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to address any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
11. Information Automatically Collected. We also may collect certain information automatically when you visit our website (“Usage Information”), including:
- Your browser type and operating system;
- Your Internet Protocol (IP) address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area;
- Geolocation information;
- Other unique identifiers, including mobile device identification numbers;
- Sites or mobile apps you used before and after using our website;
- Pages you view and links you click on within our website;
- Information collected through cookies, web beacons, and other technologies;
- Information about your interactions with e-mail messages, such as the links clicked on and whether the messages were opened or forwarded; and
- Standard Server Log Information.
Cookies, Pixel Tags, and Local Shared Objects
Cookies are small bits of information that are stored by your computer’s web browser. You can decide if and how your computer will accept a cookie by configuring your preferences or options in your browser. However, if you choose to reject cookies, you may not be able to use certain online services or features on the website.
Pixel tags are very small images or small pieces of data embedded in images, also known as “web beacons” or “clear GIFs,” that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device.
Local Shared Objects (sometimes referred to as “Flash Cookies”) are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. Please note that you may need to take additional steps beyond changing your browser settings to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe’s Setting Manager page. If you choose to refuse, disable, or delete these technologies, some of the functionality of the website may no longer be available to you.
An embedded script is programming code designed to collect information about your interactions with the website. It is temporarily downloaded onto your device from our web server or a third party with whom we work, is active only while you are connected to the website and deleted or deactivated thereafter.
GPS (global positioning systems) software, geo-filtering, and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting relevant content based on your location.
In-App Tracking Methods
There are a variety of tracking technologies that may be included in mobile applications, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifiers, or other identifiers such as “Ad IDs” to associate app user activity to a particular app and to track user activity across apps. You can stop all collection of information via our mobile applications by uninstalling them. Also, you may be able to exercise specific privacy choices, such as enabling or disabling certain location-based services, by adjusting the permissions in your mobile device.
12. Social Networking Services. Birdstone may work with certain third-party social media providers to offer you their social networking services through our website. For example, you can use third-party social networking services, including but not limited to Facebook, Twitter, and others to share information about your experience on our website with your friends and followers on those social networking services. These social networking services may be able to collect information about you, including your activity on our website. These third-party social networking services also may notify your friends, both on our website and on the social networking services themselves, that you are a user of our website or about your use of our website, in accordance with applicable law and their own privacy policies. If you choose to access or make use of third-party social networking services, we may receive information about you that you have made available to those social networking services, including information about your contacts on those social networking services.
You may choose whether to receive interest-based advertising by submitting opt-outs. Some of the advertisers and service providers that perform advertising-related services for us and our partners may participate in the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. Some of these companies may also be members of the Network Advertising Initiative (“NAI”). You can also opt-out of interest-based advertising within mobile apps based on advertising identifiers on your device (for example, through cross-app tracking). Please be aware that, even if you are able to opt-out of certain kinds of interest-based advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain interest-based advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). Birdstone is not responsible for the effectiveness of, or compliance with, any third parties opt-out options or programs or the accuracy of their statements regarding their programs.
Some web browsers may transmit “do-not-track” signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, Birdstone currently does not take action in response to these signals.
16. International Users. The website is directed toward users who reside in the United States. By using the website, you consent to the collection, storage, processing, and transfer of your information in and to the United States, or other countries and territories, pursuant to the laws of the United States. Some of these countries may not offer the same level of privacy protection as your own. Any such transfers will comply with safeguards as required by relevant law.
18. How to Contact Us. Our contact details are shown below:
- Email us at firstname.lastname@example.org; or
- Write to us at Birdstone, 7825 Fay Ave, STE 200, La Jolla, California 92037.