STATS. FM PRIVACY POLICY
[Last Modified: June 20, 2024]
This privacy policy (“Privacy Policy”) describes how StatsFM B. V. ("stats.fm", “Company”, “we”, “our”, or “us”) collects, uses and discloses certain information, including your personal data, and the choices you can make about that. This Privacy Policy constitutes an integral part of our Terms of Use (“Terms”). Capitalized terms used herein however not defined shall have the meaning assigned to them in our Terms.
This Privacy Policy governs the information we collect when you access or use our Stats.fm mobile, web, and desktop applications (collectively, the “App”) and the free or paid services provided therein (“Services”), or our website: https://stats.fm/ ("website"). The Policy will not govern any activity done offline.
In the event you are a California resident, and the California Consumer Privacy Act (“CCPA”) applies to you – please review our CCPA Privacy Notice. If you are a resident of Colorado, Connecticut, Virginia, or Utah, please refer to Part II of this Privacy Policy for additional information about privacy rights for residents of these U. S. jurisdictions.
1. PRIVACY NOTICE:
Before we detail the means and purpose of our data practice, please note these three sections below, they detail how you can reach out to us, how will we publish any amendments and who is eligible to use our App and Services:
1. AMENDMENTS:
We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of the Privacy Policy will always be posted on the website. The updated date of the Privacy Policy will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective within 30-days upon the display of the modified Policy. We recommend you review it periodically to ensure that you understand our most updated privacy practices.
2. CONTACT INFORMATION:
StatsFM B. V., registration number 000046261222, Crommelinbaan 3, 2142 EX Cruquius, the Netherlands ("Controller").
If you have any questions, concerns or complaints regarding this Privacy Policy, or if you wish to exercise your rights, please contact us at:
- By Email: dpo@stats.fm.
- By Mail: Crommelinbaan 3, 2142 EX Cruquius, the Netherlands.
Data Protection Officer "DPO":
The data controller has appointed a data protection officer that can be contacted at: dpo@stats.fm.
UK Data Protection Representative for UK data subjects:
Bt Stats Ltd., company no. 14116765.
Address: 86-90 Paul St. EC2A 4NE, London United Kingdom.
Phone number: +44 1622 37 0886.
Email address: eli@stats.fm.
3. THE INFORMATION WE COLLECT & PURPOSE OF COLLECTION
You can find here information regarding the purposes for which we process your Personal Data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data and how it is technically processed.
Depending on your interaction with our website, App and Services, certain information will be collected, as further detailed below. We may collect the information, either by automatic means and tracking technologies, or when you voluntarily provide us your information, for example, when you register and create an account.
- “Non-Personal Data” - meaning, information which does not identify a specific natural person and cannot reasonably be used for such identification. We collect Non-Personal Data regarding use of the website, App or Services, such as the scope, frequency, time and date you have accessed the website or App, interactions with the content displayed through our website, App or Services, language preference, and other technical information regarding the device used to install. This information is considered as Non-Personal Data when collected on an aggregate basis, or otherwise not combined with any online identifiers.
- “Personal Data” - meaning information that identifies an individual or may with reasonable effort identify an individual. This may include online identifiers such as IP address, name, emails, etc. Personal Data also includes insights based on your preference and behavior, profiling, or other information that is identified with you.
The table below details the processing of Personal Data, the purpose, lawful basis, and processing operations:
| DATA SET | PURPOSE AND OPERATIONS | LAWFUL BASIS |
|---|---|---|
| If you wish to use our App, you will be required to log-in with either your Spotify or Apple Music account (through Spotify or Apple) and connect to our App. We will receive your publicly available information, as you have enabled through such accounts’ settings (e.g., name and email address) (“Account Information”). Once you have completed the registration process and connected your Spotify or Apple Music account, you may choose to share additional information about yourself, such as your age and gender. However, please note that sharing this data is not mandatory for using our app. | We will collect such information to create and activate your account and to be able to provide you with the Services. | We process such Account Information based on contract necessity. |
| We may collect information regarding your use and your interaction with the App and the Services. Such data may include analytic data, click stream data, interests, etc. (“Usage Data”) which are associated with an online identifier and thus, can be considered Personal Data. | We will collect such information to provide you with the Services, improve the App functionality, measurements, etc. | We process such Usage Data based on our legitimate interests. |
| If you choose to use our paid services, the payments will be processed through Apple Pay or Google Pay and Stripe, as applicable (“Payment Providers”). In such event we receive transaction ID or token from the Payment Providers that the payment was made (“Payment Information”). We do not store or process any of credit card or other financial information. | We will collect and use such information in order to enable you to purchase the paid services. | Your Payment Information will be processed according to the applicable Payment Provider policies: Google Pay’s Privacy Policy is available HERE; Apple Pay’s Privacy Policy is available HERE; Stripe’s Privacy Policy is available HERE. |
| If you voluntarily contact us following your interest in our Services, support or other inquiries, through the website or by email, you may be required to provide us with certain information such as your full name, email address, and any additional information you decide to share with us (“Contact Information”). | We will use your contact details and save your contact history with us in order to respond to your inquiry, provide you with support, assistance or any other information requested by you. | We process such Contact Information subject to our legitimate interest in order to respond to your inquiry. Any communication through our Discord server is subject to Discord's separate Privacy Policy and Terms of Use which we recommend you review. |
| If you use our Soulmate Feature, we will be able to profile you based on the music you hear and connect you to other users that have similar taste in music. This feature is optional, you can choose to opt-out at any time. | The profile built solely defines your taste in music, and not your behavior or other information. It is used solely to enable the feature and connect you with other users. | We will process this data based on contract necessity. |
| If you chat and text with another user, we recommend not to include any Personal Data, if you do, it will be subject to this privacy policy. | We process such information in order to enable you to chat with other users. Such chat communication shall be retained until you delete them or until you delete your account. | We will process this data based on contract necessity. |
| In the event you sign up to receive our newsletter or other marketing materials (“Marketing Materials"), you will be requested to provide your contact details, such as email address. | We will use your email in order to send you our newsletter and other Marketing Materials. | We process such Marketing Materials subject to your consent. You may withdraw consent at any time through the “unsubscribe” link within the email or by contacting us directly. |
| On the website, we use our own and third-party cookies, as further detailed below, these cookies provide us with analytic services as well as marketing services. The Personal Data processed is an online identifier, either a cookie agent, the IP address, etc. (“Online Identifiers”). | We will use your Online Identifiers for analytic and marketing purposes. | We will process such data subject to your consent (unless otherwise required by law) through the cookie notice. |
Please note that, the actual processing operation per each purpose of use and lawful basis detailed in the table above, may differ. Such processing operation usually includes set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. Transfer of personal data to third party countries as further detailed in the Data Transfer Section is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on out legitimate interests.
4. HOW WE COLLECT INFORMATION
According to the nature of your interaction with our Services, we may collect information as follows:
- Automatically – we may use cookies, SDKs and similar tracking technologies (as elaborated in the Tracking Technologies Section below) to gather some information automatically when you access the website.
- Provided by you voluntarily – we will collect information if and when you choose to provide us with information, such as when you contact us or share user generated content on our chat feature.
5. COOKIES AND SIMILAR TRACKING TECHNOLOGIES
We use “cookies” and similar tracking technologies such as software developer kits (“SDK”) on our App and Services. A cookie is a small text file that a website places and stores on your device while you are viewing a website. These tracking technologies are very helpful and can be used for various purposes. These purposes include: (i) allowing you to navigate between pages efficiently; (ii) enabling automatic activation of certain features; (iii) remembering your preferences; and (iv) making the interaction between you and our Services quicker and easier. The SDKs and cookies create the opportunity to enhance the App and Services with more functionality, and are further used for performance and analytics purposes (for example, allow us to count visits and traffic sources so we can measure and improve the performance of our Services and marketing campaigns, help us to know which features are the most and least popular, etc.), as well as for marketing and targeting purposes.
The specific cookies, SDK and similar tracking technologies we currently use, purpose of use, their privacy policy and opt-out controls are set forth in the table below:
| COOKIE/SDK/API | PURPOSE | PRIVACY POLICY |
|---|---|---|
| Google Analytics Google AdMob | Analytical & Measurement | www.google.com/policies/privacy/partners https://policies.google.com/technologies/managing?hl=en https://tools.google.com/dlpage/gaoptout For additional information regarding our use of Google products, click here. |
| ironSource | Providing the services | https://www.is.com/privacy-policy/ |
| Purchasely | Providing the services | https://www.purchasely.com/privacy-policy |
| Providing the Services | https://www.facebook.com/privacy/policy/ | |
| Spotify | Providing the Services | https://www.spotify.com/us/legal/privacy-policy/ |
| Apple Music & Apple ID | Providing the services & Registration | https://www.apple.com/legal/privacy/ |
| Firebase | Analytical & Providing the services | https://firebase.google.com/support/privacy |
Note that, some cookies or tracking technologies are classified as “strictly necessary” – meaning, necessary for our Services to function and cannot be switched off. Where we use third-party advertising cookies, such third-party may independently collect, through the use of such tracking technologies, Personal Data and may combine such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaign you interacted with. These third parties collect and use this information under their own privacy policies.
Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our website, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. You may further use your device setting to change your preferences as for tracking technologies and data collection through the App. Please refer to the support page of your browser or device to learn more about how you can adjust your privacy and security settings. Please note that once you choose to opt out or disable cookies, some features of the Services may not operate properly and your online experience may be limited.
6. DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH
We share your data with third parties, including with trusted partners or service providers that help us provide and improve our Services:
| CATEGORY OF RECIPIENT | DATA THAT WILL BE SHARED | PURPOSE OF SHARING |
|---|---|---|
| Trusted agents and service providers | All data, as needed and applicable to the services provides. | We may disclose Personal Data to our trusted agents (such as legal counsel) and service providers (including, but not limited to, Cloud providers, Google Analytics, Firebase Crashlytics, CRM provider, etc.) so that they can perform the requested services on our behalf. These providers are prohibited from using your Personal Data for any purposes other than providing us with requested services. When we share information with services providers, we ensure they only have access to such information that is strictly necessary for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit). |
| Subsidiaries and affiliated companies or any acquirer of our business | All data | We may share Personal Data, internally within our group or in in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy. |
| Legal and law enforcement | Subject to law enforcement authority request. | We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose. |
Where we share Personal Data with services providers and partners, we ensure they only have access to such information that is strictly necessary in order for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).
7. INTERNATIONAL DATA TRANSFER
Our databases are currently located in Germany.
Any Personal Data you provide us may be transferred to and processed in countries other than the country from which you accessed the Services. If you are a resident of the European Economic Area (“EEA“) we will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer outside of the EEA. If you are a resident of a jurisdiction where the transferring of your Personal Data requires your consent, then your consent to this Privacy Policy includes your express consent for such data transfer.
8. DATA RETENTION
The Personal Data we do collect and store, will be retained according to the following criteria: (i) purpose of collection: unless otherwise specified, we retain Personal Data as long as it is necessary and relevant for us to achieve the purposes for which it was collected; (ii) compliance with our legal obligations: we retain Personal Data where we are required to do so in accordance with legal, regulatory, tax or accounting requirements; (iii) dispute, claims and legal proceedings: we retain Personal Data where needed for us to have an accurate record of your dealings with us in the event of any complaints or challenges, and if we reasonably believe there is a prospect of litigation relating to your information or dealings. We may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.
9. SECURITY
We implement extensive security measures to reduce the risks of damage, loss of information and unauthorized access or misuse of Personal Data. We implement appropriate data collection, storage and processing practices and security tools to protect personal data against unauthorized access, alteration, disclosure or destruction. You should be aware that no security measures are completely fail-proof, and it is impossible to prevent any and all threats to the security of data and systems. Therefore, you should be aware that any processing of digital Personal Data holds certain inherent risks, and we cannot guarantee that our services and databases will be immune to any wrongdoings, malfunctions, unauthorized interceptions or access, malware attacks or other kinds of abuse and misuse. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user's name and passwords, please make sure to respond appropriately to protect this information.
Our data processing activities are made in various territories. Where we transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure it is transferred in a secure and protected manner.
10. PRIVACY RIGHTS
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what Personal Data we collect, so that you can make meaningful choices about how it is used. We provide you with the ability to exercise certain choices, rights and controls in connection with your information, which depends on your relationship with Stats.fm, your jurisdiction and the applicable data protection laws that apply to you. The table below details some of the principal rights that may apply to (subject to your jurisdiction and additional conditions), how you can exercise them, as well as how you may appeal a decision we take in this regard.
Note that, as further explained below, some of your rights can be exercised independently through your browser settings, app settings, etc., and to exercise certain rights – you will be requested to submit your request by filling out the Data Subject Request (“DSR”) form available HERE, and send it to our DPO at: dpo@stats.fm.
| Right to be Informed | You have the right to be provided with information regarding our Personal Data collection and privacy practices. All is detailed under this Privacy Policy, however, if you have any questions or you require for additional information, you may exercise your right by submitting the DSR |
|---|---|
| Right to Know, Access Rights | You have the right to confirm whether we collect Personal Data about you, as well as to know which Personal Data we specifically hold about you and receive a copy of such or access it. You may exercise your right by submitting the DSR form. |
| Right to Correction/ Rectification | You have the right to request the updating of Personal Data that is not correct, taking into account the nature of the processing and the purposes. You may exercise your right by submitting the DSR form, and for certain types of Personal Data, you may correct the information directly through the App settings. |
| Right to Be Forgotten, Right to Deletion | You have the right to request the erasure of certain Personal Data if specific conditions are satisfied. This right is not absolute. We may reject your request under certain circumstances, including where we must retain the data in order to comply with legal obligations or defend against legal claims, other legitimate interests such as record keeping with regards to our engagements, completing transactions, providing a good or service that you requested, taking actions reasonably anticipated within the context of our ongoing business relationship with you, fulfilling the terms of a written warranty, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, or prosecuting those responsible for such activities; debugging products to identify and repair errors that impair existing intended functionality; exercising free speech, ensuring the right of another consumer to exercise their free speech rights, or exercising another right provided for by law; engaging in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent. You may exercise your right to deletion through the App setting, or if you don’t have an account or for any other reason by submitting the DSR form. |
| Right to Restriction of Processing | You may be entitled to limit the purposes for which we process your Personal Data if one of the following conditions are satisfied: where the accuracy of the Personal Data is contested by you, for a period enabling us to verify the accuracy of the Personal Data; where the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead; where we no longer need the Personal Data for the purposes of the processing, but we are required by you to retain it for the establishment, exercise or defense of legal claims; where you objected to processing (as detailed below) pending the verification whether our legitimate grounds override your request. You may exercise your right by submitting the DSR form |
| Right to Data Portability | You have the right to get a copy of your Personal Data in a portable format and, to the extent technically feasible, readily usable format that allows you to transmit the Personal Data to another entity without hindrance. We will select the format in which we provide your copy. You may exercise your right by submitting the DSR form |
| Right to Withdraw Consent/Opt-Out/Object. Specifically in the US the Right to Opt-Out From: (i) Selling Personal Data; (ii) Targeted Advertising; and (iii) Profiling. | When the lawful basis for processing your Personal Data is your consent, you may withdraw such consent at any time. This can be done by submitting the DSR form, however, for certain Personal Data processing, your rights can be exercised independently. For example, you may unsubscribe at any time from our mailing list using the “unsubscribe” link included in the message. You further have the right to object to the processing of Personal Data, in the event the basis for processing is our legitimate interests. However, we will be permitted to continue the processing if our legitimate interests override your rights, or when processing is necessary to establish, exercise, or defend a legal claim or right. We do not profile you in a manner that has a significant effect on you or other individuals, therefore there isn’t an opt-out option. We do not “sell” or “share” information as most people would commonly understand that term. We do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment; however, we do share Personal Data for analytic and marketing purposes, including targeted advertising, when we promote our website, App or Services. In most cases we obtain Personal Data collected automatically from our website, through our use of cookies, and do not combine it with your actions on other websites, however, our third-party partners might do so, when providing analytic or advertising services to us. You have the right to opt-out of the “selling” or “sharing” of your Personal Data for “cross-contextual behavioral advertising”, or “targeted advertising”, often referred to as “interest-based advertising” as well. You can exercise these rights as detailed in the “Cookies and Tracking Technologies” section above. You can install privacy-controls in the browser's settings to automatically signal the opt-out preference to all websites you visit (such as the “Global Privacy Control”). In any event, please keep in mind that opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID and, accordingly, you will need to opt-out on each browser and device you use. Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again. |
| Right To Appeal or Lodge Complaint | If we decline to take action on your request, we will inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Under the GDPR you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK. Under certain US states – you have the right to appeal, in accordance with the procedures under such applicable laws. For information – please see Part II of this Privacy Policy – “US Jurisdictions – Specific Privacy Notices”, below. |
| Non-Discrimination | Denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate against users or our Services, but we reserve the right to deny a good or service, provide a different level or quality of service, or charge different prices, all subject to applicable laws. If you have any reason to believe our services caused you to discrimination, please contact us directly at: dpo@stats.fm |
For additional information on your rights and how to exercise your rights, please see the DSR form. For California residents, please further see our CCPA Notice to learn more about your rights.
11. ELIGIBILITY AND CHILDREN PRIVACY
The Services are not intended for use by children (the phrase "child" shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 13), and we do not knowingly process children's information. We will discard any information we receive from a user that is considered a "child" immediately upon discovering that such a user shared information with us. Please contact us at: dpo@stats.fm if you have reason to believe that a child has shared any information with us.
2. US JURISDICTION-SPECIFIC PRIVACY NOTICES:
1. ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS
This section applies only to California residents, pursuant to the California Privacy Act of 2018 (“CCPA”) effective November 2020, and as amended by the California Privacy Rights Act, effective January 1, 2023.
Please see the CCPA Notice which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.
2. ADDITIONAL NOTICE FOR COLORADO RESIDENTS
According to the Colorado Privacy Act ("CPA"):
“Personal Data” means: “information that is linked or reasonably linkable to an identified or identifiable individual” and does not include any of the following: publicly available information, de-identified or aggregated consumer, and information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data. “Sensitive Data” includes (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. We do not process or collect any sensitive data.
In Section I.3 “ The Information We Collect & Purpose of Collection” of the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes. Section I.6 “Data Sharing – Categories of Recipients we Share Personal Data With” details the categories of third-parties the we share Personal Data with for business purposes. Further information regarding your privacy rights and how you may exercise them is detailed under Section I.10 “Privacy Rights”.
How to submit a request under CPA?
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. If the request is submitted by someone other than the consumer about whom information is being requested, proof of authorization (such as power of attorney or probate documents) will be required.
We will respond to your request within 45 days after receipt of a verifiable consumer request and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at dpo@stats.fm and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/
If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.
Any disclosures we provide will only cover the twelve-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
3. ADDITIONAL NOTICE TO VIRGINIA RESIDENTS
Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.
"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information. Personal Data does not include de-identified data or publicly available data, and information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.
The VCDPA requires us to disclose the categories of data processing and the purpose of each category, as detailed in Section I.3 “ The Information We Collect & Purpose of Collection” of this Privacy Policy, and the third parties with whom Personal Data is shared, as detailed in Section I.6 “Data Sharing – Categories of Recipients we Share Personal Data With”.
Further, Section I.10 “Privacy Rights” details the rights you may have under VCDPA and how you may exercise your rights.
How to Submit a Request Under VCDPA?
We shall respond to your request within 45 days of receipt. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at dpo@stats.fm and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform
We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive, or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.
4. ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS
Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.
"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. It does not include de-identified data or publicly available information. If further does not include information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.
The categories of personal data processed, purpose of processing, are detailed in Section I.3 “ The Information We Collect & Purpose of Collection”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section I.6 “Data Sharing – Categories of Recipients we Share Personal Data With”.
Information regarding your rights and how to exercise your rights is detailed in Section I.10 “Privacy Rights”.
How to Submit a Request Under CDPA?
We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 days response period, together with the reason for the extension.
If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.
We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.
5. ADDITIONAL NOTICE TO UTAH RESIDENTS
Under the Utah Consumer Privacy Act (the “UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your personal data are described below. “Personal data" refers that is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data.
The categories of personal data processed, purpose of processing, are detailed in Section I.3 “ The Information We Collect & Purpose of Collection”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section Section I.6 “Data Sharing – Categories of Recipients we Share Personal Data With”.
Information regarding your rights and how to exercise your rights is detailed in Section I.10 “Privacy Rights”.
6. NOTICE TO NEVADA RESIDENTS
Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to dpo@stats.fm.