Privacy Policy
Privacy Policy by Language:
Privacy Policy
Last Updated: 15 September 2022
1. SCOPE OF THIS PRIVACY POLICY
This privacy policy (“Privacy Policy”) describes how Avetta, LLC and its worldwide affiliated group companies (“Avetta”, or “we” or “us”) will use your personal data collected when you visit the Avetta websites, application websites and mobile platforms that contain a link to this Privacy Policy (collectively, the “Services”) or provide goods or services to Avetta. This Privacy Policy may be supplemented with additional privacy terms or with additional privacy notices in connection with certain features of the Services.
This Privacy Policy does not apply to websites, applications or mobile platforms that are operated by third parties, even if linked to the Services. For example, the Services also may provide access to social media features, message boards, chat, forums, blogs, profile pages and other services to which you are able to post personal data and materials. The information you post or disclose through these services may be public. Please be careful when disclosing personal data in these public areas. We encourage you to review the privacy policies posted on third-party websites, applications and mobile platforms.
2. CONTROLLER
For the purpose of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (“EU GDPR”), the United Kingdom General Data Protection Act (“UK GDPR”), and other applicable data protection laws with a framework similar to the EU GDPR, the “data controller” for your personal data is Avetta, LLC, 549 E Timpanogos Parkway, Building G, Orem, UT 84097, USA.
You can reach our Privacy Officer via the following means of communication:
Postal Service:
AVETTA, LLC
Attention: Privacy Officer
549 E Timpanogos Parkway, Building G
Orem, UT 84097, USA
Email: [email protected]
If you are located in the European Economic Area (“EEA”) or the United Kingdom (the “UK”) and have questions about your personal data or would like to request to access, update or delete it, you may contact our representative at:
Bird & Bird GDPR Representative Services SRL
Avenue Louise 235
1050 Bruxelles
Belgium
Key Contact:
Vincent Rezzouk-Hammachi
Bird & Bird GDPR Representative Services UK
12 New Fetter Lane
London
EC4A 1JP
United Kingdom
Key Contact:
Vincent Rezzouk-Hammachi
3. THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data, such as first name, last name, username or similar identifier, title, date of birth, gender and identification number.
Contact Data, such as mailing address, email address and phone numbers.
Profile Data, such as your username and password, photos and the Services you have subscribed to.
Health Data, such as vaccination status, and alcohol and drug screening results, if the information is requested by the parties you work with or seek to work with through our Services and you agree to provide voluntarily.
Professional Data, such as occupation, professional certifications, training status and work experiences.
Location Data, such as internet protocol (IP) address, geolocation and worksite locations.
Transaction Data, such as details of the Services you have subscribed to from us.
Technical Data, such as IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Services.
Usage Data, such as information about how you use the Services.
Marketing and Communications Data, such as your preferences in receiving marketing from us and your communication preferences.
We also collect, use and share Aggregated Data, such as statistical data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data if the data is anonymised and will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the Services. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. You are under no legal obligation to provide Avetta with your personal data; however, in this case we might not be able to provide you with all the Services.
4. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
Direct interactions. You or your authorised representatives may give us your data, such as Identity, Contact, Profile, Health, Professional, and Marketing and Communications Data, by filling in forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:
- Create an account with us.
- Complete the prequalification forms.
- Upload documentation requested by the parties you work with through our Services.
- Give us feedback or contact us.
Automated technologies or interactions. As you interact with the Services, we will automatically collect Location, Usage and Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy for further details.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
- Identity and Professional Data from verification services, such as greenID, ZoomInfo, or similar vendors, and from publicly available sources, such as the government document verification services provided by the Australian Government.
- Technical and Usage Data from analytics providers such as Google.
- Contact and Transaction Data from providers of technical and payment services.
5. HOW WE PROCESS YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with our customers.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
The table below describes in more detail the purposes and legal bases of our processing activities and what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
| Purposes for which we process your personal data | Categories of personal data processed | Legal basis for processing including basis of legitimate interest |
|---|---|---|
| To register you as a user of the Services, either as an authorised user of a client or a supplier |
|
(i) Your consent or (ii) where we do not obtain your consent, our legitimate interests (to perform our contract with our customers). |
| To assess your eligibility pursuant to the requirements by the parties you work with or seek to work with through our Services |
|
For Health Data, your consent. For other categories of personal data, (i) your consent or (ii) where we do not obtain your consent, our legitimate interests (to perform our contract with our customers). |
| To assist our users in soliciting, bidding for or completing a transaction or order |
|
For Health Data, your consent. For other categories of personal data, (i) your consent or (ii) where we do not obtain your consent, our legitimate interests (to perform our contract with our customers). |
| To manage our relationship with you, such as notifying you about changes to the Services or our terms and asking you for your feedback or comments |
|
Necessary for our legitimate interests (to keep our records updated and to study how customers use the Services). |
| To provide and improve our Service and support and develop new products |
|
Necessary for our legitimate interests (to improve the Services and our support). |
| To personalise the Services and to provide you with personalised marketing communication |
|
Necessary for our legitimate interests (to know users’ preferences to better personalise offers and ultimately offer a more relevant user experience). |
| To provide you with features on the Services, such as sharing content with a friend or colleague |
|
Necessary for our legitimate interests (to improve our Services and support). |
| To contact you regarding our Services or other products and services from third parties |
|
Necessary for our legitimate interests (to develop our Services and grow our business). |
| To invite you to participate in surveys, sweepstakes, competitions and similar promotions |
|
Your consent. |
| To aggregate information in order to anonymise it for data analysis, audits, developing new products, enhancing the Services, identifying usage trends and determining the effectiveness of our promotional campaigns |
|
Our legitimate interests (to improve our Services and support). |
| To prepare or implement reorganisation or sale of assets or shares | Potentially all categories of data as described in Section 3. | Our legitimate interests (to prepare and complete corporate transactions). |
| To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), and prevent and detect security threats, fraud or other malicious activity |
|
Our legitimate interests (to improve and maintain the Services and to protect our business). |
| To comply with our legal obligations, respond to government or judicial requests for information (including in the context of private litigation), resolve disputes and enforce our agreements | Depending on the legal obligations. | Compliance with a legal obligation. |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the parties set out below for the purposes set out in the table above.
| Categories of Data Recipients | Description |
|---|---|
| Group Affiliates | Members of the affiliated group of Avetta (including Pegasus Management Pty Ltd based in Australia and Avetta Do Brasil Tecnologia da Informação Ltda. based in Brazil).
The affiliates and subsidiaries of Avetta, LLC are data processors and provide IT and system administration, customer services, software development services, payment services and other data processing services.
|
| Service Providers and Contractors to Avetta | Cloud service providers based in Australia, Canada, Germany, Ireland, the UK and the US.
Providers of software development services, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, and other administrative and processing services based in Australia, Bolivia, India, the Philippines and the US. Providers of compliance tools, such as OneTrust (based in the US), and business credit reports and sanction lists screening services, such as CreditSafe (based in multiple jurisdictions). Providers of communication tools such as Zoom (based in the US) and Microsoft Teams (based in the US). Analytical service providers such as Google (based in the US). Verification service providers such as greenID (based in Australia). Providers of data processing tools such as Chekrite (based in Australia). Providers of customer relationship management tools such as Salesforce (based in the US). Marketing service providers such as Marketo (based in the US). Independent agents, representatives and consultants globally to support our business. |
| Users of the Services | Suppliers and clients in the network of the Services who you work with or seek to work with through our Services. |
| Other Recipients | Third parties to whom we may choose to sell, transfer or merger parts of our business or our assets.
Third parties that we may acquire. Third parties if we expressly told you about such potential disclosure in our agreement(s) with you, or at the point at which you submitted the personal data to us. Third parties we need to disclose your personal data to in order to: (i) respond to or comply with any law, regulation, subpoena or court order, or government or judicial request (including in the context of private litigation); (ii) investigate and help prevent security threats, fraud or other malicious activity; (iii) enforce and protect the rights and properties of Avetta; or (iv) protect the rights or personal safety of our employees and third parties on or using our property. We may disclose your personal data to domestic or foreign government or public authorities in any of the countries in which we operate in order to respond to inquiries or requests or as otherwise required by law or legal process. Where relevant, we may share or transfer your personal data in order to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. |
7. COOKIES AND OTHER TRACKING TECHNOLOGIES
We may automatically collect information through the use of cookies or similar technologies, such as web beacons. Some content or functions of our Services are served by third parties. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use the Services. The information they collect may be associated with your personal data or they may collect information, including personal data, about your online activities over time and across different websites and other online services. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services may become inaccessible or not function properly. For more information about the cookies, please see our Cookie Policy.
8. DO NOT TRACK DISCLOSURE
Our Services do not respond to Do Not Track signals. You may, however, disable certain tracking as discussed in our Cookie Policy, such as by disabling cookies.
9. CHILDREN'S PRIVACY
We do not knowingly collect personal data from children under the age of 18 and we do not target our Services to children under 18.
10. YOUR CHOICES AND SELECTING YOUR PRIVACY PREFERENCES
If you are a user of the Services, you can manage available communications preferences when you register with the Services (including by providing your opt-in consent, where required), by updating your account preferences, or, where applicable, by using the “opt-out” or unsubscribe mechanism or other means provided within the communications that you receive. We reserve the right to notify you of changes or updates to the Services whenever necessary.
11. YOUR RIGHTS
You may request a copy of and correct the personal data that we hold about you. Under certain circumstances, you may have the right to object to the processing of your personal data or to have it erased. If the Services allow registered users to access their registration information and make corrections or updates, the accuracy of such information is solely the responsibility of the user. Subject to any right you may have to access, review, correct, raise an objection to or block personal data, no access is given to personal data or data that may have been collected about other users.
You have the right to withdraw your consent at any time where we use your personal data on the basis of your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
In addition, if you are located in the EEA or the UK, you may have the following additional rights:
- Right of access (Art. 15 GDPR)
You have the right to obtain from us confirmation as to whether and which data we process about you, for which purposes, how long we process them, who may receive the data and where they originate from. You do not have such a right in exceptional cases, i.e. where your requests are excessive.
- Right to rectification (Art. 16 GDPR)
You generally have the right to obtain from us the rectification of inaccurate data, including the right to have incomplete data completed.
- Right to erasure/Right to be forgotten (Art. 17 GDPR)
You have the right, in particular cases, to obtain from us the erasure of your data, e.g. if the data are no longer necessary in relation to the purposes for which they were collected, or if you have objected to the processing. This does not apply in exceptional cases, e.g. if the further processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
- Right to restriction of processing (Art. 18 GDPR)
You may ask us to restrict our use of your personal data where, for example, we no longer need your personal data for the purposes of which we are using it but it is required by you for the establishment, exercise or defence of legal claims.
- Right to data portability (Art. 20 GDPR)
You can request a machine-readable copy of personal data that you have provided to us, which can be transmitted to another service provider where technically feasible. This only applies to personal data that we use by automatic means, and on the basis of your consent or our performance of a contract with you.
- RIGHT TO OBJECT (ART. 21 GDPR)
To the extent that we are relying upon legitimate interest as a legal basis to use your personal data, or to the extent we process your personal data for direct marketing purposes, you have the right to object to such use on grounds relating to your particular situation, at any time. However, we cannot always comply with this, e.g. if legal provisions oblige us to process data within the scope of our official duties.
- Right to lodge a complaint (Art. 77 (1) GDPR)
You also have the right to lodge a complaint with the competent supervisory authority, in particular in your member state of residence, if you consider that our use of your personal data infringes applicable data protection law.
To protect your privacy and security, we may take reasonable steps to verify your identity whenever you have requested to exercise your rights. To view and change the personal data that you directly provided to us, you can return to the webpage or application where you originally submitted your personal data and follow the instructions on that webpage or application, or contact us at the address listed below.
For further data regarding your rights, or to exercise any of your rights, please contact us at [email protected].
12. DATA RETENTION AND SECURITY
We store information about you in computer systems and databases operated by either us or our external service providers.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
The security of your personal data is important to us. We use a variety of data security measures intended to ensure the confidentiality and integrity of your personal data. However, unfortunately no data transmission over the Internet or data storage system is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at [email protected].
13. CHANGES TO THIS PRIVACY POLICY
If we modify this Privacy Policy to reflect changes to our information practices, we will post the revised version here, with an updated revision date. We encourage you to periodically review this page for the latest information on our privacy practices.
14. INTERNATIONAL DATA TRANSFER
For the purposes described above, your personal data may be transferred to recipients mentioned in Section 6 and we may transfer it to countries that are outside of the EEA or the UK (including to the United States). Please be aware that countries which are outside the EEA or the UK may not offer the same level of data protection as the EEA or the UK, although our collection, storage and use of your personal data will continue to be governed by this Privacy Policy.
When transferring personal data outside the EEA or the UK, we will:
- include into our contracts the standard contractual data protection clauses approved by the European Commission (as applicable) for transferring personal data from the EEA or the UK (these are the clauses approved under Article 46 (2) GDPR) and additionally the International Data Transfer Addendum to the EU Commission standard Contractual Clauses (the “UK Addendum”) for transferring personal data from the UK – you may request a copy of such standard contractual data protection clauses and the UK Addendum from our Privacy Officer at [email protected]; or
- ensure that the country in which your personal data will be handled has been deemed “adequate” by the European Commission or the UK, as applicable.
You can find out further information about the rules on data transfers outside the EEA and the UK, including the mechanisms that we rely upon, on the European Commission website here and the UK’s Information Commissioner’s Office website here.
15. LOCAL LAWS AND REGULATIONS
While this Privacy Policy is designed to deliver consistent and efficient information on a global basis with a specific focus on the EU GDPR and UK GDPR, all information will always be processed in accordance with applicable local law. For more details on the local laws and regulations applicable to your home jurisdiction, please see Appendix I of this Privacy Policy.
16. HOW TO CONTACT US
If you have comments or questions about this Privacy Policy or our processing of your information, please contact:
AVETTA, LLC
Attention: Privacy Officer
549 E Timpanogos Parkway, Building G
Orem, UT 84097, USA
Email: [email protected]
Our data protection representatives within the EEA and the UK are as follows:
| Representative | Region | Contact |
|---|---|---|
| Bird & Bird GDPR Representative Services SRL | EEA | Avenue Louise 235 1050 Bruxelles Belgium [email protected] Key Contact: Vincent Rezzouk-Hammachi |
| Bird & Bird GDPR Representative Services UK | UK | 12 New Fetter Lane London EC4A 1JP United Kingdom [email protected] Key Contact: Vincent Rezzouk-Hammachi |
Individuals within the EEA or the UK can contact us directly (see above) or contact the respective representative.
Appendix I: Jurisdiction Specific Terms
United States - Notice to California Residents
Last Updated: 15 September 2022
This notice to California residents supplements solely to the visitors, users and others who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”), and any terms defined in the CCPA have the same meaning when used in this notice.
Where noted in this notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some of its requirements.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device ("personal information"). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data or other qualifying research data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driving licence number, passport number or other similar identifiers. | YES |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES |
| C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, colour, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | YES |
| D. Commercial information. | Records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies. | YES |
| E. Biometric information. | Genetic, physiological, behavioural and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints and voiceprints, iris or retina scans, keystroke, gait or other physical patterns, and sleep, health or exercise data. | NO |
| F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application or advertisement. | YES |
| G. Geolocation data. | Physical location or movements. | YES |
| H. Sensory data. | Audio, electronic, visual, thermal, olfactory or similar information. | NO |
| I. Professional or employment-related information. | Current or past job history or performance evaluations. | YES |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information or student disciplinary records. | NO |
| K. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities and aptitudes. | NO |
As described in Section 4 of the Privacy Policy, we obtain the categories of personal information listed above from the following categories of sources:
- Direct Interactions with you.
- Automated technologies or interactions.
- Third parties or publicly available sources.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:
- To register you as a user of the Services, either as a client, supplier or worker.
- To assess your eligibility pursuant to the requirements by the parties you work with or seek to work with through our Services.
- To assist our users in soliciting, bidding for or completing a transaction or order.
- To manage our relationship with you, such as notifying you about changes to the Services or our terms and asking you for your feedback or comments.
- To provide and improve our Services and support and develop new products.
- To personalise the Services and to provide you with personalised marketing communication.
- To provide you with features on the Services, such as sharing content with a friend or colleague.
- To contact you regarding our Services or other products and services from third parties.
- To invite you to participate in surveys, sweepstakes, competitions and similar promotions.
- To aggregate information in order to anonymise it for data analysis, audits, developing new products, enhancing the Service, identifying usage trends and determining the effectiveness of our promotional campaigns.
- To prepare or implement reorganization or sale of assets or shares.
- To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) and prevent and detect security threats, fraud or other malicious activity.
- To comply with our legal obligations, respond to government or judicial requests for information (including in the context of private litigation), resolve disputes and enforce our agreements.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated or incompatible purposes without providing you with notice.
Sharing Personal Information
We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below. Please note that we do not sell personal information.
| Personal Information Category | Category of Third-Party Recipients
Business Purpose Disclosures |
|---|---|
| A: Identifiers. |
|
| B: California Customer Records personal information categories. |
|
| C: Protected classification characteristics under California or federal law. |
|
| D: Commercial information. |
|
| E: Biometric information. | N/A |
| F: Internet or other similar network activity. |
|
| G: Geolocation data. |
|
| H: Sensory data. | N/A |
| I: Professional or employment-related information. |
|
| J: Non-public education information. | N/A |
| K: Inferences drawn from other personal information. | N/A |
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
We do not provide a right to know or data portability disclosure for B2B personal information.
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfil the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
We do not provide these deletion rights for B2B personal information.
Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request by either:
- Emailing us at [email protected].
- Visiting our privacy request form.
Only you, or someone legally authorised to act on your behalf, may make a request to know or delete related to your personal information.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact [email protected].
We endeavour to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the programme's material aspects. Participation in a financial incentive programme requires your prior opt-in consent, which you may revoke at any time.
Other California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Services who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected].
Changes to Our Privacy Policy
We reserve the right to amend the Privacy Policy at our discretion and at any time. When we make changes to this notice, we will post the updated notice on this page and update the notice’s effective date. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this notice, the ways in which Avetta collects and uses your information described here and in the main terms of the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Email: [email protected]
Postal Address:
AVETTA, LLC
Attention: Privacy Officer
549 E Timpanogos Parkway, Building G
Orem, UT 84097, USA
If you need to access this notice in an alternative format due to having a disability, please contact [email protected].
Australia – Additional Disclosures to Australian Residents
Last Updated: 15 September 2022
DO WE DISCLOSE PERSONAL INFORMATION TO OVERSEAS RECIPIENTS?
We may disclose your personal information to recipients which are located outside Australia. Please see Section 6 of the Privacy Policy for details.
DO WE USE YOUR PERSONAL INFORMATION FOR MARKETING?
We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to. These products and services may be offered by us, our related companies, our other business partners or our service providers.
Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION
You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information.
There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access.
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate and up to date.
COMPLAINTS
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.
We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (“OAIC”) (www.oaic.gov.au) for guidance on alternative courses of action which may be available.
CONTACT DETAILS
If you have any questions, comments, requests or concerns, please contact us at:
Email: [email protected]
Postal Address:
AVETTA, LLC
Attention: Privacy Officer
549 E Timpanogos Parkway, Building G
Orem, UT 84097, USA