Your and your organization’s access to and use of our Sites are subject to our Terms of Service located here. Should you wish to review, update, or delete your collected Personal Data, or to withdraw your consent of our use of your Personal Data, please contact us at our contact information provided in Section 15 of this Policy.
Note to California consumers and European Union residents: our Policy additionally ensures required protections of your data under the California Consumer Protection Act and the European Union General Data Protection Regulation, contained in Sections 9 and 10 of this Policy, respectively.
1. Information We Collect
When you visit our Sites, our servers may automatically log the standard data provided by your web browser. This data is considered non-identifying information, as it does not personally identify you on its own (“Log Data”). We may store Log Data ourselves and or may be included in databases owned and maintained by our affiliates, agents or service providers.
Log Data may include your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other non-identifying details. It may also include data about the device you are using to access our Sites, such as the device type, operating system, unique device identifiers, and device settings. While most of any Log Data that we collect is non-identifying information, your computer’s Internet Protocol (IP) address and geo-location data are identifying information, as it can personally identify you. We do not use this information to identify you or any other individuals.
When you interact with us through our Sites, we may collect information that, alone or in combination, could be used to identify you (“Personal Data”) and other information from you. For example, we may collect Personal Data from you when you contact us with inquiries, or register for a Company account to access our services. Personal information may include your name, phone, mobile number, mailing address, home address, work address, and or payment information. This data is considered identifying information, as it can personally identify you.
We only request your Personal Data relevant to providing you with this service and or to help improve this service. By voluntarily providing us with your Personal Data, you are consenting to our use of it, in accordance with this Policy. If you provide your Personal Data to us, you acknowledge and agree that such Personal Data may be transferred from your current location to the offices and servers of Company and the authorized third parties referred to herein, via our Sites and services.
2. How We Collect Information
Insofar as we request the collection of your Personal Data, we do so by fair and lawful means, with your knowledge and consent. This is our basis for processing all Personal Data as defined above. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it. You may withdraw consent at any time by contacting us by email or phone. Insofar as our collection is necessary for the fulfillment of a contract we have entered into with you, that is the lawful basis for our processing.
3. Use of Information
We may use a combination of identifying and non-identifying information to understand who our visitors are, how they use our services, and how we may improve their experience of our Sites in the future. We do not disclose the specifics of this information publicly but may share aggregated and anonymized versions of this information, for example, in website and customer usage trend reports. This data is anonymized to where it can no longer identify you.
We may use your Personal Data to: provide our Sites and services; process your payment for the services; to contact you with updates about our Sites and services; send you emails or newsletters that you sign up for along with promotional content that we believe may be of interest to you; and improve the services. If you wish to opt out of receiving promotional content, you can follow the unsubscribe instructions provided alongside any promotional correspondence from us. In addition, if at any time you wish not to receive any future communications or you wish to have your name deleted from our mailing lists, please contact us at our contact information provided in Section 15 of this Policy. Please note that we will continue to contact you via email to respond to requests and to provide the services.
4. Data Processing and Storage
The Personal Data we collect is stored and processed in the United States, or where we or our partners, affiliates and third party service providers maintain facilities. We only transfer data within jurisdictions subject to data protection laws that reflect our commitment to protecting the privacy of our users. Any transfers of Personal Data will comply with local, state, federal, and international data privacy laws.
We only retain Personal Data for as long as necessary to provide a service, or to improve our services in future. While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and we cannot guarantee absolute data security.
If you request your Personal Data be deleted, or where your Personal Data becomes no longer relevant to our operations, we will erase it from our system without undue delay.
Company does not use automated decision-making, including profiling, that produces legal effects or otherwise significantly affects you.
5. Our Disclosure of Your Personal Data and Other Information
We may share your Personal Data with certain third parties, without further notice to you, in the following circumstances:
(1) Business Transfers
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred to a successor or affiliate alone or as part of that transaction along with other assets.
(2) Vendors and Service Providers
We engage third party vendors and service providers to perform certain functions on our behalf (such as payment processing). These third parties may have access to your Personal Data for the purpose of helping us market, provide and/or improve the services.
Service Providers with Access to Data (Sub-processors):
- Amazon Web Services: for platform hosting, web processing, file and data storage.
- EngineYard: Managed Service Provider to help manage platform hosting including scalability, monitoring, security updates, etc.
- Hubspot: Hubspot does not have access to client, account, or application data, but is used for support and has access to limited, basic user data.
- MongoDB Atlas: A database as a service with autoscaling and security built in.
- Stripe: Stripe has limited customer data for payment processing and billing.
(3) Legal Requirements
Company may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to: (i) comply with a legal obligation, (ii) protect and defend the rights or property of Company; (iii) act in urgent circumstances to protect the personal safety of users of our Sites, services, or of the public; or (iv) protect against legal liability.
6. Third Party Sites
This Policy applies only to our Sites, which may contain links to other websites not operated or controlled by us (“Third Party Sites”). The policies and procedures we describe here do not apply to Third Party Sites. The links from our Sites do not imply that we have necessarily endorsed or have reviewed Third Party Sites. As such, we suggest contacting Third Party Sites directly for information on their privacy policies.
We take reasonable steps to protect the Personal Data provided via the services from loss, misuse and unauthorized access, disclosure, alteration or destruction. However, the internet cannot be guaranteed to be fully secure and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for disclosures beyond our reasonable controls. You are also responsible for helping to protect the security of your account credentials. For instance, never give out your password, and safeguard your username, password and personal credentials when you are using the services, so that other people will not have access to your Personal Data. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the services.
8. Do Not Track
“Do Not Track” is a preference you can set in your web browser to inform website that you do not want to be tracked. You can enable or disable “Do Not Track” by visiting the Preferences or Settings page of your web browser. While we do not currently support “Do Not Track” signals, we treat the data of everyone who comes to our Sites in accordance with this Policy, no matter their “Do Not Track” setting.
9. CCPA Compliance
This portion of our Policy applies to California consumers only, pursuant to the California Consumer Privacy Act (“CCPA”):
(1) CA Personal Information Collected
We collect information from users, as described in our Policy. The “Personal Information”, as defined in California Civil Code § 1798.140(o), we may collect on California residents includes any of the following:
- Identifiers such as a real name, alias, unique personal identifier, online identifier, Internet Protocol address, email address, or other similar identifiers.
- Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Biometric information.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
- Geolocation data.
- Audio, electronic, visual, thermal, olfactory, or similar information.
- Professional or employment-related information.
- Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
- Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
(2) Our Use of CA Personal Information for Business Purposes
We use the Personal Information we collect, identified in each of the above categories, for the business purposes disclosed within the Policy. These business purposes include the following:
- Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
- Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
(3) Disclosures of CA Personal Information for Business Purposes:
We may disclose Personal Information identified in the above categories only (i) for exempt activities, as part of a business-to-business transaction, (ii) at your express request, or (iii) for our business purposes. For more information on the service providers with whom we share information, please see “Our Disclosure of Your Personal Data and Other Information” in Section 5 of this Policy.
(4) CA Rights and Choices
If you are a California resident, you have certain legal rights related to your Personal Information under the CCPA. Except as otherwise provided by applicable law, you may exercise the following rights with relation to your Personal Information as covered by this Policy:
(a) Right to Know/Portability
You have the right to request that we disclose to you certain information about Personal Information we collected about you within the past twelve months. Once we confirm your verifiable request, we will disclose to you:
- Categories of Personal Information we have collected about you;
- Categories of sources from which the Personal Information is collected;
- Our business or commercial purpose for collecting Personal Information;
- Categories of third parties with whom we share Personal Information; and
- Specific pieces of information we have collected about you.
(b) Right to Opt Out
We do not offer a right to opt out because we have not sold any Personal Information described in this Policy to third parties within the previous twelve months and will not sell Personal Information within the meaning of the CCPA.
(c) Right to Deletion
You have the right to request deletion of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we confirm your verifiable request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
(d) Right to Non-Discrimination for Exercise of a California Privacy Rights
We will not discriminate against you because you exercise any of the above rights, or any other rights under the CCPA. Specifically, if you exercise your rights, we will not deny you services, charge you different prices or rates for services or provide you a different level or quality of services.
(e) How to Submit A Request
You may submit a request to exercise the rights listed above by:
- Emailing us at our contact information provided in Section 15 of this Policy; and
- In your request, please include (1) full name used to create your account; (2) email with which you created your account; (3) phone number in case we need to contact you to securely verify your request; (4) whether you are requesting how your information is used and/or to delete your personal information.
(5) Verifiable Request
As required under applicable law, we take steps to verify your identity before responding to your request. We may require you to provide information sufficient enough to allow us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative. We may limit our response to your exercise of the above rights as permitted under applicable law.
(6) Agent Authorization and Disability Access
You may designate an authorized agent to make a request on your behalf. As permitted by law, we may require additional verification in response to a request even if you choose to use an agent. You may also make a verifiable consumer request on behalf of your minor child. To access this Policy by an alternative method, please contact us at our contact information provided in Section 15 of this Policy.
(7) Right to Opt Out and Right to Opt In
Please note we do not sell Personal Information of California Consumers regardless of your age. If you are 16 years of age or older, you have the right to direct us to not sell your Personal Information at any time (the “right to opt out”). We do not sell the Personal Information of consumers we know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt in to Personal Information sales may opt out of future sales at any time.
(8) Responding to Requests
We will confirm receipt of your request within 10 days from receipt, and provide information about how we will process the request, our verification process, and when you can anticipate a response to the request. We will use commercially reasonable efforts to honor your request within 45 days from receipt. If additional time is needed, we will notify you of the same, along with an explanation and anticipated timeline for the extension which shall not exceed 90 days from the date of receipt.
(9) Other California Privacy Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Data which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to our contact information provided in Section 15 of this Policy.
10. GDPR Compliance
This portion of our Policy applies to European Union (“EU”) residents only, pursuant to the European Union General Data Protection Regulation (“GDPR”):
(1) EU Data Rights
Company is a controller of personal data, as defined by the GDPR’s Article 4 (definition included at the end of this section). EU residents have certain rights granted to them by the GDPR with regard to their personal data. To act on your GDPR data rights, please contact us at our contact information provided in Section 15 of this Policy. Company is committed to protecting and enforcing these rights, and are as follows:
- First and foremost, you have the right to be informed on the collection and use of your personal data (GDPR Articles 12-14).
- The right to request access (GDPR Article 15). This means that you have the right to know whether or not we are processing your personal data and have access to that personal data (as well as information related to the processing of your personal data).
- The right to rectification (GDPR Article 16). This means you have the right to have your inaccurate personal data corrected, including have incomplete personal data completed.
- The right to erasure (GDPR Article 17). This is your “right to be forgotten.” Subject to certain limitations found in GDPR Article 17, you have the right to have your personal data erased.
- The right to restriction of processing (GDPR Article 18). This right allows you to restrict the processing of your data when certain conditions apply (accuracy is contested, processing is unlawful, we no longer need the personal data for our purposes of processing, or you have used your right to object).
- If you have used your right to rectification, erasure, or restriction of processing, we are responsible for communicating such to each recipient to whom the data has been disclosed, unless this proves impossible or involves disproportionate effort. Further, you have the right to request notification of those recipients (GDPR Article 19).
- The right to object (GDPR Article 21). You can object to the processing of your personal data based on our legitimate interests at anytime. This refers to your log data, which is essential to the operation of our website. You can also object to the processing of your personal data used for direct marketing.
- The right to data portability (GDPR Article 20). You have the right to receive from us your personal data and have that personal data sent to another controller.
- Subject to certain limitations, including when the decision is necessary for entering into, or in performance of, a contract between you and the controller, you have the right to not be subject to automated decision-making that produces legal or other significant affects to you (GDPR Article 22).
- If you have complaints about the processing of your personal data, you have the right to lodge a complaint with a supervisory authority within your own country.
GDPR Article 4(7): ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
GDPR Article 4(1): ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
GDPR Article 4(2): ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
11. COPPA Compliance
This section explains our information collection, disclosure, parental consent practices and parental choice procedures with respect to information provided by Children under the age of 13 (“Child” or “Children”), in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”) and outlines our practices in the United States regarding Children’s personal information.
We do not knowingly solicit information from or market to Children, and given our industry, we believe it is very unlikely that any Children use our Site. However, if you become aware of any Personal Data we have collected from Children, please contact us our contact information provided in Section 15 of this Policy.
(2) Third Party Access to Information
We do not knowingly disclose any Personal Data provided by Children to third parties. We may, however, disclose anonymized and aggregated versions of this information (analytics and statistics) for business, marketing or public relations purposes.
(3) Parental Controls and Intervention
In the case of any information solicited from or marketed to Children, you may at any time, as a parent and or guardian, refuse to let us collect further Personal Data from your Children for a particular activity or account. If you have given us consent previously, you may log in to your Child’s account to review, update, edit or delete the Personal Data, or contact us using the contact information provided below to request the removal of the Personal Data from our records. A valid request to delete Personal Data will be accommodated within a reasonable time. In addition to the foregoing, we will exercise commercially reasonable efforts to delete Personal Data belonging to Children when it is no longer needed for the purpose for which it was collected. Please be aware that the removal of certain information may result in the termination of the associated account, or withdrawal from the associated activity.
We reserve the right to change this Policy at any time. If we decide to change this Policy in the future, we will post or provide appropriate notice. Any non-material change (such as clarifications) to this Policy will become effective on the date the change is posted, and any material changes will become effective 30 days from their posting on this page or via email to your listed email address. Unless stated otherwise, our current Policy applies to all Personal Data that we have about you and your account. The date on which the latest update was made is indicated at the bottom of this document. We recommend that you print a copy of this Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.
13. Legal Notice
If any part or parts of this Policy are found under the law to be invalid or unenforceable by a court of competent jurisdiction, then such specific part or parts shall be of no force and effect and shall be severed and the remainder shall continue in full force and effect.
14. Governing Law
This Policy is governed by and construed in accordance with the laws of Tennessee and you irrevocably submit to the exclusive jurisdiction of the courts of Tennessee.
15. Contact Information
Smart-RIA Ventures, Inc.
8200 Kingston Pike, Suite 21
Knoxville, TN 37919
+1 (833) 497-6278
16. Policy Effective Date
This Policy is effective as of December 1, 2020.