CCPA/CPRA CONSUMER PRIVACY RIGHTS POLICY
Dated: February 1, 2023
Madtech, LLC. (“MadTech“) respects your right to privacy. This Privacy Notice explains who we are, how we collect, store, share and use personal data about you, and how you can exercise your privacy rights. This Privacy Notice applies to personal data that we collect, including through our websites at www.madtech.io and www.madconnect.io, within our product(s) and on other websites that MadTech operates and that link to this policy (“collectively Websites”).
If you have any questions or concerns about our use of your personal data, then please contact us using the contact details provided at the bottom of this Privacy Notice.
- YOUR RIGHTS AS A CALIFORNIA CONSUMER
At MadTech we respect your privacy rights as a consumer (“Consumer”) under the California Consumer Privacy Act of 2018, as revised by the California Privacy Rights Act of 2020, and the associated regulations (the “CCPA/CPRA”) and other California laws. We are committed to protecting your CCPA/CPRA rights to:
- Delete personal information collected from or about them (“Right to Delete”).
- Correct inaccurate Personal Information collected and maintained about them (“Right to Correct”).
- Know what personal information is being collected about them, to access that personal information, and to know what personal information about them is being sold or shared and to whom (together called the “Right to Know”).
- Opt-out of the Sale or sharing of their personal information (“Right to Opt-out”).
- Limit use and disclosure of sensitive personal information to what is necessary to perform the services or provide the goods reasonably expected by an average Consumer who requests such goods or services (“Right to Limit”).
- Not be retaliated against for exercising their rights (“Right to No Discrimination”).
This document provides you with a description of our business practices, both online and offline, regarding the collection use, disclosure, and sale of personal information and of the rights of Consumers regarding their own personal information.
The terms used in this policy have the meanings used in the CCPA/CPRA. To learn more about your California privacy rights, please visit: https://oag.ca.gov/privacy/privacy-laws.
- PERSONAL INFORMATION WE COLLECT, SELL, SHARE, AND OTHERWISE DISCLOSE
The CCPA/CPRA defines personal information as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” The CCPA/CPRA defines the following categories of personal information:
- Identifiers: name, alias, address, online identifier, Internet Protocol address, email address, account name, Social Security number, Driver’s license number, passport number.
- Customer records (defined by the California Customer Records Law, Cal. Civ. Code Section 1798.80): name, signature, Social Security number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, any other financial information, medical information, health insurance information.
- Characteristics of protected classifications under California or federal law: age (over 40), AIDS/HIV-positive status, ancestry, citizenship status, disability, gender identity or expression, genetic information or conditions, marital status, medical condition, military or veteran status, national origin, political affiliations or activities, pregnancy, race, religion, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation.
- Commercial information: records of personal property, products or services purchased, obtained, or considered or other purchasing or consuming histories or tendencies.
- Biometric information: imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
- Internet or other network activity information: browsing history, search history, information regarding a consumer’s interaction with an internet website application, or advertisement, or other similar information.
- Geolocation data: any data that is derived from a device and that is used or intended to be used to locate a Consumer within a geographic area
- Audio, electronic, visual, thermal, olfactory, or similar information (collectively referred to as “Sensory information”), as described in the category name.
- Professional or employment-related information, as described in the category name.
- Education information: information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g; 34 C.F.R. Part 99).
- Sensitive personal information, Social Security number, driver’s license number, state identification card number, passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, precise geolocation (meaning any geolocation data that can be used to locate a consumer within a radius of 1,850 feet.), racial or ethnic origin, religious or philosophical beliefs, union membership, contents of a consumer’s mail, email, and text messages unless the business collecting or using the data is the intended recipient of the communication, genetic data, biometric information for the purpose of uniquely identifying a consumer, personal information collected and analyzed concerning a consumer’s health, personal information collected and analyzed concerning a consumer’s sex life or sexual orientation, when collected or used for the purposes of inferring characteristics about a consumer.
- Inferences drawn from any of the information in any other category to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
The following chart describes what categories of personal information we have collected over the past 12 months, how we collected that information, the business and commercial purposes for which we generally use such information, and which types of trusted business partners to whom we may sell, share, or otherwise disclose that information:
Category of personal information | Collected? | Categories of Sources | Business or Commercial Purpose | Categories of third parties to which we have sold or shared | Categories of third parties to which we have otherwise disclosed |
Identifiers | Yes | provided directly by the customercollected from customer’s browser or deviceinferred from information provided by customerobtained from one or more third parties | -providing our products and services -advertising and marketing | -marketing and advertising partners-advertising platform providers | -marketing and advertising partners-website analytics vendors |
Customer records | Yes | provided directly by the customercollected from customer’s browser or deviceinferred from information provided by customerobtained from one or more third parties | -providing our products and services -advertising and marketing | -marketing and advertising partners-advertising platform providers | -marketing and advertising partners-website analytics vendors |
Characteristics of legally protected classifications | Yes | provided directly by the customercollected from customer’s browser or deviceinferred from information provided by customerobtained from one or more third parties | -providing our products and services -advertising and marketing | -marketing and advertising partners-advertising platform providers | -marketing and advertising partners-website analytics vendors |
Commercial information | No | N/A | N/A | N/A | N/A |
Biometric information | No | N/A | N/A | N/A | N/A |
Internet or other network activity information | Yes | collected from customer’s browser or deviceinferred from information provided by customer | -providing our products and services -advertising and marketing | -marketing and advertising partners-advertising platform providers | -marketing and advertising partners-website analytics vendors |
Geolocation data | Yes | collected from customer’s browser or deviceinferred from information provided by customer | -providing our products and services -advertising and marketing | -marketing and advertising partners-advertising platform providers | -marketing and advertising partners-website analytics vendors |
Sensory information | No | N/A | N/A | N/A | N/A |
Professional or employment-related information | No | N/A | N/A | N/A | N/A |
Education information | No | N/A | N/A | N/A | N/A |
Sensitive personal information | No | N/A | N/A | N/A | N/A |
Inferences from any of the above | No | N/A | N/A | N/A | N/A |
Personal information does not include deidentified or aggregate consumer information or information that is lawfully made available from federal, state, or local government records.
Personal information is not considered to have been disclosed by a business when a consumer instructs a business to transfer the consumer’s personal information from one business to another in the context of switching services.
MadTech, LLC. retains consumers’ personal information as reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed.
MadTech does not sell or share consumers’ personal information to any third parties, including in the preceding twelve months.
We may also disclose personal information in the following situations:
- Business transfers: The Company may transfer to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the Company. It will only do so where that information is used or shared consistent with the CCPA/CPRA, that transfer will not constitute a “sharing” of personal information and it is not required to be reported in our policy and disclosures as such.
- Legal compliance and law enforcement: We may be required to disclose your personal information in limited circumstances, for example, to respond to a subpoena or similar judicial process, to comply with state, federal or local laws, to exercise or defnd legal claims or, to the extent required by law, to provide information to law enforcement agencies.
- RIGHT TO DELETE PERSONAL INFORMATION
You have the right to request that we delete any of your personal information, subject to certain exceptions.
- RIGHT TO CORRECT INACCURATE PERSONAL INFORMATION
You have the right to request that we correct any inaccurate personal information about you.
- RIGHT TO KNOW
You have the right to request, up to two times per year, that we disclose the following information to you about our collection and use of your personal information over the past 12 months:
- the categories of personal information we collected about you.
- the categories of sources for the personal information we collected about you.
- our business or commercial purpose for collecting your personal information.
- the categories of third parties with whom we sell, share, or otherwise disclose your personal information.
- the specific pieces of personal information we have collected about you. You may also request a copy of specific pieces of personal information that we have collected about you. Please note that “specific pieces of information” do not include data generated to help ensure security and integrity or as prescribed by regulation.
- HOW TO EXERCISE YOUR RIGHTS TO DELETE, CORRECT, AND KNOW
Your Right to Delete, Right to Correct, and Right to Know can be exercised by submitting a verifiable request to us by sending an email to the following address or via US Mail.
- Email: partnerships@madtech.io
- Address: 7 Toffee Ln, Madison, CT 06443
We cannot respond to your verifiable request if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. For this reason, your request must both:
- provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
If you have a password-protected account with our Company, we may require you to verify your identity through our existing authentication practices for the account. We will only use personal information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
Only you, or your properly authorized agent, may make a request related to your personal information. To be certain that anyone claiming to make a verifiable request on your behalf has been properly authorized by you, we may require additional information, including:
- submitting the signed authorization that you provided to your agent.
- verifying their own identity directly with us.
- otherwise directly confirming with us that you have provided your authorized agent permission to submit the verifiable request.
You may submit a Right to Delete or a Right to Know request for specific pieces of information on behalf of all members of your household. The the following requirements must be met before we can comply with a Right to Delete request or a Right to Know request for specific pieces of information made on a household basis:
- all Consumers of the household jointly request to know specific pieces of information for the household or to delete household personal information;
- we individually verify each of the members of the household; and
- we verify that each member making the request is currently a member of the household.
If a member of the household is under the age of 13, we are also required to obtain verifiable parental consent, as described in the next section, below, before complying with a Consumer Rights request.
- RIGHT TO LIMIT USE AND DISCLOSURE OF SENSITIVE PERSONAL INFORMATION
MadTech, LLC uses or discloses your sensitive personal information beyond that which is necessary to perform the services, disclose this information to certain third parties, or to provide the goods reasonably expected by an average consumer who requests such goods or services, to perform the following services:
- ensuring the security and integrity of our website and system.
- short-term, transient use, such as non-personalized advertising.
- performing services on behalf of the business.
- maintaining or improving the quality or safety of a service or device we own, manufacture, or control.
You may exercise your right to opt out by using an opt-out preference signal sent by a platform, technology, or mechanism such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal the consumer’s choice to limit the use of their sensitive personal information.
Only you, or your properly authorized agent, may make a Right to Limit request using the method(s) provided above. If you change your mind after making a Right to Limit request, you may contact us at any time to opt-in to the use or disclosure of your sensitive personal information as described above.
- ADDITIONAL INFORMATION REGARDING CHILDREN UNDER 16 YEARS OF AGE
Exercising Consumer Rights: A parent or guardian may make a Consumer Rights request on behalf of their child under the age of 16. In the case of a request to exercise the Right to Delete or the Right to Know on behalf of a child under the age of 13, we provide additional safeguards to confirm that you are the parent or guardian of that child. If you are making a request for a child under 13, please indicate this in the submission of your request or contact us using our contact information provided below so that we can provide you with further instructions on how to comply with CCPA/CPRA requirements.
Sale or sharing of the children’s personal information: MadTech does not knowingly sell or share the personal information of children under 16 years of age.
- NON-DISCRIMINATION
We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not unlawfully:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
- Retaliate against an employee, applicant for employment, or independent contractor for exercising their rights under this title.
- CALIFORNIA “SHINE THE LIGHT” LAW
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please follow the instructions found here.
- CHANGES TO OUR PRIVACY NOTICE
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on our website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.
- CONTACT INFORMATION
If you have any questions or concerns about our privacy policies and practices, please do not hesitate to contact us as follows:
- Email: partnerships@madtech.io
- Address: 7 Toffee Ln., Madison, CT 06443