VEGAN MOB/ONLINE RESTAURANT PRIVACY POLICY

Effective Date: August 1st, 2020

Last Updated: June 3rd, 2021

This “Privacy Policy” explains how Online Restaurant/Vegan Mob (“Company” or “we”) collects, uses, discloses, and otherwise processes personal data on behalf of our customers typically, merchants (any, a “Merchant”) in connection with our application, Customer Facing Display, which runs on the Clover Point of Sale system (“Clover POS”). This Privacy Policy does not apply to Company’s privacy practices in any other context.

Company’s processing of personal data in connection with our application is governed by this Privacy Policy and our agreements with Merchants. In the event of any conflict between this Privacy Policy and a customer agreement, the customer agreement will control to the extent permitted by applicable law.

This Privacy Policy is not a substitute for any privacy policy that a Merchant may be required to provide to their customers, personnel, or other individuals.

At Online Restaurant, we collect and manage user data according to the following Privacy Policy, with the goal of incorporating our company values: transparency, accessibility, sanity, usability. This document is part of Online Restaurant’s Terms of Service, and by using upgrade-sf.com (the “Website”), you agree to the terms of this Privacy Policy and the Terms of Service. Please read the Terms of Service in their entirety, and refer to those for definitions and contacts.

Information We Collect

We collect anonymous data from every visitor of the Website to monitor traffic and fix bugs. For example, we collect information like web requests, the data sent in response to such requests, the Internet Protocol address, the browser type, the browser language, and a timestamp for the request.

We ask you to log in and provide certain personal information (such as your name and email address) in order to be able to save your profile and the documents and comments associated with it. In order to enable these or any other login based features, we use cookies to store session information for your convenience. You can block or delete cookies and still be able to use Online Restaurant, although if you do you will then be asked for your username and password every time you log in to the Website. In order to take advantage of certain features of the Website, you may also choose to provide us with other personal information, such as your picture or personal Website, but your decision to utilize these features and provide such data will always be voluntary.

You are able to view, change and remove your data associated with your profile. Should you choose to delete your account, please contact us at cfd-support@veganmob.biz, and we will follow up with such request as soon as possible.

Minors and children should not use Online Restaurant. By using the Website, you represent that you have the legal capacity to enter into a binding agreement.

We may collect personal data from or on behalf of Merchants. Merchants determine the scope of the personal data transferred to us or that we collect, and the information we receive may vary by Merchant. Typically, the information we collect on behalf of Merchants includes:

Information that we collect when a Merchant’s customers place an order

When a customer places an order via a Clover POS, we collect information about the order, which may include personal data. Information about transactions includes the customer’s name, payment status, the location of the merchant’s store, date and time of the transaction, transaction amount, customer phone number, and information about the goods or services noted in the order.

In addition, we collect:

  • Merchant's branding information such as logo images, custom color schemes, and font variations
  • Additional information Merchants’ customers provide through the Clover POS ancillary to a payment
  • Customers' names, if provided by customer when order is placed
  • We may collect additional information ancillary to the payment. This information may include:


  • Customers’ email address or phone number, such as when the customer chooses to receive an electronic receipt
  • Customers’ marketing preferences, such as whether the customer wishes to receive marketing communications or newsletters
  • Customers’ physical address, where needed for delivery of goods or services
  • Other information the customer provides, interests or preferences, reviews, and feedback
  • Information that we collect about Merchants’ personnel

    We may collect information about Merchants’ personnel and interactions with the Clover POS, including identification of employees responsible for placing the order.

    Additional information that Merchants provide to us about their customers or personnel

    Merchants may provide us with additional information directly, via access they grant to us, or otherwise. The types of information that merchants may provide to us about their customers include email addresses, phone numbers, and purchase history [describe any other applicable information]. The types of information that merchants may provide to us about their personnel include sales history.

    How We Use the Information We Collect

    We only use your personal information to provide you the Online Restaurant services or to communicate with you about the services or the Website.

    With respect to any documents you may choose to upload to Online Restaurant, we take the privacy and confidentiality of such documents seriously. We encrypt all documents, and permanently delete any redacted edits you make to documents. If you choose to make a document public, we recommend you redact any and all references to people and addresses, as we can’t protect public data and we are not responsible for any violation of privacy law you may be liable for.

    We employ industry standard techniques to protect against unauthorized access of data about you that we store, including personal information.

    We do not share personal information you have provided to us without your consent, unless:

  • doing so is appropriate to carry out your own request;
  • We believe it’s needed to enforce our Terms of Service, or that is legally required;
  • We believe it’s needed to detect, prevent or address fraud, security or technical issues;
  • Otherwise protect our property, legal rights, or that of others.
  • Online Restaurant is operated from the United States. If you are visiting the Website from outside the U.S., you agree to any processing of any personal information you provide us according to this policy.

    Online Restaurant may contact you, by email or other means. For example, Online Restaurant may send you promotional emails relating to Online Restaurant or other third parties Online Restaurant feels you would be interested in, or communicate with you about your use of the Online Restaurant website. Online Restaurant may also use technology to alert us via a confirmation email when you open an email from us. You can modify your email notification preferences by clicking the appropriate link included in the footer of email notifications. If you do not want to receive email from Online Restaurant, please opt out of receiving emails at the bottom of any Online Restaurant emails.

    We use the personal data we collect for or on behalf of Merchants, to provide our services and the functionality of our application:

    Customer Data: Display Names and order numbers, provide easily identifiable reference to orders, and provide ability to contact customer via text, only when facilitated by app’s user.

    Order Data: Provide ability to update order status, provide ability to view order receipts, and provide dynamically updated wait times

    We may also use personal data for related internal purposes, including:

  • To provide information about the application, such as important updates or changes to the application and security alertss
  • To measure performance of and improve the applicationn
  • To respond to inquiries, complaints, and requests for customer supportt
  • In addition, Company may use personal data as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal processes, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our application; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
  • We collect and process these categories of Personal Data as a matter of contractual necessity so that we can provide the Services to you in accordance with our Terms of Service. For example, we cannot open an account for you if you do not provide us with your first and last name. When we process Personal Data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such Personal Data.

    We also use the Personal Data we collect directly from you to operate, improve, understand and personalize our Services based on our legitimate business interest in operating our Services in a way that benefits us and our users. For example, we use the Personal Data to:

  • Create and manage user profiles
  • Communicate with you about the Services
  • Contact you about Service announcements, updates or offers
  • Provide support and assistance for the Services
  • Personalize website content and communications based on your preferences
  • Meet contract or legal obligations
  • Respond to user inquiries
  • Fulfill user requests
  • Comply with our legal or contractual obligations
  • Resolve disputes
  • Protect against or deter fraudulent, illegal or harmful actions
  • Enforce our Terms of Service
  • Information we receive from third party sources: Some third parties provide us with Personal Data about you, such as the following:

    Account information for third party services: If you interact with a third party service when using our Services, such as if you use a third party service to log-in to our Services (e.g., Facebook Connect), or if you share content from our Services through such third party service, the applicable third party service will send us certain Personal Data (specifically your first name, ID, token and profile picture URL) if the third party service and your account settings allow such sharing. Specifically, this Personal Data permits us to create and manage user profiles and sync your progress when you connect to Facebook through the Services. The Personal Data we receive will depend on the policies and your account settings with the applicable third party service. We process this Personal Data based on our legitimate business interest of personalizing and optimizing the Services to improve user experience.

    Information from our advertising partners: We receive information about you from some of our service providers (e.g., LinkedIn) who assist us with marketing or promotional services related to how you interact with our websites, applications, products, services, advertisements or communications. We process this Personal Data based on our legitimate business interest in providing direct marketing about our products and services.

    Information we automatically collect when you use our Services: Some Personal Data is automatically collected when you use our Services, such as the following:

  • IP address
  • Device identifiers
  • Web browser information
  • Page view statistics
  • Browsing history
  • Usage information
  • Cookies and other tracking technologies (e.g. web beacons, pixel tags, SDKs, etc.)
  • Location information (e.g. IP address, zip code)
  • Log data (e.g. access times, hardware and software information)
  • We process this Personal Data based on the following legitimate business interests:

  • Network security
  • Personalization of web content
  • Evaluation of quality of writing to consider engagement
  • Web analytics
  • Provision of rewards
  • Administrative matters
  • In collecting the Personal Data, we sometimes use “cookies” and other tracking technologies (e.g., web beacons and pixel tags). Cookies allow us to recognize your browser or device and “remember” your browser during subsequent visits for purposes of functionality, preferences, and website performance, and they also tell us how and when pages and features in our Services are visited and by how many people. The Services use the following cookies:

    Essential Cookies. Essential cookies are required for providing you features or services that you have requested. For example, certain cookies enable you to log into secure areas of our Site. Disabling these cookies may make certain features and services unavailable.

    Functionality Cookies. Functional cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These cookies help us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

    Performance/Analytical Cookies. Performance/analytical cookies allow us to understand how visitors use our Site and Services such as by collecting information about the number of visitors to the Site, what pages visitors view on our Site, and how long visitors are viewing pages on the Site. Performance/analytical cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising.

    Retargeting/Advertising Cookies. Retargeting/advertising cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.

    Most browsers automatically accept cookies but have an option for blocking or deleting cookies, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. You can usually access these options through the “Settings” or similar menu in your browser. For more information about cookies, including how to see what cookies have been set and how to manage and delete cookies, visit www.aboutcookies.org or www.allaboutcookies.org. Please note that if you block or delete cookies, some portions of the Services may not work properly. In some cases, cookies may enable us to aggregate certain information with other Personal Data we collect and hold about you.

    How We Process Personal Data:

    We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below. In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such Personal Data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. From time to time, we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

    What Personal Data Do We Collect From You and How Do We Use Your Personal Data?

    We collect Personal Data about you when you provide such Personal Data directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services.

    Other uses of Personal Data: In addition to the uses set forth above, we may also process the Personal Data we collect on the basis of the following legitimate business interests.

  • Operation and improvement of our business, products and services
  • Marketing of our products and services
  • Provision of customer support
  • Protection from fraud or security threats
  • Compliance with legal obligations
  • Completion of corporate transactions
  • How Long Do We Retain Your Personal Data?

    We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide the Services to you and improve the Services for all users generally. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.

    What Security Measures Do We Use?

    We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity.

    Personal Data of Children:

    We do not knowingly collect or solicit Personal Data from anyone in the EU, United Kingdom, Lichtenstein, Norway, or Iceland under the age of 16. If you are under 16, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at cfd-support@veganmob.biz.

    How We Share Information

    We share Personal Data with vendors, third party service providers and agents who work on our behalf and provide us with services related to the purposes described in this Privacy Policy or our Terms of Service. These parties include:

  • Analytics service providers
  • Staff augmentation and contract personnel
  • Hosting service providers
  • We also share Personal Data when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested. In addition to those set forth above, these parties also include:

  • Other users (where you post information publicly or as otherwise necessary to effect a transaction initiated or authorized by you through the Services)
  • Social media services (if you interact with them through your use of the Services)
  • Third party business partners who you access through the Services
  • Other parties authorized by you
  • We also share Personal Data when we believe it is necessary to:

  • Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies
  • Protect us, our business or our users, for example to enforce our terms of service, prevent spam or other unwanted communications and investigate or protect against fraud
  • Maintain the security of our products and services
  • We also share Personal Data with third parties when you give us consent to do so.

    We also use social buttons provided by services like Twitter, Google+, LinkedIn and Facebook. Your use of these third party services is entirely optional. We are not responsible for the privacy policies and/or practices of these third party services, and you are responsible for reading and understanding those third party services’ privacy policies.

    We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share personal information with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents.

    We may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your personal information as set forth in this policy.

    Furthermore, if we choose to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party, and we would share Personal Data with the party that is acquiring our assets based on our legitimate business interest of being able to provide you with continued services. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.

    We may share personal data that we collect with:

  • The Merchant from whom or on whose behalf we collected the personal data
  • The platform on which our application runs, the Clover POS. You may view Clover’s Privacy Notice here.
  • With third parties as a Merchant may direct
  • With third party service providers that help us manage and improve the application
  • With Company subsidiaries and corporate affiliates for the purposes described in this Privacy Policy or in our agreement with a Merchant
  • Company may disclose personal data to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal processes, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our application; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
  • Company may sell or transfer some or all of its business or assets, including your personal data, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.
  • Your Rights and Choices

    You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email cfd-support@veganmob.biz. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

    Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by emailing us at cfd-support@veganmob.biz.

    Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement Personal Data by emailing us at cfd-support@veganmob.biz.

    Erasure: You can request that we erase some or all of your Personal Data from our systems.

    Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.

    Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.

    Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.

    Restriction of Processing: You can ask us to restrict further processing of your Personal Data.

    Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.

    Data Subject Rights

    To the extent that applicable law provides individuals with rights pertaining to their personal information, such as to review and request changes to their personal information, individuals should contact the Merchant with any requests pertaining to the Merchant’s use of our application. To the extent that Clover is responsible for responding to data subject rights requests under applicable law, individuals may contact Clover with applicable requests as explained in Clover’s Privacy Notice, https://www.clover.com/privacy-policy. Company will assist a Merchant, or Clover, as applicable, in responding to such requests subject to our contract with a Merchant or Clover. To the extent that Twilio is responsible for responding to data subject rights requests under applicable law, individuals may contact Twilio with applicable requests as explained in Twilio's Privacy Policy Notice, https://www.twilio.com/legal/privacy.

    Complaints

    If you have a complaint about our handling of personal data, you may contact us via the contact information provided below.

    Updates

    We reserve the right to modify this Privacy Policy at any time without. We will notify you of updates by updating the date of this Privacy Policy.

    Contact Us

    You may contact us with any questions, comments, or complaints, about this Privacy Policy or our privacy practices via:

    cfd-support@veganmob.bizm

    VM - Office of Tech Operations - 500 Lake Park Avenue Oakland, CA 94610 USS

    Legal Bases for Processing

    Company processes personal data as directed or permitted by the Merchant that uses our application. The Merchant is responsible for establishing a legal basis for our processing of personal data for or on behalf of the Merchant.

    Cross Border Data Transfer

    When we transfer personal data outside of United States to countries not deemed by the Federal Data Protection and Information Commissioner to provide an adequate level of protection for personal data, we make the transfer pursuant to one of the following transfer mechanisms:

    A contract approved by the Federal Data Protection and Information Commissioner (sometimes called “Model Clauses” or “Standard Contractual Clauses”);

    The EU-US Privacy Shield;

    The recipient’s Binding Corporate Rules;

    The consent of the individual to whom the personal data relates;

    Other mechanisms or legal grounds as may be permitted under applicable United States law.

    You may contact us with questions about our transfer mechanism.

    Data Retention

    Subject to our agreement with a Merchant, Company retains personal data for as long as necessary to (a) provide our products and services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of any agreement we may have with a Merchant. You may contact us for additional information about our data retention practices in connection with the application.

    Data Subject Rights

    Under certain circumstances, data subjects in United States have certain rights relating to their personal data, which include the rights to request from the Controller (a) access to the data subject’s personal data; (b) correction of incomplete or inaccurate personal data; (c) erasure of personal data; (d) restriction of processing concerning the data subject; and (e) that the controller provide a copy of the data subject’s personal data that the data subject provided to the controller in a structured, commonly used and machine-readable format. Data subjects may also object to a controller’s processing of personal data under certain circumstances. Where processing is based on a data subject’s consent, the data subject has the right to withdraw consent at any time; however, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Data subjects may also file a complaint with a supervisory authority. You may view contact information for supervisory authorities at https://www.privacyshield.gov/data-protection-authorities. Data subjects in United States should direct any rights request to the appropriate Controller.

    GDPR PRIVACY-NOTICE

    If you are located in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.

    For this GDPR Privacy Notice, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data, such as collection, use, storage and disclosure. Online Restaurant, Inc. (“Online Restaurant”) will be the controller of your Personal Data processed in connection with the Services, except that we may also process Personal Data of our customers’ end users or employees in connection with our provision of services to such customers, in which case we are the processor of Personal Data and the customer is the controller. For more information about your data rights and processing activities where we are the controller, please contact us at cfd-support@veganmob.biz. Clover is also a controller of personal data in some circumstances. Clover’s Privacy Notice is available at https://www.clover.com/privacy-policy. For more information about your data rights and processing activities where we are the processor, please contact the controller party in the first instance.

    Controller

    Company is a data processor acting for and on behalf of the Merchant that has installed our application on their Clover POS. That Merchant is the controller of personal data that we process on its behalf.

    Additionally

    Where applicable, this GDPR Privacy Notice is intended to supplement, and not replace, our existing privacy policy). If there are any conflicts between this GDPR Privacy Notice and our Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this notice or whether any of the following applies to you, please contact us at cfd-support@veganmob.biz.

    When we transfer personal data outside of Europe to countries not deemed by the European Commission to provide an adequate level of protection for personal data, we make the transfer pursuant to one of the following transfer mechanisms:

  • A contract approved by the European Commission (sometimes called “Model Clauses” or “Standard Contractual Clauses”);
  • The EU-US Privacy Shield;
  • The recipient’s Binding Corporate Rules;
  • The consent of the individual to whom the personal data relates; or
  • Other mechanisms or legal grounds as may be permitted under applicable European law.
  • You may contact us with questions about our transfer mechanism.

    PRIVACY STATEMENT-CALIFORNIA

    This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Statement of Online Restaurant and its subsidiaries (collectively, “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.

    Effective Date: December 1st, 2020

    Last Updated: December 1st, 2020

    Information We Collect

    We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

    Category Examples Collected:

    A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver`s license number, passport number, or other similar identifiers. YES

    B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver`s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES

    C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO

    D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES

    E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO

    F. Internet or other similar network activity. Browsing history, search history, information on a consumer`s interaction with a website, application, or advertisement. NO

    G. Geolocation data. Physical location or movements. YES

    H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO

    I. Professional or employment-related information. Current or past job history or performance evaluations. NO

    J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO

    K. Inferences drawn from other personal information. Profile reflecting a person`s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO

    Personal information does not include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA`s scope, like:

  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver`s Privacy Protection Act of 1994.
  • We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
  • Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them.
  • Directly and indirectly from activity on our website (www.veganmob.biz). For example, from submissions through our website portal or website usage details collected automatically.
  • From third-parties that interact with us in connection with the services we perform. For example, from government agencies when we prepare readiness assessments for projects that receive government funding.
  • Use of Personal Information

    We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in order for us to prepare a tax return, we will use that information to prepare the return and submit it to the applicable taxing authorities.
  • To provide you with information, products or services that you request from us.
  • To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • To improve our website and present its contents to you.
  • For testing, research, analysis and product development.
  • As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
  • We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

    Sharing Personal Information

    We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

    In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

    Category A: Identifiers.

    Category B: California Customer Records personal information categories.

    Category C: Protected classification characteristics under California or federal law.

    Category I: Professional or employment-related information.

    We disclose your personal information for a business purpose to the following categories of third parties:

  • Our affiliates.
  • Service providers.
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
  • In the preceding twelve (12) months, we have not sold any personal information.

    Your Rights and Choices

    The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

    Access to Specific Information and Data Portability Rights

    You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • o sales, identifying the personal information categories that each category of recipient purchased;
  • o disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • Deletion Request Rights

    You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

    We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • 1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • 2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • 3. Debug products to identify and repair errors that impair existing intended functionality.
  • 4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • 5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • 6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information`s deletion may likely render impossible or seriously impair the research`s achievement, if you previously provided informed consent.
  • 7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • 8. Comply with a legal obligation.
  • 9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
  • Exercising Access, Data Portability, and Deletion Rights

    To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either: Phone number, email, or website (must have at least two ways to contact)

    Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

    You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
  • We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor`s identity or authority to make the request.

    Response Timing and Format

    We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request`s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

    We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    Non-Discrimination

    We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  • Changes to Our Privacy Notice

    We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.

    Contact Information

    If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

    cfd-support@veganmob.biz

    VM - Office of Tech Operations - 500 Lake Park Avenue Oakland, CA 94610 US