privacy addendums by U.S. state

We have collected the following categories of Personal Information within the last twelve (12) months for the business purposes described in this Privacy Notice. The CCPA as amended, defines a “Business Purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected. The CCPA defines “Collected” as buying, renting, gathering, obtaining, receiving, or accessing any Personal Information pertaining to a consumer by any means, including receiving information directly or passively from the consumer, or by observing the consumer’s behavior.

We make disclosures for a Business Purpose under written contracts that describe the purposes, require the recipient to keep the Personal Information confidential, and prohibit selling or sharing of Personal Information and using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Company has disclosed categories of Personal Information as defined in Cal. Civ. Code §1798.140(v)( 1 ) for a Business Purpose to the categories of service providers or contractors indicated below:

( A ) Identifiers: We may collect the following types of Personal Information from you for the purpose of providing products and services: name, address, online identifiers, IP address, email address, account log in, and account usage information.

( B ) Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): We may collect from you or from our website, products and/or services the following: your first name, last name, postal address, unique personal identifier, online identifier, internet protocol address, email address, email data, usage data, account name, financial information, or other similar identifiers for the purpose of providing products and services.

( C ) Protected Classification Characteristics Under California or Federal Law: For the purpose of hosting events our marketing department may collect food preferences for a specific event. Responses to questions regarding special dietary requirements can potentially reveal the religious affiliation or health information of the attendee.

( D ) Commercial Information: We may collect from you and from our website, products and/or services about the services you have purchased from us for the purpose of providing products and services.

( E ) Biometric Information: We collect biometric information such as signatures from individuals.

( F ) Internet Information: We may collect other types of information from our website, products and/or services and from our service providers and business partners for the purpose of maintaining appropriate security over computer networks, for use in improving our existing services, developing new services, and for the operational purposes of our service providers and business partners.

We may also collect from our website, products and/or services customer usage information to analyze how you and other customers interact with our website, products and/or services.

( G ) Geolocation Information: We may collect information from you or from our website, products and/or services regarding your location or the location where our website, products and/or services are utilized.

( H ) Sensory Data: We collect audio/visual information. Specifically, we or our service provider(s) may take photographs or make visual recordings of you with your consent at one of our events.

( I ) Professional or Employment Information: We may collect information from you regarding your employment status, affiliation and job title for the purpose of providing products and services.

( K ) Inferences Drawn From Other Personal Information: we collect information based on which inferences could be drawn to create a profile about a consumer reflecting the consumer’s preferences, characteristics, predispositions or behavior.

( L ) Sensitive Personal Information: We may collect Personal Information that reveals (B) your account log-in, password, or credentials allowing access to log into our services, ( C ) your precise geolocation, (D) your racial or ethnic origin, religious or philosophical beliefs, or union membership.

We obtain the categories of Personal Information listed above from the following categories of sources:

• Directly from you. For example, from forms you complete, or products and services you inquire about or purchase.
• Indirectly from you. For example, from observing your actions and interactions with the services.
• Other sources. For example, from a customer’s website or social media platforms for marketing purposes, our affiliates, data analytics providers, advertising networks, internet service providers, publicly available sources, operating systems and platforms.

We may also use de-identified or aggregate data that is not capable of being linked to any individual for additional purposes not listed above.

Categories of Information Collected and Shared for Commercial Purposes and/or Cross-Context Behavioral Advertising. During the past 12 months we have Collected the following categories of information about California residents from the listed sources, used it for the listed commercial and/or cross-context behavioral advertising purposes, as defined by the CCPA, and sold or shared it with the listed categories of third parties. Please note that as defined by the CCPA, a “sale” includes making a consumer’s Personal Information available for monetary or other valuable consideration.

• The CCPA defines “shared” as “sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged” unless (i) you use or direct us to intentionally disclose your Personal Information or intentionally interact with one or more third parties; (ii) it’s needed to honor your opt-out request; or (iii) it’s part of an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which a third party assumes control of all or part of our business.
• In the preceding twelve (12) months, inriver has sold or shared categories of Personal Information as defined in Cal. Civ. Code §1798.140(v)( 1 ) for a commercial or cross-context behavioral advertising purpose to the categories of third parties indicated below.
  • (A) Identifiers: We may collect from you or from our website, products and/or services the following information and share it with analytics providers and/or inriver Partners for marketing purposes which may be considered as a “sale” or “sharing” of Personal Information under the CCPA: company name, company address, name of the company representative that contacted us, online identifiers, IP address, email address, and phone number.
  • (B) Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): We may collect from you or from our website, products and/or services the following information and share it with analytics providers and inriver Partners for marketing purposes which may be considered as a “sale” or “sharing” of Personal Information under the CCPA: company name, company address, name of the company representative that contacted us, online identifiers, IP address, email address, and phone number.
  • (I) Professional or Employment Information: We may collect from you or from our website, products and/or services the following information and share it with inriver Partners for marketing purposes which may be considered as a “sale” or “sharing” of Personal Information under the CCPA: employment status, affiliation and/ or job title.

For more information about the Personal Information we collect and how we collect it, please see the “What information do we collect from you?” and “How do we use the personal information?” and “Who might we share your information with?” sections of our Privacy Notice.

We share personal information as further described in the “How do we use the personal information?” section of the Privacy Notice.  We also disclose the categories of service providers and contractors to whom we have disclosed Personal Information for business purposes in the “Who might we share your information with?” of the Privacy Notice.

We retain Personal Information as long as it is reasonably necessary and proportionate to achieve the purposes for which the Personal Information was collected or processed, or for another disclosed purpose that is compatible with the context in which Personal Information was collected and as further described in “How long do we keep hold of your information?” of this Privacy Notice.

If you are a California resident or are a California employee or contractor of inriver, the CCPA as amended, provides you with specific rights regarding your Personal Information, subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us, or the security of our network systems. You have the following rights that may be exercised as further described below:

Right against Discrimination

You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your rights.

Right to Know

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. You may make such request for access or data portability twice within twelve (12) month period. Once we receive and confirm your verifiable consumer request, we will disclose the following to you: (i) the categories of Personal Information we collected about you; (ii) the categories of sources for the Personal Information we collected about you; (iii) the business or commercial purpose for collecting (or selling or sharing, if applicable) the Personal Information; (iv) the categories of third parties with whom we share such Personal Information; and (v) the specific pieces of information we collected about you.

Request for Information

Pursuant to Section 1798.83 of the California Civil Code (California’s “Shine the Light” law), residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Information the business shares with third-parties for such third-parties’ direct marketing purposes and the identities of the third-parties with whom the business has shared such information during the immediately preceding twelve (12) month period.

Right to Delete

Pursuant to the CCPA, you have the right to request that we delete any of your Personal Information we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete and will direct our service providers to delete your Personal Information from our records and if applicable, to instruct their service providers or contractors to delete your Personal Information from their records, unless an exception applies. Keep in mind, we may deny your request if it is necessary for us or our service providers to: (i) complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform services pursuant to our contract with you; (ii) help to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for those purposes; (iii) debug our website and/or identify and repair errors that impair existing intended functionality; (iv) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (v) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq. of Title 12 of Part 2); (vi) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (vii) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (viii) make other internal and lawful uses of that information that are compatible with the context in which you provided it; or (xi) comply with a legal obligation.

Right to Correct

If applicable, you have the right to request us to correct inaccurate Personal Information about you, taking into account the nature of the Personal Information and the purpose of the processing of Personal Information. Upon verifying the validity of a verifiable consumer correction request, we will use commercially reasonable efforts to correct the inaccurate Personal Information as directed by you and in compliance with CCPA, as amended.

Right to Opt-out of Sale or Sharing of Your Personal Information

You have the right to opt-out of having your Personal Information, including Sensitive Personal Information, sold or shared for cross-context behavioral advertising. If you wish to opt out of having your Personal Information sold or shared for cross-context behavioral advertising please click this link: “Do Not Sell or Share My Personal Information” and we will process your request.

Right to Limit the Use and Disclosure of Sensitive Personal Information

Additionally, you have the right to direct inriver to limit our use of your Sensitive Personal Information to that information which is expected by an average individual as necessary to perform our Services or for your employment. If you wish to limit our use or disclosure of your Sensitive Personal Information, please click this link: “Limit the Use of My Sensitive Personal Information” and we will process your request.

Consumers Under 16 Years of Age

We will not sell or share Personal Information of users if we have actual knowledge that the user is less than 16 years of age, unless the user, in the case of user at least 13 years of age and less than 16 years of age, or the user’s parent or guardian, in the case of users who are less than 13 years of age, has affirmatively authorized the sale or sharing of the user’s Personal Information.

Exercising Your Rights

If you’re a California resident and desire to exercise your data protection rights, please contact us at legal@inriver.com or write to:

inriver Inc.
Attn: Data Protection Compliance
125 South Wacker Drive, #1550
Chicago, IL 60606

With the exception of your right to opt-out of sale or sharing of your Personal Information for which we do not need to verify your identity, you may be required to provide additional information necessary to confirm your identity before we can respond to your request, and we will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request within 10 days from receipt of such request and will endeavor to respond within 45 days after receipt of your request, but if we require more time (up to an additional 45 days) we will notify you of our need for additional time. For requests that we not sell or share your information, or limit the use of your sensitive Personal Information, we will comply with your request within 15 days after receipt of such request. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm that the Personal Information relates to you. You may make a request for disclosure of our information collection practices, the information we collected about you, or our sharing practices up to twice within a 12-month period. You may make a request that we not sell or share your information, limit the use of your sensitive Personal Information or for deletion of your information at any time. For requests for a copy of the Personal Information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your e-mail account on file, if you have an email address on file with us. For requests for deletion of your information, please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if 1) the information is necessary for us to (a) complete a transaction for you or otherwise perform a contract; or (b) detect, protect against, or prosecute security incidents, fraud or illegal activity; 2) we use the information only internally in ways reasonably aligned with your expectations as our customer, and 3) we are required to retain the information to comply with legal obligations. If we receive such a request from you, we will notify any service providers we have engaged and provided your information to delete your information as well.

In the event you make the foregoing request, we will wait at least twelve (12) months thereafter to request that you opt-in to the sale of Personal Information (should we change our practices in the future and desire to do so). Please note, you do not need to create an account with us or engage us to provide services to exercise your opt-out rights. We will only use the Personal Information and other data in the opt-out request to review and comply with the request.

Verification of Consumer Request and Timeline

It is imperative that we verify the consumer request and so you must provide information that allows us to reasonably verify you are the person about whom we collected the Personal Information or an authorized representative. If you make a request on behalf of another individual, we will need to verify that you have the authority to do so. You must also describe your request with sufficient detail that allows us to properly understand, evaluate and respond to such request. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will not honor your request if an exception to the law applies.

We will try and respond to requests within forty-five (45) days after our receipt of such verifiable request (or within such other time as required by applicable law). If we need additional time, we will notify you in writing and inform you of the reason for the extension of time. For the avoidance of doubt, any such requests for personal information will cover the twelve (12) month period immediately preceding the date of such verifiable request. We will provide such information in a commonly used format. We will not discriminate against you for exercising your rights under the CCPA. For more information about requests, please see the “Who might we share your information with?” section of the Privacy Notice.