California Privacy Rights Act (CPRA) Privacy Policy Addendum
Effective January 1, 2023
If you are a California resident, this Addendum applies to you. This Addendum describes how we collect, use and share your personal information in our capacity as a “business” under the California Privacy Rights Act of 2020 (“CPRA”), and the rights that you have with respect to your personal information, including sensitive personal information. For the purposes of this Addendum, “personal information” and “sensitive personal information” have the meanings given in the CPRA and do not include information excluded from the CPRA’s scope.
This Addendum is provided as a supplement to our Privacy Policy. For a more complete understanding of our privacy practices and how we handle personal information, please read our Privacy Policy.
Categories and Sources of Personal Information Collected
The table below summarizes the personal information which Onemata collects or has collected in the twelve (12) months prior to the effective date of Onemata’s Privacy Policy, fall into the following categories established by the CPRA, and have been collected from the sources defined below. Information you voluntarily provide us, such as in free-text webforms, may contain additional categories of personal information not described below.
Category | Examples | Categories of Sources |
|---|---|---|
Sensitive personal information | Precise geolocation | • Publishers (such as mobile applications, or “apps”, desktop, and mobile websites) • Software development kit (SDK) networks • Data brokers |
Characteristics of protected classifications under California or federal law | Age and gender | • Data brokers |
Identifiers | First and last name, email address, hashed email address, postal address, phone number, IP address, mobile advertising ID (MAID) also known as a IDFA for Apple products or a GAID or AAID for Google/Android products, cookie identifiers | • You • Publishers (such as mobile applications, or “apps”, desktop, and mobile websites) • Software development kit (SDK) networks • Data brokers |
Professional or employment-related information | Employer, education, employment and employment history | • You • Data brokers |
Internet or other electronic network activity information | Browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement, operating system (OS), user agent (i.e. browser identification), SSID/BSSID | • Your browser or device when you visit our website • Publishers (such as mobile applications, or “apps”, desktop, and mobile websites) • Software development kit (SDK) networks • Data brokers |
Geolocation data | Latitude, longitude, time stamp of when its location was observed, country of where its location was observed, speed of movement when its location was observed, and the horizontal and vertical accuracy of the latitude/longitude coordinates | • Publishers (such as mobile applications, or “apps”, desktop, and mobile websites) • Software development kit (SDK) networks • Data brokers |
Categories of Personal Information Sold and Categories of Third Parties Sold To
Onemata has “sold” (as defined by the CPRA) the following categories of personal information to the categories of third parties defined below in the twelve (12) months prior to the effective date of Onemata’s Privacy Policy.
Category | Category of Third Parties Sold To |
|---|---|
Sensitive Personal Information (e.g. precise geolocation) | • See above |
Identifiers (.g. first and last name, email address, hashed email address, postal address, phone number, IP address, mobile advertising ID (MAID) also known as a IDFA for Apple products or a GAID or AAID for Google/Android products, cookie identifiers) | • Platforms • Analytics developers • Data brokers |
Characteristics of protected classifications under California or federal law (e.g. age and gender) | • See above |
Internet or other electronic network activity information (e.g. browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement, operating system (OS), user agent (i.e. browser identification)) | • See above |
Geolocation data (e.g. latitude, longitude, time stamp of when its location was observed, country of where its location was observed, speed, altitude and direction of movement when its location was observed, and the horizontal and vertical accuracy of the latitude/longitude coordinates) | • See above |
Professional or employment-related information (e.g. employer, education, employment and employment history) | • See above |
Categories of Personal Information Disclosed for a Business Purpose and Categories of Third Parties Disclosed To
Onemata has disclosed for a “business purpose” (as defined by the CCPA) the following categories of personal information to the categories of third parties defined below in the twelve (12) months prior to the effective date of Onemata’s Privacy Policy.
Category | Category of Third Parties Disclosed To |
|---|---|
Sensitive Personal Information (e.g. precise geolocation) | • Service providers (e.g. cloud management/storage providers, IT consultants) |
Characteristics of protected classifications under California or federal law (e.g. age and gender) | • Service providers (e.g. cloud management/storage providers, IT consultants) |
Professional or employment-related information (e.g. employer, education, employment and employment history) | • Service providers (e.g. cloud management/storage providers, IT consultants, website provider/support, customer support, marketing service providers, payment processors) |
Geolocation data (e.g. latitude, longitude, time stamp of when its location was observed, country of where its location was observed, speed, altitude and direction of movement when its location was observed, and the horizontal and vertical accuracy of the latitude/longitude coordinates) | • Service providers (e.g. cloud management/storage providers, IT consultants) |
Internet or other electronic network activity information (e.g. browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement, operating system (OS), user agent (i.e. browser identification), SSID/BSSID) | • Service providers (e.g. cloud management/storage providers, IT consultants) |
Identifiers (e.g. first and last name, email address, hashed email address, postal address, phone number, IP address, mobile advertising ID (MAID) also known as a IDFA for Apple products or a GAID or AAID for Google/Android products, cookie identifiers) | • Service providers (e.g. website provider/support, customer support, marketing service providers, payment processors, IT consultants) |
Our Business and Commercial Purposes for Collecting, Selling and Sharing Personal Information
The business and commercial purposes for which we collect, sell and/or share personal information are described in detail in our Privacy Policy and our Cookie Policy.
Your Rights with Respect to Your Personal Information
As a California resident, you have certain rights available to you with respect to your personal information pursuant to the CPRA. This section describes those rights and how you may exercise those rights.
Right to Access
You may request the following information about how we have collected and used your personal information, including sensitive personal information, during the past 12 months:
-
The categories of personal information we have collected about you;
-
The categories of sources from which we collected the personal information;
-
The business or commercial purposes for collecting, selling, or sharing the personal information;
-
The categories of third parties to whom we disclosed the personal information;
-
The categories of personal information that we sold or shared for a business purpose; and
-
The categories of personal information that we disclosed for a business purpose.
In addition to the information above about how we have collected and used your personal information, you may also request:
-
The specific pieces of personal information we have collected about you during the past 12 months.
Right to Know
In addition to the information listed above under the right to access, you may also request the following information about how we have sold or shared personal information about you, or disclosed person personal information about you, during the past 12 months:
-
The categories of personal information we have collected about you;
-
The categories of personal information we have sold or shared about you;
-
The categories of third parties to whom your personal information was sold or shared;
-
The categories of personal information we have disclosed about you for a business purpose; and
-
The categories of persons to whom your personal information was disclosed for a business purpose.
Right to Correct
You may ask us to correct any specific personal information you believe to be inaccurate.
Right to Request to Delete
You may ask us to delete any personal information we may have collected about you.
Right to Opt-Out of the Sale or Sharing of Your Personal Information
California residents have the right to opt-out of the “sale” of your personal information, as defined by California law.
Right to Limit Use and Disclosure of Sensitive Personal Information
You can direct us to limit the use of any sensitive personal information, as defined in the CPRA, that we may collect about you. You may do this by clicking on the “Limit the Use of My Sensitive Personal Information” link here or elsewhere on our website.
Right to Nondiscrimination
Onemata does not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.
Exercising Your Right to Know, Access, Correct, Delete and Opt-Out
California residents may submit a request to know, access, correct, delete or opt-out, by clicking here. Alternatively, you may use the contact information provided in the Contact Us section of our Privacy Policy, or at our toll-free number (833) 663-6282. Onemata will honor your rights to the extent required by the CPRA.
Please be sure to complete the form in its entirety so we are able to identify you in our records. The information you provide us in the form will only be used to locate your personal data in our records and carry out your request, as necessary. Upon receipt of a request, we will verify your identity and your California residence for security purposes and as required and/or permitted under California law. For instance, if you request categories or specific pieces of personal information we have collected or shared about you, you may need to provide a piece of identification that confirms you are the person you claim to be.
We will review all requests and comply as necessary under applicable law. If we are unable to complete your request, we will provide you additional information about the reasons that we could not comply with your request.
Information About Persons Under 16 Years of Age
We do not knowingly collect personal information from minors under 16 years of age in California. If we learn that personal information from such California residents has been collected, we will take reasonable steps to remove their information from our database.
Authorized Agents
You may also designate an agent to make requests to exercise your rights under the CPRA as described above. To accommodate such a request by an authorized agent, we will either:
-
Require a copy of a valid power of attorney and verify the identity of the authorized agent, or
-
Take steps to verify both your identity as well as the identity of your authorized agent and require a copy of a signed written authorization allowing the authorized agent to make such a request on your behalf.
If you are an authorized agent and would like to make a request on behalf of a California resident, please send an email to privacy@onemata.com with the information specified directly above.
Annual Reporting for 2021
Request Type | Number Received | Number Complied With | Number Denied | Average Number of Days for Response |
|---|---|---|---|---|
Access | 0 | 0 | 0 | 0 |
Deletion | 0 | 0 | 0 | 0 |
Opt-out | 0 | 0 | 0 | 0 |