BUILDWITHIN INC. GLOBAL PRIVACY NOTICE

Effective Date:   October 30, 2022 

BUILDWITHIN INC. (the “Company”, “BuildWithin”, “we”, “us”, “ours”) is committed to protecting your privacy. We have prepared this Privacy Notice (or “Notice”) to describe to you our practices regarding our collection and use of your Personal Data and Personal Information (as defined herein). This Privacy Notice provides information about the types of information we collect from our Services and website and what we may do with that information. 

In this Notice, we will outline and describe the following with respect to the Personal Data or Personal Information that we collect: 

You will note that throughout this Notice we use words that are capitalized. These are special terms that are defined within the applicable paragraph or under the Definitions Section in Section XI. 

If you are a resident of one of these specific jurisdictions, please visit the correspondence Appendix to learn about your additional, specific privacy rights:
                California Residents –        Appendix A
                Colorado Residents –         Appendix B
                Connecticut Residents –    Appendix C
                Nevada Residents –           Appendix D
                Utah Residents –                Appendix E
                Virginia Residents –           Appendix F
By accessing or using our websites, mobile applications (“apps”), or submitting information to us, or otherwise agreeing to this Policy, e.g., in the context of registering for any of our products or services, you understand and consent to our collection and use of your personal information as described herein.

I.          WHAT INFORMATION WE COLLECT
A. Information you provide: 
If you are just browsing the BuildWithin website, we do not ask you to enter any personal information about yourself unless you complete a form to request a demo, download content, or interact in any way you choose on your own and is available on the webpage. We may also collect your user name, or handle, from Facebook orTwitter when you connect to us from them or wish to connect to them from us. We may also combine information you provide with PersonalData we collect automatically (as further described in Part I, Section B below)and with Personal Data we receive from third-parties. We may also associate information you provide with information we collect about you from different devices, browsers and platforms. 

B. Information collected automatically:  
Certain information that identifies you may be passively collected and stored on our or our service providers’ server logs, including your Internet Protocol (“IP”) address, browser type, operating system and information regarding what website pages you accessed and when. An IP address is a number that is automatically assigned to your computer when you use the Internet. In some cases your IP address stays the same from browser session to browser session; but if you use a consumer Internet access provider, your IP address may vary from session to session. We also use Cookies and navigational data like Uniform Resource Locators (“URL”) to gather information regarding the date and time of your visit to our website or access our Platform through a client and the information for which you searched and viewed. This type of information is collected to make our Services more useful to you and our Clients, and to tailor the experience with us to meet your special interests and needs.

Cookies. Cookies are small pieces of information that a website sends to your devices while you are viewing a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a better experience with our Platform.Persistent Cookies can be removed by following your Internet browser directions. If you choose to disable Cookies, some aspects of our Services may perform differently, for instance, you will need to re-enter your information each time you return to use the Services.

If you do not know what cookies are, or how to control or delete them, then we recommend you visit www.aboutcookies.org for detailed guidance. Cookies allow us to identify and authenticate visitors, track aggregate behavior, and enable important service features.  We may also contract with analytics services, third-party affiliate services, and third-party advertising companies to collect similar information. These cookies allow the ad servers to recognize your computer each time they send you an online advertisement, and compile information about you or others who use your computer. This information allows such advertising networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you.  

Web Beacons/Tags. We may automatically collect aggregate anonymous information through files embedded in our services and emails known as “web beacons.” We may deliver a web beacon to you through our services from an advertising network with which we have contracted. Web beacons allow third parties to provide anonymized and aggregated auditing, research, and reporting for us. Web beacons also allow us to tell whether email recipients are able to properly view messages or if email messages have been opened, to ensure that we are sending only messages that are of interest to our users. We may use this information to reduce or eliminate messages sent to users. We do not tie the information gathered by web beacons to personal information.

FlashLSOs. When we post videos, third parties may use local shared objects, known as“Flash cookies,” to store your preferences for volume control or to personalize certain video features. Flash cookies are different from browser cookies because of the amount and type of data and how the data is stored. The cookie management tools provided by many popular browsers will not remove Flash cookies. To learn how to manage Flash cookie privacy and storage settings, click here: 
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html.

Analytics. We may use analytics tools or similar tools provided by third parties (“Data Analytics Providers”)to help analyze how you and other users utilize our services. Analytics tools use cookies and other tracking technologies to collect information such as how often users visit our website, what pages they visit, and what other websites they have used prior to visiting our website. We use the information we get from analytics tools only to improve services. Analytics tools collect the IP address or other unique identifier assigned to you on the date you visited services. We do not combine the information generated through the use of analytics tools with your other personal information. Analytics tools provided by third parties plant a persistent cookie on your web browser to identify you as a unique user the next time you visit our website, and the treatment of that information is governed by the third party’s terms of use and/or privacy policy. To learn about how Google uses data related to website analytics when you use our site or apps, click here: https://policies.google.com/technologies/partner-sites.For information about how Facebook uses cookies and other storage technologies, click here: https://www.facebook.com/policies/cookies/.

Geolocation Data.  Subject to your device permissions, We (or Our service providers) may be able to collect information about the location of your device or may gather other general location data based on GPS data, mailing address, and/or billing address (hereinafter collectively referred to as “Geo-location Data”), to customize our Services based on your location. You can prevent your device from sharing precise location information, including without limitation some or all of the Geo-Location Data, at any time through your device’s operating system settings.We do not offer third-party advertising on our website, therefore we do not respond to “do not track signals” or other mechanisms that might enable website visitors to opt out of tracking on the BuildWithin site.

The following third parties may collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and app usage and how you interact with our properties and ads for a variety of purposes, such as personalization of offers or advertisements, analytics about how you engage with websites or ads and other commercial purposes.  For more information about the collecting, use and sale of your personal data and your rights with respect to these third parties, please see the links listed below:

Google – www.policies.google.com/privacy 
Webflow Intercom – www.webflow.com/legal/privacy 
User Centrics – www.usercentrics.com/privacy-policy/

BY USING OUR WEBSITE, YOU GIVE CONSENT FOR US TO SHARE YOUR DATA WITH THESE PROCESSORS, AND FOR THEM TO TRANSFER THIS INFORMATION ONWARD TO THEIR PARTNERS IN CONNECTION WITH PROVIDING YOU SERVICES.

C. Information collected from third-parties: 
In addition to the information that we collect as described above, we also collect information about you from our third-party integrators and vendors. These parties are used by us to run our Platform and integrate our Services with our Clients. The information that we collect through these channels includes your geolocation data, derived from the address that you may submit when completing a website survey or form.

II.     HOW WE COLLECT YOUR INFORMATION 
We collect your Personal Data in a number of ways, and this section will describe those methods. 

A. Your direct interaction with us: We collect your Personal Data when you interact directly with us by coming to our website to browse, to request information, to download or view content and to interact with our site bot.

B. From our Clients: Another way we collect your Personal Data is from our Clients who contract with us to use BuildWithin services. If you provide your information via a form that that uses our Platform, we will collect the information you provide on the form such as name,  e-mail address and the full content of your message, including attached files, and other information you provide. This method of Personal Data submission to us could occur (i), for instance if the Data Subject completes a form created by a client but powered by BuildWithin.  Platform, or (ii) where the Client captures the Data you enter and then transmits that Data to us.

C. From Third-Party Technologies and Social Network Sites: We may receive Personal Data about you from other sources with which you have interacted, such as through third-party technologies that are integrated into the Services like Alexa, which is owned by Amazon, or through social networks like Facebook or Twitter when you grant us permission to access these technologies to further use BuildWithin Services. Further, we may associate this Personal Data obtained from these sources with the other Personal Data we have collected about you from other sources as described in this Notice. We do not control or supervise how these third-parties process your Personal Data, and any information request that you have regarding the disclosure of your Personal Data from them to us should be made directly to those third-parties.

D. Third-party analytics: Third-parties who provide us with analytics services for our Platform and Services may collect some of the information described in Section I, including, for example, IP address, access times, browser type and language, device type, device identifiers and Wi-Fi information. For instance, we use Google Analytics and similar services to perform certain analytical tasks about our web user’s activities. We use the User-ID feature of Google Analytics to combine behavioral information across devices and sessions (including authenticated and unauthenticated sessions).

III.    HOW WE USE YOUR INFORMATION AND THE LEGAL BASIS FOR SHARING IT 
We may use your information to:

Applicable laws require us to have a “legal basis” for using and sharing your information. These legal bases include the following:

IV.    HOW WE SHARE YOUR INFORMATION 

A. With your consent:
 
Where you have provided express and unambiguous consent, we share your Personal Data as described at the time of consent.

The specific ways in which you consent to share Personal Data that you provide to us is when we enable you to complete skills assessments, questionnaires, forms, send other users messages or assign tasks that are part of the work you do through our Platform. These messages may include your full name, e-mail address, mailing address and other contact information you may have provided as part of the submission. You are solely responsible for the specific message(s) you send using our Services. 

Information you share publicly through our Platform may be indexed through third party search engines, such as Google or Bing. We do not control the practices of third party search engines, and they may use caches containing your outdated information. You acknowledge that Personal Data that you submit when you interact with our Platform through our website or Services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such Personal Data by others. 

B. Third-Party Sub-Processors: 
We use third-party Sub-Processors (including contractors, service providers and third parties) to provide the Services and to help with our operations, which may require that these Sub-Processors have access to and use your Personal Data. For example, we may use a third-party to communicate with you (via telephone, email, or SMS) to provide customer support, to receive additional Data about you, and to perform analytics and other work that we may need to outsource. The Sub-Processors are bound by law and/or contract to protect the confidentiality and security of Personal Data, and to only process your Personal Data to provide requested services and only act on our documented instructions.

C. Third-Party websites: 
We may provide links to other websites, such as social network sites (Facebook, Twitter) and other websites may provide links to our website. Third-party websites operate according to their own terms of use and privacy policies. BuildWithin has no control over such third-party websites, and by using our Platform and Services, you acknowledge and agree that we are not responsible for the availability of such third-party sites, and do not endorse and are not responsible or liable for any content, advertising, products or other materials on or available from such sites. You further acknowledge and agree that BuildWithin will not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any content, advertising, products, or other materials on or available from such sites.

D. De-identified information about you: 
We may also share aggregated or de-identified information (i.e., information that does not personally identify you directly), or statistical information about you, including statistical data and historical use data, with others for a variety of purposes, including for their own uses, for example, for improving their services for you and others, or for educational purposes. Your Personal Data will not be shared on an individual, identifiable basis under these circumstances, nor can you ask us to restrict this type of sharing, since it does not identify you.

E. As required by law or legitimate business interest: 
In addition, we may disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. Likewise, we may disclose your Personal Data to our professional advisers as reasonably necessary for the purposes of managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. Also, we may share some or all of your Personal Data in connection with or during negotiation of any merger or similar transaction involving sale or transfer of some or all of our business or assets. If another company acquires our company or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Notice.

V.     WE DISCLOSE YOUR PERSONAL DATA INTERNATIONALLY 

A. Our Headquarters:
 
Our headquarters is in the United States. Whether or not you live in the United States, information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from foreign officials, including the European Union under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, for EEA residents, we collect and transfer to the U.S. Personal Data only: (i) with your consent; (ii) to perform a contract with you; (iii) to conclude or perform a contract with another person in the furtherance of your or our legal interests (such as with a Client); or (iv) to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms. We strive to apply suitable safeguards to protect the privacy and security of your Personal Data and to use it only consistent with your relationship with BuildWithin and the practices described in this Privacy Notice.

B. Third-Parties: 
While many of our third-party Sub-Processors are global companies with operations in the EEA, some of the third-party Sub-Processors with whom we share Personal Data are located outside of the EEA. Certain third countries have been officially recognized by the European Commission as providing an adequate level of protection. You can find the list of these countries at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. Transfers to third-parties located in other third countries outside the EEA take place using an acceptable data transfer mechanism, such as the EU Standard Contractual Clauses, the UK’s International Data Transfer Agreement, Binding Corporate Rules, or approved Codes of Conduct and Certifications. 

Please contact our Data Privacy Officer at the address or email listed below, in Section IX, if you want to receive further information about these Sub-Processors. 

VI.    HOW LONG WE KEEP YOUR DATA 

Your Personal Data is stored by us on the servers of the cloud-based database management services that we engage, located in the United States. We retain your Personal Data collected as reasonably necessary to fulfill the purposes for which we collected it, and to comply with our legal obligations. Personal Data of EEA residents that remains inactive (you do not take any action or are contacted within 1 full year) will be deleted.

The length of time we retain Personal Data collected from you depends on a variety of factors, including the following:

In no event will we keep your Personal Data for longer than is strictly necessary for the purposes defined in this Notice. For more information on where and how long your Personal Data is stored, please contact our Data Privacy Officer at the address or phone number listed below, in Section IX.

VII.  YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA 

A. Opting Out: 
You can make the following choices regarding your personal information:

Promotional and Other Emails. You may choose, during the account registration processes on one of our websites, or otherwise, to provide us with your email address for the purpose of allowing us to send newsletters, surveys, offers, and other materials related to our services. You can stop receiving these emails by sending a request to the email address in the Contact Us section below. If you decide not to receive these emails, we may still send you communications related to your current or former membership.

Behavioral Advertising. Our services may use behavioral advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our websites so that they can provide advertising about products and services tailored to your interests. That advertising may appear either on our website, or on other websites not operated by us. If you do not want third parties to collect information about your use of our services, you can opt-out of such at the Digital Advertising Alliance in the US, the Digital Advertising Alliance of Canada in Canada, or the European Digital Advertising Alliance in Europe.

PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING SERVICES. IT WILL, HOWEVER, EXCLUDE YOU FROM INTEREST-BASED ADVERTISING CONDUCTED THROUGH PARTICIPATING NETWORKS, AS PROVIDED BY THEIR POLICIES AND CHOICE MECHANISMS.

Analytics. Many analytics providers allow end-users to opt out of the retention of their information, including our third-party analytics providers. Please note that, typically, unless you create an account with the analytics provider, your choice to opt out applies only to the device from which you make the request, because the providers use cookies on that device to recognize your choice. If you get a new device, install a new web browser, update your browser, or otherwise erase/alter your browser cookie files you may clear the opt-out cookie.

You may learn more about the use of information by and opting-out of analytics from our third-party provider, Google, by visiting its opt-out page at the following links:
www.google.com/policies/privacy/partners/
https://tools.google.com/dlpage/gaoptout

B.  Specific Privacy Rights: 
You have the rights provided under the laws applicable to where you live. Additionally, you can ask us questions about the Personal Data that we have relating to you, ask us to correct any of that Personal Data if it is wrong and you can verify that with us. 

If you are a resident of one of these specific jurisdictions, please visit the correspondence Appendix to learn about your additional, specific privacy rights:
                California Residents –                    Appendix A
                Colorado Residents –                     Appendix B
                Connecticut Residents –                Appendix C
                Nevada Residents –                       Appendix D
                Utah Residents –                            Appendix E
                Virginia Residents –                       Appendix F

VIII. SECURITY OF YOUR INFORMATION 

To help protect the privacy of your Personal Data collected by us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your Personal Data to those employees who need to know that information to provide the Services. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of personal data processed by the services.  We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
Unfortunately, the transmission of information via the internet is not completely secure. Although We do our best to protect your personal information, We cannot guarantee the security of your personal information transmitted to Our Site. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.

To contact our Privacy Officer: 
By Webform:
www.buildwithin.com/consumer-request-form

By Email:
Privacy@BuildWithin.com

X.     A NOTE ABOUT CHILDREN 

We do not intentionally gather Personal Data from visitors who are under the age of 13 through our Platform. If a child under 13 submits Personal Data to Us and we learn that the Personal Data is the information of a child under 13, we will attempt to delete the information as soon as possible. If you believe that we might have any Personal Data from a child under 13, please contact us at Privacy@BuildWithin.com.

XI.    DEFINITIONS 

Words that are capitalized in this Notice have the following meanings:

 “Client” means a customer of BuildWithin, who engages the Company, among other things, to use the Company services and platform.

EU” means the European Union, and “EEA” means the European Economic Area, which includes the EU plus Iceland, Liechtenstein and Norway; for purposes of this Notice, any reference to the EEA will also include Switzerland and the United Kingdom, even though they not a member of either the EU or the EEA. 

GDPR” means the General Data Protection Regulation, which is the EU regulation that governs the protection of the Personal Data of EEA residents and balances that protection against the free movement of that Data. 

Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person (“Data Subject” or “Consumer”); an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data includes “Special Categories of Personal Data”.

Processing” means any activity that involves the use of Personal Data.  It includes obtaining, recording or holding the Data, or carrying out any operation or set of operations on it including organizing, amending, retrieving, using, disclosing, erasing or destroying it. 

Processor” also means us, or any other natural or legal person (including corporations, partnerships or other business entities) which, acting alone or jointly with others, Processes Personal Data for a controller or a party with whom you deal directly and is primarily responsible for the security of your Data and your privacy rights. 

Services” means collectively the BuildWithin platform (“Platform”) and related services.

Special Categories of Personal Data” includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Capitalized terms not defined in this section or elsewhere in this Policy have the meaning as defined in our Terms of Use.

XII.  Changes and updates to the Privacy Notice 

As our Company, membership and Services may change from time to time, this Privacy Notice is expected to change as well. We reserve the right to amend the Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice at this Site. We may choose to e-mail periodic reminders of our notices and terms of use, but you should check our Site frequently to see the current Privacy Notice and Terms of Use that are in effect and any changes that may have been made to them.

Last Updated: October 30, 2022

Appendix A – CALIFORNIA PRIVACY NOTICE 

If you are a Client located in California, we process your personal information in accordance with the California Consumer Privacy Act (“CCPA”) and California’s Shine the Light Law (“STL”) to the extent applicable. This section provides additional details about the personal information we collect and use for purposes of the CCPA.

A. Categories of Information We Collect About You 
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("Personal Information"). Personal information does not include: publicly available information from government records, or deidentified or aggregated consumer information.

In particular, we have collected the following categories of Personal Information from Clients within the last twelve (12) months:

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Some personal information included in this category may overlap with other categories.

YES

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

YES

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

YES

G. Geolocation data.

Physical location or movements.

YES

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

NO

I. Professional or employment-related information.

Current or past job history or performance evaluations.

YES

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

YES

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES

L. Sensitive Personal Information

Social security number; racial or ethnic origin.

NO


See
How we collect your information for the categories of sources from which we collect the above categories of Personal Information. 

B.
Use of Personal Information 
See How we use your information and the Legal Basis for sharing it 

C.
Sharing or Selling Personal Information 
We may share your Personal Information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the Personal Information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Company has disclosed Personal Information for a business purpose to the categories of third parties indicated in the chart below.

We do not and in the preceding twelve (12) months, Company has not sold Personal Information for monetary consideration.

Personal Information Category

Category of Third-Party Recipients

Business Purpose Disclosures / Sharing
        

BLANK

Personal Information Category

A. Identifiers.

•  Internet service providers.
•  Data analytic providers.
•  Government entities.
•  Operating systems and platforms.
•  Social networks.
•  Data brokers or aggregators.
•  Service providers.
•  Affiliates.
•  Partners.
•  Parent or subsidiary organizations.
•  Internet cookie data recipients, like Google Analytics.

None

B: California Customer Records personal information categories.

•  Internet service providers.
•  Data analytic providers.
•  Government entities.
•  Operating systems and platforms.
•  Social networks.
•  Data brokers or aggregators.
•  Service providers.
•  Affiliates.
•  Partners.
•  Parent or subsidiary organizations.
•  Internet cookie data recipients, like Google Analytics.

None

C: Protected classification characteristics under California or federal law.

•  Internet service providers.
•  Data analytic providers.
•  Government entities.
•  Operating systems and platforms.
•  Social networks.
•  Data brokers or aggregators.
•  Service providers.
•  Affiliates.
•  Partners.
•  Parent or subsidiary organizations.
•  Internet cookie data recipients, like Google Analytics.

None

D: Commercial information.

•  Internet service providers.
•  Data analytic providers.
•  Government entities.
•  Operating systems and platforms.
•  Social networks.
•  Data brokers or aggregators.
•  Service providers.
•  Affiliates.
•  Partners.
•  Parent or subsidiary organizations.
•  Internet cookie data recipients, like Google Analytics.

None

E: Biometric information.

None

None

F: Internet or other similar network activity.

•  Internet service providers.
•  Data analytic providers.
•  Government entities.
•  Operating systems and platforms.
•  Social networks.
•  Data brokers or aggregators.
•  Service providers.
•  Affiliates.
•  Partners.
•  Parent or subsidiary organizations.
•  Internet cookie data recipients, like Google Analytics.

None

G: Geolocation data.

•  Internet service providers.
•  Data analytic providers.
•  Government entities.
•  Operating systems and platforms.
•  Social networks.
•  Data brokers or aggregators.
•  Service providers.
•  Affiliates.
•  Partners.
•  Parent or subsidiary organizations.
•  Internet cookie data recipients, like Google Analytics.

None

H: Sensory data.

None

None

I: Professional or employment-related information.

•  Internet service providers.
•  Data analytic providers.
•  Government entities.
•  Operating systems and platforms.
•  Social networks.
•  Data brokers or aggregators.
•  Service providers.
•  Affiliates.
•  Partners.
•  Parent or subsidiary organizations.
•  Internet cookie data recipients, like Google Analytics.

None

J: Non-public education information.

•  Internet service providers.
•  Data analytic providers.
•  Government entities.
•  Operating systems and platforms.
•  Social networks.
•  Data brokers or aggregators.
•  Service providers.
•  Affiliates.
•  Partners.
•  Parent or subsidiary organizations.
•  Internet cookie data recipients, like Google Analytics.

None

K: Inferences drawn from other personal information.

•  Internet service providers.
•  Data analytic providers.
•  Government entities.
•  Operating systems and platforms.
•  Social networks.
•  Data brokers or aggregators.
•  Service providers.
•  Affiliates.
•  Partners.
•  Parent or subsidiary organizations.
•  Internet cookie data recipients, like Google Analytics.

None

L: Sensitive Personal Information.

None

None


D. Your Rights and Choices under the CCPA and STL 
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

1. Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the "right to know"). Once we receive your request and confirm your identity, we will disclose to you:

If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:

2. Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action. 

Under the STL, you may also request information about whether we have disclosed personal information to any third-parties for the third-parties’ direct marketing purposes.

3. Right to Correct
Subject to the exceptions set out below, and upon your submission of a verifiable request, you have the right to correct any inaccurate personal information in our records, and to have us direct our service providers, contractors and third parties to correct any inaccurate personal information from their records.

If we cannot verify your identity pursuant to the CCPA and its regulations, we may deny a request to correct.  In such event, we shall inform you that your identity cannot be verified.

In determining the accuracy of the personal information that is the subject of your request to correct, we shall consider the totality of the circumstances relating to the contested personal information. We may deny your request to correct if we determine that the contested personal information is more likely than not accurate based on the totality of the circumstances.

4. Exercising Your Rights to Know, Delete or Correct
To exercise your rights to know, delete or correct described above, please submit your request in one of the following matters:

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. You may only submit a request to know twice within a 12-month period. 

Your request to know, delete or correct must:

In order to verify your request, we may need you to provide us with enough information to identify you (e.g., your full name, address, and customer or matter reference number), proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill), and a description of what right you wish to exercise along with any information to which your requests relates. If feasible, we will match the identifying information provided by you with the Personal Information that we already maintain about you.

You may designate an authorized agent to make a request under the CCPA on your behalf. In order to fulfill your request to know, delete or correct submitted by an authorized agent, you must provide the authorized agent written permission to do so, and we may require that you verify your own identity with us directly or provide us with a copy of the written permission given.

We reserve our right not to grant a consumer request if we cannot verify that the person making the request is the person about whom we have collected information, or someone authorized to act on such person’s behalf. You may only make a request to access or receive copies of personal information twice within a 12-month period. Any Personal Information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

5. Response Timing and Format
We will confirm receipt of your request within ten (10) business days. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. 

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request, or from January 1, 2022 – at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

6.Your Right to Opt-Out of the Sharing of Personal Information
We may disclose your personal information to third parties for cross-context behavioral advertising purposes (“Share” or “Sharing”).  You have the right to opt-out of the Sharing of your personal information and you may exercise your right by clicking the following link: www.buildwithin.com/do-not-sell-or-share. If you exercise your right to opt-out of the Sharing of your personal information, we would refrain from Sharing your Personal Information, unless you subsequently provide express authorization for the sharing of your Personal Information.

7. Your Right to Opt-Out of the Sale of Personal Information
We may disclose your personal information to third parties in exchange for monetary or other consideration. Such disclosures are considered to be “Sales” under the CCPA. You have the right to opt-out of the Sale of your Personal Information and you may exercise your right by clicking on the following link: www.buildwithin.com/do-not-sell-or-share. If you exercise your right to opt-out of the Sale of your personal information, we would refrain from Selling your Personal Information, unless you subsequently provide express authorization for the Sale of your Personal Information.

8. Your Right to Opt-Out by Using Opt-Out Preference Signals
We will process any opt-out preference signal that (a) is in a format commonly used and recognized by businesses (for example, in an HTTP header field) and (b) is sent from a platform, technology, or mechanism that makes it clear to the consumer, whether in its configuration or in disclosures to the public, that the use of the signal is meant to have the effect of opting the consumer out of the sale and sharing of their personal information (“Opt-Out Preference Signal”).  We shall treat the Opt-Out Preference Signal as a valid request to opt-out of the sale or sharing of personal information for your browser or device, and, if known, for you.

If the opt-out preference signal conflicts with other privacy settings that you have submitted to us, we will process the opt-out preference signal but may notify you of the conflict and provide you with the opportunity to consent to the sale or sharing of your personal information. 

If the Opt-Out Preference Signal conflicts with your participation in a financial incentive program, we shall notify you of the conflict and request your affirmation that you intend to withdraw from the financial incentive program.  If you affirm your intent to withdraw we shall process the Opt-Out Preference Signal.  If you do not affirm your intent to withdraw, we will not process the Opt-Out Preference Signal.

9. Your Right to Limit the Use or Disclosure of “Sensitive” Personal Information
We may collect your driver’s license, state identification card or passport number in order for us to verify your identity.  We collect your account log-in and password for your account with us. We do not collect your financial account, debit card or credit card account number when you purchase goods from us but we do not collect such information in combination with any required security or access code, password, or credentials allowing access to your account. We do not collect information that reveals your precise geolocation, your racial or ethnic origin, religious or philosophical beliefs or union membership, the contents of your mail, email or text messages unless we are the intended recipient or your genetic data. We do not process biometric information for the purpose of identifying you or collect and analyze information concerning your health, sex life or sexual orientation.

Please note that We can use sensitive personal information for the following purposes, and you do not have the right to limit the use and disclosure of sensitive personal information being used in the following ways:

          (1)  To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services. 

          (2)  To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information, provided that the use of the consumer’s personal information is reasonably necessary and proportionate for this purpose. 

          (3)  To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions, provided that the use of the consumer’s personal information is reasonably necessary and proportionate for this purpose. 

          (4)  To ensure the physical safety of natural persons, provided that the use of the consumer’s personal information is reasonably necessary and proportionate for this purpose. 

          (5)  For short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the business, provided that the personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business. 

          (6)  To perform services on behalf of the business, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business. 

          (7)  To verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the business.

We use your “sensitive” personal information only to the extent that it is necessary to provide our goods and perform our services as reasonably expected by you. If we were to use your “sensitive” personal information other than is necessary to provide our goods and perform our services, you would have the right to limit our use or disclosure of your “sensitive” personal information to that which is necessary to provide our goods and services to you.

10.  Children’s Right to Opt-In to the Sale of Personal Information
We do not knowingly collect or sell the personal information of minors under 16 years of age without affirmative authorization. For minors who wish to opt-in to the sale of their personal information, we have established the following processes:

Minors between 13 and 16 years of age:
In the case of consumers between 13 and 16 years of age, we require the consumer to affirmatively authorize the sale of the consumer’s personal information.  In order to opt-in minors in this age range, as part of the account registration process for our products which may be targeted toward minors, we require the consumer or consumer’s parent or guardian to verify the consumer’s identity by providing at least two data points with data points maintained by the business, which we have determined to be reliable for the purpose of verifying the consumer.

Minors under 13 years of age:
In the case of consumers who are less than 13 years of age, we require the consumer’s parent to affirmatively authorize the sale of the consumer’s personal information. In order to opt-in minors in this age range, as part of the account registration process for our products which may be targeted toward minors, we require that the consumer’s parent or guardian verify the consumer’s identity, which we have determined to be reliable for the purpose of verifying the consumer.

We reserve the right to require additional information or not complete your request if we cannot verify your identity. If you are a parent or guardian seeking to opt-out on behalf of their child, please email us at Privacy@BuildWithin.com with the subject “Minor Opt-Out.”

Minor’s Right to Remove Posted Content:

If you are a California resident under the age of 18, and a registered user of any website where this Policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information that you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to Privacy@BuildWithin.com with the subject “Privacy Rights for Minors.”  Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

E. Non-Discrimination 
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; nor suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

APPENDIX B: COLORADO PRIVACY RIGHTS NOTICE
This Section provides additional information to Colorado residents at the time their personal information is collected by Us.Colorado residents have the following specific rights with respect to their personal data:

To exercise your rights, you must submit a verifiable consumer request to Us by either:

  1. Using our webform here;
  2. Calling the following toll-free number: 1(888)598-8508 or
  3. Emailing the Company at: Privacy@BuildWithin.com

APPENDIX C: CONNECTICUT PRIVACY RIGHTS NOTICE
This Section provides additional information to Connecticut residents at the time their personal information is collected by Us.
Connecticut residents have the following specific rights with respect to their personal data:

To exercise your rights, you must submit a verifiable consumer request to Us by:

  1. Using our webform here;
  2. Calling the following toll-free number: 1(888)598-8508 or
  3. Emailing the Company at: Privacy@BuildWithin.com

APPENDIX D: NEVADA PRIVACY RIGHTS NOTICE
Under Nevada Revised Statues Section 603A., et. seq., residents of Nevada have certain rights with respect to the personal information that we collect on this website.

  1. The categories of personal information that we collect and the categories of third parties with whom we share personal information are described in the chart in the above Appendix A. California Privacy Rights Notice.
  2. You may review and request changes to the personal information that we collect or process on this website by sending an e-mail to Privacy@BuildWithin.com
  3. Any material changes to this notice shall be posted in this Appendix D to this Policy.
  4. When you use our websites, we may share personal information about your online activities over time and across different internet sites or online services with third parties.

APPENDIX E: UTAH PRIVACY RIGHTS NOTICE 
This Section provides additional information to Utah residents at the time their personal information is collected by Us.
Utah residents have the following specific rights with respect to their personal data:

To exercise your rights, you must submit a verifiable consumer request to Us by:

  1. Using our webform here;
  2. Calling the following toll-free number: 1(888)598-8508 or
  3. Emailing the Company at: Privacy@BuildWithin.com

APPENDIX F: VIRGINIA PRIVACY RIGHTS NOTICE This Section provides additional information to Virginia residents at the time their personal information is collected by Us.Virginia residents have the following specific rights with respect to their personal data:

A Virginia consumer may invoke theses consumer rights at any time by submitting an authenticated request to the Company specifying the consumer rights the consumer wishes to invoke. A known child's parent or legal guardian may invoke such consumer rights on behalf of a child.

To exercise your rights, you must submit a verifiable consumer request to Us by either:

  1. Using our web form here:
  2. Calling the following toll-free number: 1(888)598-8508 or
  3. Emailing the Company at: Privacy@BuildWithin.com

Copyright © 2022 BuildWithin, Inc.  All rights reserved.