Privacy Notice Pursuant to California Consumer Privacy Act
We adopt this Privacy Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this Privacy Notice. Accordingly, Personal Information for purposes of this notice is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Special Note: The Sites are general audience sites and are not designed or intended to target children younger than 16. We do not knowingly target or collect personal information from any person younger than 16.
What Information Do We Collect and Disclose?
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, job applicant, employee or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
A. Personal Information and Identifiers.
Real name, postal address, email address, telephone numbers, account name, signature, social security number, driver’s license or state identification card number, passport number or other similar information, physical characteristics or description, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
B. Protected Class Information
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
C. Commercial Information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
D. Biometric Information.
An individual’s physiological, biological or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
E. Internet and Network Information.
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
F. Geolocation Information.
Physical location or movements.
G. Sensory Information.
Audio, electronic, visual, thermal, olfactory, or similar information.
H. Employment Information.
Current or past job history or performance evaluations.
I. Non-Public Education Information
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
J. Profile Information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal information does not include: (1) publicly available information from government records; (2) de-identified or aggregated consumer information; or (3) information excluded from the CCPA’s scope, such as: (i) health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and (ii) personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
How Do We Collect Information?
We obtain the categories of personal information listed above from the following categories of sources:
- From you through information you submit to us or input onto the Sites or through passive means, such as website cookies.
- From third parties, including our customers, service providers and vendors, auditors, advisors and government authorities, as applicable and necessary.
- Directly or indirectly from our clients or their agents. For example, from documents that our clients provide to us related to the Services for which they engage us, or information we collect from our clients in the course of providing Services to them.
How Do We Collect Information From Other Third Parties?
How and Where Do We Process and Store Data?
Methods of Processing. The data processing is carried out in accordance with our privacy procedures and policies and using computers and/or related software and IT tools. In some cases, the data may be accessible to certain types of (i) internal parties in charge or involved with the operation of our Sites and Services (i.e., administration, legal, sales and marketing, etc.) or (ii) external parties who assist us in providing, operating, and maintaining our Sites and Services, (i.e., third-party technical service providers, mail carriers, hosting providers, communications agencies). Still, we notify both internal and external parties of this Privacy Notice and require that internal parties (through employment agreements and related employment policies) and external parties (through written agreements) keep and maintain the data in accordance with the safeguards described in this Privacy Notice and related policies and procedures.
Third-Party Processing. We assess and review each of our third-party processers to ensure that they are in compliance with this Privacy Notice.
Why Do We Collect and Process Information?
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information has been provided.
- To provide you with information or Services that you request from us.
- To provide you with email alerts, event registrations and other notices concerning our Services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To improve our Sites and Services and present its contents to you.
- For testing, research, analysis and product development.
- As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Do We Share Information With Third Parties?
Yes. We may disclose your personal information to a third-party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
Do We Sell Your Information?
We do not sell any personal information, and specifically have no actual knowledge that we sell the personal information of minors under 16 years of age.
How Do We Protect Personal Data?
We protect data using administrative, technical, and physical safeguards. When we use third-party service providers, we ask those providers to implement similar safeguards. However, we cannot guaranty that your information is completely secure either within our company or on the systems of third-party service providers.
How Long Do We Keep Your Personal Data?
We retain personal data we collect from you when we have an ongoing legitimate business need to do so (e.g., to provide you with the Services you have requested or to comply with applicable legal requirements). When we no longer have an ongoing legitimate business need to process your personal information, we will physically destroy, delete or anonymize it or, if this is not possible, then we will securely store your personal data and isolate it from any further processing until deletion is possible.
What Are Your California Consumer Rights?
If you are a California resident and are engaged in a direct business relationship with the Company as a consumer for provision of the Company’s Sites or Services, you may have the following rights:
- Right to Know. You may request that we provide to you specific pieces of personal information and categories of personal information that we have collected for the 12 month period preceding your request, such as (i) the categories of personal information we collected about you; (ii) the categories of sources from which we collected such personal information; (iii) the purposes for collecting your personal information; and (iv) the categories of third parties with access to your personal information, if any.
Though you may request specific pieces of your personal information that we have collected, we may not provide the following information in order to protect the security of such information: social security numbers, driver’s license or other state or government issued identification numbers, bank account numbers or other financial information, any health insurance or medical identification numbers or related information, account passwords or security questions and answers.
- Right to Request Deletion. Under certain, limited circumstances, you may request that we delete personal information that we have collected from you or maintain about you. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide the Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Right to Opt-Out of Sale of Personal Information. We do not sell information as defined in the CCPA.
- Right to Non-Discrimination. We will not discriminate against any consumer who has chosen to exercise their rights under the CCPA. By way of example, we will not deny you the Services to or charge you different prices/rates for the Services, or provide you a different level of quality of service.
How do I Submit a Verifiable Consumer Request?
If you are a California resident and are engaged in a direct business relationship with the Company as a consumer for provision of the Company’s Sites or Services, you may make submit Verifiable Consumer Request pertaining to the rights described above by contacting us at the contact information listed below, or by clicking here for a Request for Disclosure, and sending or emailing it to the email address or mailing address listed below:
CORSO Commerce, LLC
Physical address: 640 E 700 S, STE 206. St. George, Ut 84770
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you are an authorized agent, you may click here for instructions on how to make a request on a consumer’s behalf.
PLEASE NOTE THAT YOUR REQUEST WILL NOT BE PROCESSED UNTIL YOUR IDENTITY HAS BEEN VERIFIED. ONCE YOUR IDENTITY HAS BEEN VERIFIED, YOUR REQUEST WILL BE PROCESSED IN ACCORDANCE WITH THE CCPA. WE WILL PROVIDE ADDITIONAL DETAILS AND DIRECTIONS ON IDENTITY VERIFICATION, AND AS APPROPRIATE, UPON RECEIVING YOUR REQUEST.
Once we have verified your identity, we will respond to your request within 45 days. If we require more time (up to an additional 90 days), will notify you in writing of the reason and the extension period. We will deliver our written response by the means you indicate in the verifiable consumer request.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Changes to Our Privacy Notice
We reserve the right to amend this CCPA Privacy Notice at our discretion and at any time. When we make changes to this Privacy Notice, we will notify you by email or through a Privacy Notice on our Sites.
Email: [email protected]
Mailing: 640 E 700 S, STE 206. St. George, Ut 84770