CODEFUEL

PRIVACY POLICY

[Last Modified: July 18, 2023]

This privacy policy ("Privacy Policy" or "Policy") describes how CodeFuel Ltd. D/B/A Codefuel, part of the Perion Network Ltd. Group (" Perion Group"), and any of its affiliated companies which are part of the Perion Group ("CodeFuel", "we", " us", or "our"), collect and process certain information received when we provide our services, through our web-apps, mobile apps, desktop-apps, web-pages, platform, software, extensions and other properties ("Properties" and collectively with the services shall be referred herein as "Services") to our direct or indirect users, customers, all as detailed below.

  1. POLICY AMENDMENTS:
    We evaluate this Privacy Policy and procedures to implement improvements and refinements from time to time. We will review and update this Privacy Policy as necessary at least every 12 months. The most recent version of this Privacy Policy will always be posted on the website. The updated date of the Policy will be reflected in the "Last Modified" heading. We will provide notice if these changes are material and, where required by applicable law; we will obtain your consent. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.
  2. INTRODUCTION:

    This Privacy Policy describes CodeFuel information collection and use while (i) direct users install and use our apps (web-apps, desktop apps and mobile apps, as applicable), or when they browse and view our websites, search portals, or otherwise any content published or made available by us; or (ii) when indirect users interact with the Service through a Partners' app, software or web-page.

    A "Partner" is a business that embeds our feed, content or ads within their app, in which we collect certain information on the partner and also on the users interacting with the Services through such Partner (i.e., indirect customer).

    We understand how important it is to keep such users' Personal Data (as defined below, we have designed this Privacy Policy in a format that is easy to navigate and read so that our privacy practices can be clearly understood.

  3. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:

    CodeFuel Ltd. is part of the Perion Network Ltd. Group, and is incorporated under the laws of the State of Israel. CodeFuel is the controller of the Personal Data listed below, unless otherwise stated.

    For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact our privacy team as follows:

    Data Protection Officer: privacy@codefuel.com.

    CodeFuel Ltd.,
    26 HaRokmim Street, Azrieli Center, Building A, 4th Floor
    Holon 5885849, Israel

    Data Protection Representative for Data Subjects in the EU and UK:

    We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.

    Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/11106546394.

    Attn: Andreas Mätzler

    Email: rep_perion@prighter.com.

  4. DATA SETS WE COLLECT AND FOR WHAT PURPOSE:

    We may collect two types of information from you, depending on your interaction with us.

    The first type of information is non-identifiable and anonymous information ("Non-Personal Data"). We are not aware of the identity of the individual from who we have collected the Non-Personal Data. Non-Personal Data which is being gathered consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, your action in the website or Services (such as session duration).

    The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual ("Personal Data" or "Personal Information" as term may be applicable each data protection law).

    For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

    The table below details the types of Personal Data we process, the purpose, lawful basis, and our processing operations:

    DATA SETPURPOSE AND OPERATIONSLAWFUL BASIS
    Online Identifiers:
    When you access and interact with our Services, we collect certain online identifiers such as IP address, device ID, device type and carrier name, advertising ID or similar unique online identifiers ("Online Identifiers"). Once or during the installation we will also know of other software you might have on the device.
    We process your Online Identifiers to extract country level location, for reporting purposes (i.e., identify complete installs of our apps or our Partners' apps), to know when and how the Services were accessed, analytic purposes and marketing purposes if we combine the identifier with additional information. In addition, we process such data for operation, security and fraud prevention purposes. Where we collect your Online Identifiers for analytic, security and performance purposes, we process the data based on our legitimate interest in providing the Services or researching on how to improve it. We balance those needs with the users right to establish the legitimate interest claim and provide applicable disclosures.
    Contact Information:
    If you voluntarily contact us for support or other inquiries, you may be required to provide us with certain information such as your name, email address, organization name, etc. ("Contact Information").

    We collect your Contact Information to provide you with the support you requested or to respond to your inquiry.

    The correspondence with you may be processed and stored by us in order to improve our customer service and in the event, we believe it is required to continue to store it, for example, in the event of any claims or in order to provide you with any further assistance (if applicable).

    We process your Contact Information subject to our legitimate interest.

    If we deem necessary, following a legal obligation or to defend our claims, we may store such correspondence for a longer period.

    Usage Data:
    We collect certain information regarding your use and interaction with our Services, including button clicks, search queries, time and date of each search query, search terms and browsing history. In addition, when you view ads served by us or have other interaction with ads served by us, we may collect information about your interaction with such ads, for example, information that you have viewed or clicked an ad ("Usage Data").

    We use your Usage Data to understand how our Services are used, so that we can improve it.

    We also use your Usage Data and to enhance the Service, make sure you receive accurate result.

    We also use the Usage Data to engage you, make sure you enjoy the features and provide you with additional features.

    based on our legitimate interest in providing the Services or researching on how to improve it.

    We use various technologies to collect and store the data sets listed above, including cookies, pixel tags, local storage, databases and server logs. We use different technologies to process your information, for the purposes listed above. We use systems that analyze your activity to provide you with customized search results, personalized ads, or other features tailored to how you use our services. We analyze your activity also to detect abuse such as spam, malware, and illegal content.

    Therefore, the actual processing operation per each purpose of use and lawful basis detailed in the table above, may differ. Such processing operation usually includes set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure or destruction.

    In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services and to enforce our policies and agreements, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.

  5. HOW WE COLLECT YOUR INFORMATION:
    Depending on the nature of your interaction with the Services, or any service provided by us or our Partners, we may collect information either automatically or voluntarily provided by you. Automatic collection of information is usually made through the use of cookies, pixel tags, local storage, databases, and server logs, and voluntarily information is provided when you contact us, type in a search term, etc.
  6. COOKIES AND SIMILAR TRACKING TECHNOLOGIES:

    When you interact and use our Services, we, or our Partners, place "cookies" and similar tracking technologies such as Software Developer Kits ('SDKs'), pixels or web beacons, that collect certain information about your use and interaction with the Properties and Services and use this information for the operation and functionality of the Services as well as for analytics and marketing purposes, all as detailed in the table above. You can find more information about cookies at www.allaboutcookies.org. Currently, we use the following Cookies and SDKs:

    CookiePurposePrivacy PolicyOpt-out
    Google AnalyticAnalytical and Performancewww.google.com/policies/privacy/partners

    https://policies.google.com/technologies/managing?hl=en

    https://tools.google.com/dlpage/gaoptout/

    For additional information regarding our use of Google products, click here.

    BingProvide the Search results.Microsoft privacy policy is available HEREhttps://about.ads.microsoft.com/en-us/resources/policies/personalized-ads
    YahooProvide the SERPOath privacy policy is available HEREhttps://legal.yahoo.com/xw/en/yahoo/privacy/optout/index.html
  7. DATA SHARING - CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:

    We share your Personal Data with third parties, including with business partners or service providers that help us provide our Services. You can find here information about the categories of such third-party recipients.

    CATEGORY OF RECIPIENTDATA THAT WILL BE SHAREDPURPOSE OF SHARING

    Search feed provider ("Search Partner").

    Our current Search Partners are Microsoft and Oath.
    Online Identifiers, and Usage Data.

    We share the search terms so that the search partner can display through its search page.

    Microsoft (Bing): Microsoft privacy policy is available HERE.

    Oath (Yahoo): Oath privacy policy is available HERE.

    Media BuyersOnline IdentifiersIn some cases when we buy media online, we may attach to the campaign a unique identifier. The unique identifier provided to the media owner, may become personally identifiable when such media owner crosses our parameters with its own existed information about an individual.
    Service ProvidersAll types of Personal DataWe may disclose Personal Data to our trusted agents and service providers (including, but not limited to, our Cloud service provider, our analytics service provider, our CRM provider, etc.) so that they can perform requested services on our behalf. Thus, we share your data with third party entities, for the purpose of storing such information on our behalf, or for other processing needs. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services.
    Any Acquirer of Our BusinessAll types of Personal DataWe may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.
    Legal and Law EnforcementSubject to law enforcement authority request.We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

    Where we share information with services provider and agents, we ensure they only have access to such information that is strictly necessary in order for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).

  8. DATA RETENTION:

    In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you will express your preference to opt-out, where applicable.

    The retention periods are determined according to the following criteria:

    1. For as long as it remains necessary in order to achieve the purpose for which the Personal Data was initially processed.
    2. Where we are required to retain Personal Data in accordance with legal, regulatory, tax, or accounting requirement.
    3. Where we deem retention is necessary to obtain an accurate record of your dealings with us in the event of any complaints or challenges.
    4. If we reasonably believe there is a prospect of litigation relating to your Personal Information.
    Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.
  9. SECURITY MEASURES:

    We work hard to protect Personal Data we process from unauthorized access or unauthorized alteration, disclosure or destruction. We have implemented physical, technical and administrative security measures for the Services that comply with applicable laws and industry such as: encryption using SSL, we minimize amount of data that we store on our servers, restrict access to Personal Data to CodeFuel employees, contractors and agents, etc. Note that, we cannot be held responsible for unauthorized or unintended access that is beyond our control, and we make no warranty, express, implied or otherwise, that we will always be able to prevent such access.

    Please contact us at: privacy@codefuel.com if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

  10. INTERNATIONAL DATA TRANSFER:

    Our data servers in which we host and store the information are located in the US. The Company's HQ are based in Israel in which we may access the information stored on such servers or other systems such as the Company's ERP, CRM and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area ("EEA") is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union.

    Additionally, following the withdrawal of the United Kingdom (UK) from the European Union on January 31, 2020, the UK is no longer considered to be a part of the EEA and therefore, the transferring of Personal Data from the EEA to the UK will also be subject to the SCCs or other contractual clauses that will ensure the security of the Personal Data (pending an adequacy decision from the European Commission). Further, the transfer of Personal Data collected within the UK to countries outside the UK, will be provided with sufficient safeguards as required under applicable laws, including pursuant with the UK standard contractual clauses (UK SCCs) as approved by the UK Information Commissioner Office (ICO).

  11. ELIGIBILITY AND CHILDREN PRIVACY
    The Services and Properties are not intended for use by children (the phrase "child" shall mean an individual that is under the age defined by applicable law which with respect to the EEA is under the age of 16 and with respect to the US, under the age of 13) and we do not knowingly process children's information. We will discard any information that we receive from a user that is considered a "child" immediately upon our discovery that such a user shared information with us. Please contact us at: privacy@codefuel.com if you have reason to believe that a child has shared any information with us.
  12. USER RIGHTS

    We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

    In the table below you can review your rights, how you can exercise them, and appeal a decision we take in this regard, any specification per geo-location or territory are available below the table:

    RIGHT TO BE INFORMED, RIGHT TO KNOWYou have the right to confirm whether we collect Personal Data or Personal Information about you, if you wish to know if we collect Personal Data about you, please review this Privacy Policy.
    ACCESS RIGHTSYou further have the right to know which Personal Data we specifically hold about you, and receive a copy of such or access it, if you wish to receive a copy of the Personal Data, please submit a DSR as available here.
    RIGHT TO CORRECTIONYou have the right to correct inaccuracies in your Personal Information, or Personal Data, taking into account the nature of the processing and the purposes. Please submit a DSR as available here.
    RIGHT TO BE FORGOTTEN, RIGHT TO DELETIONIn certain circumstances, you have the right to delete the Personal Data or Personal Information we hold about you. You do not need to create an account with us to submit a request to know or delete. Please submit a DSR as available here.
    RIGHT TO PORTABILITYYou have the right to obtain the personal data Personal Data or Personal Information in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. We will select the format in which we provide your copy. If you wish to exercise this right please submit our DSR as available here.

    RIGHT TO OPT OUT UNDER THE EU, AND SPECIFICALLY IN THE US THE RIGHT TO OPT OUT FROM:

    (I) SELLING PERSONAL DATA;

    (II) RIGHT TO OPT OUT FROM TARGETED ADVERTISING; AND

    (III) RIGHT TO OPT OUT FROM PROFILING AND AUTOMATED DECISION MAKING

    You have the right to opt-out from direct marketing, if applicable, by unsubscribing through the email received.

    If and to the extent applicable to, you have the right to opt out of the sale of your Personal Data, or Personal Information, for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer.

    You may authorize another person acting on your behalf to opt out (including by technical tools and opt out signals).

    We do "sell" and "share" your Personal Information for analytic and marketing purposes by using cookies and SDKs. You have the right to opt-out from such "selling" by clicking the "do not sell or share my personal information" button available within our the Partners' apps, or software, through device settings (opt-out from tracking AAID, ADID, please see the following for information applicable to all devices: https://thenai.org/opt-out/mobile-opt-out/), or by using Self-Regulatory Program for Online Behavioral Advertising such as:

    Last, you are able to install privacy-controls in the browser's settings to automatically signal the opt-out preference to all websites you visit (like the "Global Privacy Control"). We honor the Global Privacy Control, where applicable, subject to your jurisdiction, as a valid request to opt-out of the sharing of information linked to your browser.

    You can opt out from sharing or selling data with Search Partners here:

    https://about.ads.microsoft.com/en-us/resources/policies/personalized-ads

    https://legal.yahoo.com/xw/en/yahoo/privacy/optout/index.html

    In any event, please keep in mind, opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID. Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again. You can read more about targeted adverting and take additional steps to control targeted advertising from many ad networks and exchanges by visiting the Digital Advertising Alliance (www.optout.aboutads.info). As online environments continue to evolve, additional opt-out mechanisms or privacy settings may become available to you. We encourage you to review the information on opt-outs and settings that browser owners, device manufacturers, technology companies, and industry associations make available to you.

    RIGHT TO APPEAL OR COMPLAINTIf we decline to take action on your request, we shall so inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Under the EU you have the right to lodge a complaint with the supervisor authority or the Information Commissioner in the UK.
    NON-DISCRIMINATIONSuch discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate our users.
  13. JURISDICTION-SPECIFIC NOTICES:
    1. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

      This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 ("CCPA") effective November 2020, and as amended by the CPRA, effective January 1, 2023.

      Please see the CCPA Privacy Notice, available here, which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom we share the personal information for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

    2. ADDITIONAL INFORMATION FOR COLORADO RESIDENTS

      This section applies to Colorado residents acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context). Pursuant to the Colorado Privacy Act ("CPA") please see below the disclosure of the categories of Personal Data that are collected or processed, the purposes, how consumers can exercise their rights, and appeal such decision, categories of third-parties the controller shares or sells the personal data, or sells the personal data for advertising and how to opt-out.

      "Personal Data" as defined in the CPA means information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- "Confidentiality Of Substance Use Disorder Patient Records", Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver's Privacy Protection Act of 1994, Children's Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

      "Sensitive Data" include (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data.

      Under CPA, CodeFuel needs to provide a privacy notice that identifies the categories of Personal Data that are collected or processed, the purposes, how consumers can exercise their rights, and appeal such decision, categories of third-parties the controller shares or sells the personal data, or sells the personal data for advertising and how to opt-out.

      In Section 4 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 7 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 12 to this Privacy Policy details and discloses your rights and Personal Data shared or sold for targeted advertising.

      Only you, or someone legally authorized to act on your behalf, may make a request to know or delete your Personal Data. If the request is submitted by someone other than you, proof of authorization (such as power of attorney or probate documents) will be required. The deletion right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) complete the transaction for which we collected the Personal Data or Personal Information, provide the service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you; (2) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) debug products to identify and repair errors that impair existing intended functionality; (4) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) comply with the law or legal obligation; (6) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent; (7) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action.

      We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at Privacy@codefuel.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/

      If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

      Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

    3. ADDITIONAL INFORMATION FOR CONNECTICUT RESIDENTS

      Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the "CDPA") if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.

      "Personal Data" means any information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CDPA scope, such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

      "Sensitive Data" means data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, citizenship, or immigration status; The processing of genetic or biometric data for the purpose of uniquely identifying an individual; Personal data collected from a known child; Precise geolocation data. In certain cases, we will process precise geolocations data if you explicitly enable the GPS permission within our Properties.

      Under CDPA, CodeFuel is required to provide you with a clear and accessible privacy notice that includes: categories of Personal Data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of Personal Data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.

      In Section 4 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 7 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 12 to this Privacy Policy details and discloses your rights and Personal Data shared or sold for targeted advertising. Note, under CDPA consent can be withdraw within 15-days of notice at any time.

      The deletion right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) complete the transaction for which we collected the Personal Data or Personal Information, provide the service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you; (2) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) debug products to identify and repair errors that impair existing intended functionality; (4) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) comply with the law or legal obligation; (6) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent; (7) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action.

      We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 day response period, together with the reason for the extension.

      If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

      We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

    4. ADDITIONAL INFORMATION FOR VIRGINIA RESIDENTS

      Under the Virginia Consumer Data Protection Act, as amended ("VCDPA") if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.

      "Personal Data" means any information that is linked or reasonably linkable to an identified or identifiable natural person, and does not include publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; Information excluded from the VCDPA scope, such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

      The VCDPA requires CodeFuel to disclose the categories of Personal Data processed, purpose of processing, how you can exercise your rights, including how a you may appeal our decision with regard to the consumer request, the categories of Personal Data shared with third parties and with whom, and if CodeFuel sells Personal Data to third parties or processes Personal Data for targeted advertising.

      In Section 4 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 7 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 12 to this Privacy Policy details and discloses your rights and Personal Data shared or sold for targeted advertising.

      The deletion right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) complete the transaction for which we collected the Personal Data or Personal Information, provide the service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you; (2) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) debug products to identify and repair errors that impair existing intended functionality; (4) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) comply with the law or legal obligation; (6) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent; (7) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action.

      We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacy@codefuel.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.

      If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

      Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

      We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.

    5. ADDITIONAL INFORMATION FOR UTAH RESIDENTS (EFFECTIVE JANUARY 2024)

      Under the Utah Consumer Privacy Act ("UCPA") if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your personal data are described below. "Personal Data" means data which is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data or data that is processed not within the scope of UCPA.

      In Section 4 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 7 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 12 to this Privacy Policy details and discloses your rights and Personal Data shared or sold for targeted advertising. Note, under UCPA, our sharing practices with third-party analytic and advertising tools are not considered a "sale".

  14. THIRD PARTY LINKS
    Our Properties may contain links to other online applications and properties of third parties that are not governed by this Privacy Policy. In the event that you click on these links to third party landing pages or applications, their privacy policy and practices will govern, which may differ from ours, and are not under our control or our responsibility. We advise you to review the applicable privacy policy of these third parties to better understand their privacy practices.